[ https://issues.apache.org/jira/browse/NIFI-11014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17654208#comment-17654208 ]
David Handermann commented on NIFI-11014: ----------------------------------------- The project documentation has a guide for [Securing NiFi with TLS|https://nifi.apache.org/docs/nifi-docs/html/walkthroughs.html#securing-nifi-with-tls]. NiFi supports X.509 certificate authentication whenever TLS is configured, regardless of the user-facing authentication strategy. If you already have HTTPS access configured, then the only requirement is obtaining authorized client certificates. The source of client certificates depends on whether you used to the NiFi TLS Toolkit, or some other certificate authority to provision NiFi server certificates. After obtaining client certificates, NiFi must authorize access based on the Subject Distinguished Name. The particulars depend on the User and Group Provider configuration specified in authorizers.xml. > JWT token is rejected by NiFi when calling APIs > ----------------------------------------------- > > Key: NIFI-11014 > URL: https://issues.apache.org/jira/browse/NIFI-11014 > Project: Apache NiFi > Issue Type: Bug > Components: NiFi Stateless > Affects Versions: 1.15.3 > Environment: NiFi with Keycloak as OIDC provider. > Reporter: Irudya Raj > Priority: Major > > I have created oauth token using spring boot and transferred this token to > authorization header bearer. NiFi is configured with PS512 JWS algorithm via > nifi.security.user.oidc.preferred.jwsalgorithm property. But the API request > fails with message "nifi unable to validate the id token: signed jwt > rejected: another algorithm expected, or no matching key(s) found" > I am able to use NiFi web. Keycloak is configure to use PS512 algo for ID > token and access tokens. -- This message was sent by Atlassian Jira (v8.20.10#820010)