Cloudera Community
Raj_B
user rank
Expert Contributor

Re: NiFi API & "Unable to validate the access toke...

by Expert Contributor in Support Questions
‎04-19-2017 12:11 AM
‎04-19-2017 12:11 AM
@Wynner our sending system pushes messages via TCP/IP and it's real-time, over 100+ messages per minute; ... View more

Re: NiFi API & "Unable to validate the access toke...

by Expert Contributor in Support Questions
‎04-18-2017 07:51 PM
‎04-18-2017 07:51 PM
@Wynner we are actually getting data in passive mode, it's being pushed to NiFi. ... View more

Re: NiFi API & "Unable to validate the access toke...

by Expert Contributor in Support Questions
‎04-18-2017 06:10 PM
‎04-18-2017 06:10 PM
@Wynner thank you for the suggestion, but unfortunately, the load balancer is an enterprise appliance, which is off limits for us to install NiFi on. ... View more

Re: NiFi API & "Unable to validate the access toke...

by Expert Contributor in Support Questions
‎04-18-2017 05:12 PM
‎04-18-2017 05:12 PM
@wynner I'm not able to add comments to the thread above anymore, so I'm commenting here: I was running curl commands from my local system and the NiFi instance is running on a server. I also tried the curl commands against another NiFi instance as well and I'm getting the same errors - either error 400 or the token error. As you suggested, I also logged out of the NiFi UI while running the curl command, but that didn't help either. Not sure what's the problem here. Let me give you a bit of background on what I'm trying to do, maybe you know of other ways to achieve it - from our load balancing appliance, I need a way to check the heartbeat of the nodes in the NiFi cluster, to see which nodes are available to receive data from the load balancer; checking the System Diagnostics end point of the NiFi API is how I am approaching this. Do you have suggestions for accomplishing this differently. Thank you. ... View more

Re: NiFi API & "Unable to validate the access toke...

by Expert Contributor in Support Questions
‎04-17-2017 07:17 PM
‎04-17-2017 07:17 PM
@Wynner thanks again. I tried what you asked, but then it's back to "Unable to validate the access token." error again. I'm finding that when I have two '-H' options, it is giving the "Unable to validate the access token."; when I have just one '-H' option, it is returning the "HTTP ERROR 400... Bad Content-Type"; In the NiFi API documentation for "/flow/about" end point, it says that error 400 refers to Invalid request. Errors 401 and 403 refer to authentication and authorization issues. So, it seems I'm not running against any access policy issues, it's more of a syntax issue with my curl command; would you agree ? ... View more

Re: NiFi API & "Unable to validate the access toke...

by Expert Contributor in Support Questions
‎04-17-2017 06:10 PM
‎04-17-2017 06:10 PM
Hi @Wynner, thanks for helping me out. Following your suggestion, I added the Content-type and --tslv1.2 option, and now I'm getting a different error - Bad Content-Type <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/> <title>Error 400 Bad Content-Type header value: 'text/html; Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJjbj1SUkJvbGxhLG91PURhdGEgTWFuYWdlbWVudCxvdT1QT0Usb3U9UGVvcGxlLGRjPW1kYW5kZXJzb24sZGM9ZWR1IiwiaXNzIjoiTGRhcFByb3ZpZGVyIiwiYXVkIjoiTGRhcFByb3ZpZGVyIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiUlJCb2xsYSIsImtpZCI6MiwiZXhwIjoxNDkyNDQ0NTc3LCJpYXQiOjE0OTI0MzczNzd9.DKoOkdknxMj9lidDYqzkdyTUumh20CrPdFnXHiZRzYk%'</title> </head> <body><h2>HTTP ERROR 400</h2> <p>Problem accessing /nifi-api/flow/history. Reason: <pre> Bad Content-Type header value: 'text/html; Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJjbj1SUkJvbGxhLG91PURhdGEgTWFuYWdlbWVudCxvdT1QT0Usb3U9UGVvcGxlLGRjPW1kYW5kZXJzb24sZGM9ZWR1IiwiaXNzIjoiTGRhcFByb3ZpZGVyIiwiYXVkIjoiTGRhcFByb3ZpZGVyIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiUlJCb2xsYSIsImtpZCI6MiwiZXhwIjoxNDkyNDQ0NTc3LCJpYXQiOjE0OTI0MzczNzd9.DKoOkdknxMj9lidDYqzkdyTUumh20CrPdFnXHiZRzYk%'</pre></p><hr><a href="http://eclipse.org/jetty">Powered by Jetty:// 9.3.9.v20160517</a><hr/> </body> </html> Here is my 2nd curl command: curl 'https://<nifi-server>:8077/nifi-api/system-diagnostics' -H 'Content-Type: */*; Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJjbj1SUkJvbGxhLG91PURhdGEgTWFuYWdlbWVudCxvdT1QT0Usb3U9UGVvcGxlLGRjPW1kYW5kZXJzb24sZGM9ZWR1IiwiaXNzIjoiTGRhcFByb3ZpZGVyIiwiYXVkIjoiTGRhcFByb3ZpZGVyIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiUlJCb2xsYSIsImtpZCI6MzMsImV4cCI6MTQ5MjA5OTcyNiwiaWF0IjoxNDkyMDkyNTI2fQ.xIViD0Ea_fok6qV5ghnf65FPbO9Reh_MQxVG2Q1krl4%' --compressed --insecure --tlsv1.2 ... View more

