Matt Gilman commented on NIFI-2797:

Someone was just submitted this same issue on the mailing list. Here's some 
additional details...

When using an authentication which will use the API tokens, download requests 
are processed using a one-time password token (since they become part of the 
URL). These are only honored for certain endpoints which do not appear correct. 

As a work-around, you could use clients certificates, download via a curl 
command, or use View as it is not subject to the same endpoint check (when not 

> Authorization header not submitted when clicking Download from Templates 
> window
> -------------------------------------------------------------------------------
>                 Key: NIFI-2797
>                 URL: https://issues.apache.org/jira/browse/NIFI-2797
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core UI
>    Affects Versions: 1.0.0
>            Reporter: Scott Wagner
>            Assignee: Matt Gilman
>             Fix For: 1.1.0
> I am running on a standalone instance of Apache NiFi.  It is configured to 
> use a local LDAP server for authentication, and I am logging in as a user 
> with full permissions.
> When browsing the templates, and I click on the "Download" link, a new tab is 
> opened in the browser but the error message of {{Unable to perform the 
> desired action due to insufficient permissions. Contact the system 
> administrator.}}
> Checking the link that is submitted via developer tools, I noticed that the 
> Authorization header is not being submitted.  If I use curl to get the URL 
> that the browser is trying to get but submit an Authorization header for my 
> valid session, I am able to download the template XML.

This message was sent by Atlassian JIRA

Reply via email to