[
https://issues.apache.org/jira/browse/NIFI-11014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17654208#comment-17654208
]
David Handermann commented on NIFI-11014:
-----------------------------------------
The project documentation has a guide for [Securing NiFi with
TLS|https://nifi.apache.org/docs/nifi-docs/html/walkthroughs.html#securing-nifi-with-tls].
NiFi supports X.509 certificate authentication whenever TLS is configured,
regardless of the user-facing authentication strategy. If you already have
HTTPS access configured, then the only requirement is obtaining authorized
client certificates. The source of client certificates depends on whether you
used to the NiFi TLS Toolkit, or some other certificate authority to provision
NiFi server certificates. After obtaining client certificates, NiFi must
authorize access based on the Subject Distinguished Name. The particulars
depend on the User and Group Provider configuration specified in
authorizers.xml.
> JWT token is rejected by NiFi when calling APIs
> -----------------------------------------------
>
> Key: NIFI-11014
> URL: https://issues.apache.org/jira/browse/NIFI-11014
> Project: Apache NiFi
> Issue Type: Bug
> Components: NiFi Stateless
> Affects Versions: 1.15.3
> Environment: NiFi with Keycloak as OIDC provider.
> Reporter: Irudya Raj
> Priority: Major
>
> I have created oauth token using spring boot and transferred this token to
> authorization header bearer. NiFi is configured with PS512 JWS algorithm via
> nifi.security.user.oidc.preferred.jwsalgorithm property. But the API request
> fails with message "nifi unable to validate the id token: signed jwt
> rejected: another algorithm expected, or no matching key(s) found"
> I am able to use NiFi web. Keycloak is configure to use PS512 algo for ID
> token and access tokens.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
