Access Nifi API using user certificate

["QUEVILLON EMMANUEL - EXT-SAFRAN ENGINEERING SERVICES (SAFRAN)" <em...@safrangroup.com>]

Hi List,

We've installed and setup a nifi cluster (3 nodes). User authentication is based on user SSL certificates. Regarding at documentation and or posts on the internet, it looks like it is not possible to use the Nifi API because of this kind of authentication set. For what I've understand, using REST API required a username/password of use of a token which is available once authenticated.
Is there any chance or workaround to use REST API keep user certificate based authentication?
Thanks for any light(s)

Emmanuel
C2 - Restricted

#
" Ce courriel et les documents qui lui sont joints peuvent contenir des informations confidentielles, être soumis aux règlementations relatives au contrôle des exportations ou ayant un caractère privé. S'ils ne vous sont pas destinés, nous vous signalons qu'il est strictement interdit de les divulguer, de les reproduire ou d'en utiliser de quelque manière que ce soit le contenu. Toute exportation ou réexportation non autorisée est interdite Si ce message vous a été transmis par erreur, merci d'en informer l'expéditeur et de supprimer immédiatement de votre système informatique ce courriel ainsi que tous les documents qui y sont attachés."
******
" This e-mail and any attached documents may contain confidential or proprietary information and may be subject to export control laws and regulations. If you are not the intended recipient, you are notified that any dissemination, copying of this e-mail and any attachments thereto or use of their contents by any means whatsoever is strictly prohibited. Unauthorized export or re-export is prohibited. If you have received this e-mail in error, please advise the sender immediately and delete this e-mail and all attached documents from your computer system."
#

RE: Access Nifi API using user certificate

["QUEVILLON EMMANUEL - EXT-SAFRAN ENGINEERING SERVICES (SAFRAN)" <em...@safrangroup.com>]

Hi Tristan,

Thanks for your quick reply.
Ok then if I want to use curl to get token at first and then query, I need to precise the path to the SSL user certificate or the user/passwd is enough?

Regards

Emmanuel




De : Tristan Steele <tr...@redhat.com>
Envoyé : mardi 5 avril 2022 15:09
À : users@nifi.apache.org
Objet : Re: Access Nifi API using user certificate

Hi Emmanuel,

I'm not sure on the state of the documentation, but I can confirm that the API is accessible using client certificates.

The username in NiFi should match the common name provided on the client certificate, but this has worked very reliably for me.

Hope that helps,
Tristan


On Tue, Apr 5, 2022 at 11:04 PM QUEVILLON EMMANUEL - EXT-SAFRAN ENGINEERING SERVICES (SAFRAN) <em...@safrangroup.com>> wrote:
Hi List,

We’ve installed and setup a nifi cluster (3 nodes). User authentication is based on user SSL certificates. Regarding at documentation and or posts on the internet, it looks like it is not possible to use the Nifi API because of this kind of authentication set. For what I’ve understand, using REST API required a username/password of use of a token which is available once authenticated.
Is there any chance or workaround to use REST API keep user certificate based authentication?
Thanks for any light(s)

Emmanuel
C2 - Restricted

#
" Ce courriel et les documents qui lui sont joints peuvent contenir des informations confidentielles, être soumis aux règlementations relatives au contrôle des exportations ou ayant un caractère privé. S'ils ne vous sont pas destinés, nous vous signalons qu'il est strictement interdit de les divulguer, de les reproduire ou d'en utiliser de quelque manière que ce soit le contenu. Toute exportation ou réexportation non autorisée est interdite Si ce message vous a été transmis par erreur, merci d'en informer l'expéditeur et de supprimer immédiatement de votre système informatique ce courriel ainsi que tous les documents qui y sont attachés."
******
" This e-mail and any attached documents may contain confidential or proprietary information and may be subject to export control laws and regulations. If you are not the intended recipient, you are notified that any dissemination, copying of this e-mail and any attachments thereto or use of their contents by any means whatsoever is strictly prohibited. Unauthorized export or re-export is prohibited. If you have received this e-mail in error, please advise the sender immediately and delete this e-mail and all attached documents from your computer system."
#C2 - Restricted


#
" Ce courriel et les documents qui lui sont joints peuvent contenir des informations confidentielles, être soumis aux règlementations relatives au contrôle des exportations ou ayant un caractère privé. S'ils ne vous sont pas destinés, nous vous signalons qu'il est strictement interdit de les divulguer, de les reproduire ou d'en utiliser de quelque manière que ce soit le contenu. Toute exportation ou réexportation non autorisée est interdite Si ce message vous a été transmis par erreur, merci d'en informer l'expéditeur et de supprimer immédiatement de votre système informatique ce courriel ainsi que tous les documents qui y sont attachés."
******
" This e-mail and any attached documents may contain confidential or proprietary information and may be subject to export control laws and regulations. If you are not the intended recipient, you are notified that any dissemination, copying of this e-mail and any attachments thereto or use of their contents by any means whatsoever is strictly prohibited. Unauthorized export or re-export is prohibited. If you have received this e-mail in error, please advise the sender immediately and delete this e-mail and all attached documents from your computer system."
#

Re: Access Nifi API using user certificate

[Tristan Steele <tr...@redhat.com>]

Hi Emmanuel,

I'm not sure on the state of the documentation, but I can confirm that the
API is accessible using client certificates.

The username in NiFi should match the common name provided on the client
certificate, but this has worked very reliably for me.

Hope that helps,
Tristan


On Tue, Apr 5, 2022 at 11:04 PM QUEVILLON EMMANUEL - EXT-SAFRAN ENGINEERING
SERVICES (SAFRAN) <em...@safrangroup.com> wrote:

> Hi List,
>
>
>
> We’ve installed and setup a nifi cluster (3 nodes). User authentication is
> based on user SSL certificates. Regarding at documentation and or posts on
> the internet, it looks like it is not possible to use the Nifi API because
> of this kind of authentication set. For what I’ve understand, using REST
> API required a username/password of use of a token which is available once
> authenticated.
>
> Is there any chance or workaround to use REST API keep user certificate
> based authentication?
>
> Thanks for any light(s)
>
>
>
> Emmanuel
>
> C2 - Restricted
>
>
> #
> " Ce courriel et les documents qui lui sont joints peuvent contenir des
> informations confidentielles, être soumis aux règlementations relatives au
> contrôle des exportations ou ayant un caractère privé. S'ils ne vous sont
> pas destinés, nous vous signalons qu'il est strictement interdit de les
> divulguer, de les reproduire ou d'en utiliser de quelque manière que ce
> soit le contenu. Toute exportation ou réexportation non autorisée est
> interdite Si ce message vous a été transmis par erreur, merci d'en informer
> l'expéditeur et de supprimer immédiatement de votre système informatique ce
> courriel ainsi que tous les documents qui y sont attachés."
> ******
> " This e-mail and any attached documents may contain confidential or
> proprietary information and may be subject to export control laws and
> regulations. If you are not the intended recipient, you are notified that
> any dissemination, copying of this e-mail and any attachments thereto or
> use of their contents by any means whatsoever is strictly prohibited.
> Unauthorized export or re-export is prohibited. If you have received this
> e-mail in error, please advise the sender immediately and delete this
> e-mail and all attached documents from your computer system."
> #
>