You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2022/11/10 16:04:00 UTC

[jira] [Resolved] (NIFI-3096) Issues with NTLM authentication in GetHttp and InvokeHttp processors

     [ https://issues.apache.org/jira/browse/NIFI-3096?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Handermann resolved NIFI-3096.
------------------------------------
      Assignee:     (was: Karthik Narayanan)
    Resolution: Won't Fix

NTLM has fundamental security flaws due to the use of weak ciphers. Windows 2000 and following have supported Kerberos authentication as an alternative, so that should be evaluated as an alternative approach.

> Issues with NTLM authentication in GetHttp and InvokeHttp processors
> --------------------------------------------------------------------
>
>                 Key: NIFI-3096
>                 URL: https://issues.apache.org/jira/browse/NIFI-3096
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Extensions
>            Reporter: Michael Kalika
>            Priority: Major
>
> GetHttp and InvokeHttp do not support HTTP endpoints protected with NTLM authentication. This functionality is needed for working with services and APIs hosted in Windows systems.
> Here's a log with error:
> 2016-11-23 17:45:22,272 WARN [Timer-Driven Process Thread-7]
> o.a.http.impl.auth.HttpAuthenticator NEGOTIATE authentication error: No valid
> credentials provided (Mechanism level: No valid credentials provided (Mechanism
> level: Failed to find any Kerberos tgt))
> 2016-11-23 17:45:22,272 WARN [Timer-Driven Process Thread-7]
> o.a.http.impl.auth.HttpAuthenticator NTLM authentication error: Credentials
> cannot be used for NTLM authentication:
> org.apache.http.auth.UsernamePasswordCredentials
> 2016-11-23 17:45:22,274 ERROR [Timer-Driven Process
> Thread-7] o.a.nifi.processors.standard.GetHTTP
> GetHTTP[id=91ce7dfd-0158-1000-1c53-cf24cf132983] received status code
> 401:Unauthorized from http://internal.api.ep/dosomething
> and a discussion about this issue
> https://community.hortonworks.com/questions/68097/issues-with-gethttp-and-ntlm-authentication-in-nif.html



--
This message was sent by Atlassian Jira
(v8.20.10#820010)