NiFi API & "Unable to validate the access token" e...

by Expert Contributor in Support Questions
‎04-14-2017 02:57 PM
‎04-14-2017 02:57 PM
Hello, I'm getting the "Unable to validate the access token" when calling NiFi API, for all API end points that I checked. (I checked a few). Following other posts in HCC, I'm first using the below call to get the access token, which is successful, it returns a token. curl 'https://<nifi-server>:8077/nifi-api/access/token' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' --data 'username=<username>&password=<password>' --compressed --insecure In the 2nd API call where I use the token from the above call, I'm getting the "Unable to validate the access token" for just about all end-points I checked. Below is one where I'm calling the System Diagnostics end point and returns the error. curl 'https://<nifi-server>:8077/nifi-api/system-diagnostics' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJjbj1SUkJvbGxhLG91PURhdGEgTWFuYWdlbWVudCxvdT1QT0Usb3U9UGVvcGxlLGRjPW1kYW5kZXJzb24sZGM9ZWR1IiwiaXNzIjoiTGRhcFByb3ZpZGVyIiwiYXVkIjoiTGRhcFByb3ZpZGVyIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiUlJCb2xsYSIsImtpZCI6MzMsImV4cCI6MTQ5MjA5OTcyNiwiaWF0IjoxNDkyMDkyNTI2fQ.xIViD0Ea_fok6qV5ghnf65FPbO9Reh_MQxVG2Q1krl4%' --compressed --insecure I checked the 2 posts about this error in HCC and per the suggestions there, 1) I made sure we have LDAP authentication enabled 2) I made sure I'm using the same server and port in both curl commands 3) I checked several API end points to rule out that my login does not have permissions to the specific API end point; I tried the following API end points and all of them return the same "Unable to validate the access token" error - flow/status, flow/history, flow/about, flow/search-results, processors/{id} Do you guys see what's wrong with these API calls ? Thanks in advance. ... View more
Labels:

Re: How to access NiFi API on a secure NiFi instan...

by Expert Contributor in Support Questions
‎04-06-2017 02:44 PM
‎04-06-2017 02:44 PM
Thanks @Matt Clarke, your last sentence ("everything you do via NiFi's UI, are nothing more then calls to nifi-api") cleared it all up for me. ... View more

How to access NiFi API on a secure NiFi instance

by Expert Contributor in Support Questions
‎04-06-2017 01:59 PM
‎04-06-2017 01:59 PM
Hello, In a secure NiFi instance (LDAP/SSL), our users are unable to access the NiFi API. When this URL - https://nifiserver:8077/nifi-api/system-diagnostics - is launched in a browser, this error shows up : "Unable to perform the desired action due to insufficient permissions. Contact the system administrator." In NiFi Admin guide's access policies (https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#access-policies), I did not find anything related to granting permissions for NiFi API access. So, how do you let users access NiFi API in a secure environment. Thanks. ... View more
Labels:

Re: Monitor Apache NiFi with Apache NiFi

by Expert Contributor in Community Articles
‎04-03-2017 06:27 PM
‎04-03-2017 06:27 PM
@Sebastian Carroll IMHO you would need a separate NiFi instance for that purpose, same goes if you want to archive Provenance events from the NiFi instance; another option would be to send the logs to Splunk, etc. for log processing and for any analytics on top of that (dashboard, alerts, etc.) ... View more
Contact Me
Online
Offline
Last Visited
‎08-19-2020 03:25 PM
Community Statistics
Member Since ‎04-29-2016 04:49 PM
Last Visited ‎08-19-2020 03:25 PM
Posts 192
Kudos received 20