nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Felipe Garcia <fel...@garcia-lind.com>
Subject unable to post updates api with user certificate.
Date Mon, 05 Aug 2019 00:30:06 GMT
Setup


a cluster of a few nifi boxes


setup to authenticate with LDAP

users and groups in LDAP


Issue 1: unable to specify an LDAP user as Initial User


I have only been able to set up the cluster with a client certificate user.


Issue 2: I am unable to use the API with the initial certificate user to
add an LDAP group.


I exported the cert and key into a usable format for curl


*# open*ssl pkcs12 -in /opt/nifi-certs/CN\=admin_OU\=NIFI.p12  -out
/opt/nifi-certs/CN\=admin_OU\=NIFI.key -nocerts -nodes

*# open*ssl pkcs12 -export -in /opt/nifi-certs/CN\=admin_OU\=NIFI.p12 -out
/opt/nifi-certs/CN\=admin_OU\=NIFI.pem -clcerts -nokeys -passin  'changeme'


I am able to query the API


curl -k -X GET
https://nifi01-sst140.dev.cloud.ace:9443/nifi-api/policies/read/flow --cert
/opt/nifi-certs/CN=admin_OU=NIFI.pem --key
/opt/nifi-certs/CN=admin_OU=NIFI.key --compressed



But I am unable to change or add via the API


 curl -k -X PUT -H 'Content-Type: application/json'
https://nifi01-sst140.dev.cloud.ace:9443/nifi-api/policies/f99bccd1-a30e-3e4a-98a2-dbc708edc67f
--cert
/opt/nifi-certs/CN=admin_OU=NIFI.pem --key
/opt/nifi-certs/CN=admin_OU=NIFI.key -d @/tmp/newpolicy.json

Unable to save Authorizations



I cannot create a token for a cert user


curl -k -X POST '
https://nifi01-sst140.dev.cloud.ace:9443/nifi-api/access/token' -H
'Accept-Encoding: gzip, deflate, br' -H 'Content-Type:
application/x-www-form-urlencoded; charset=UTF-8' -H 'Accept: */*' --cert
/opt/nifi-certs/CN\=admin_OU\=NIFI.pem --key
/opt/nifi-certs/CN\=admin_OU\=NIFI.key --compressed

The username and password must be specified.

Mime
View raw message