nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andy LoPresto <alopre...@apache.org>
Subject Re: NiFi Toolkit CLI Token Creation
Date Wed, 12 Jun 2019 16:57:01 GMT
Shawn, 

I’m not sure I understand your question. 

I am in the process of refactoring the TLS Toolkit to integrate with public certificate authorities,
so in the near future it will be easier to use certificates signed by external authorities
rather than self-signed. 

My understanding is that you are talking about the CLI Toolkit rather than the TLS Toolkit,
but your reference to “token” was ambiguous, so I’m going to proceed with the understanding
that you are referring to the JWT token used to identify an authenticated user when communicating
with the NiFi API. 

You may want to look at JerseyNiFiClient [1], which has methods for getting various clients
given an authentication token. 

You can create the token via the POST /access/kerberos API [2]. 

[1] https://github.com/apache/nifi/blob/master/nifi-toolkit/nifi-toolkit-cli/src/main/java/org/apache/nifi/toolkit/cli/impl/client/nifi/impl/JerseyNiFiClient.java#L163
<https://github.com/apache/nifi/blob/master/nifi-toolkit/nifi-toolkit-cli/src/main/java/org/apache/nifi/toolkit/cli/impl/client/nifi/impl/JerseyNiFiClient.java#L163>
[2] https://nifi.apache.org/docs/nifi-docs/rest-api/index.html <https://nifi.apache.org/docs/nifi-docs/rest-api/index.html>

Andy LoPresto
alopresto@apache.org
alopresto.apache@gmail.com
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

> On Jun 12, 2019, at 9:39 AM, Shawn Weeks <sweeks@weeksconsulting.us> wrote:
> 
> I work in an environment reluctant to create self signed ssl certificates and I’m looking
at the feasibility of having the toolkit cli authenticate via Kerberos. I was expecting it
to be as simple as adding another way to get the authentication token but I’m having trouble
figuring out exactly when the token is created. I see lots of references to it after it’s
been created.
> 
> Thanks
> Shawn


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message