[jira] [Comment Edited] (NIFI-11014) JWT token is rejected by NiFi when calling APIs

Wed, 04 Jan 2023 23:58:04 -0800 


    [ 
https://issues.apache.org/jira/browse/NIFI-11014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17654825#comment-17654825
 ] 

Irudya Raj edited comment on NIFI-11014 at 1/5/23 7:57 AM:
-----------------------------------------------------------

[~exceptionfactory] I managed to setup x.509 client certificate and transferred 
client certs from my Java program to execute NiFi APIs. I have enabled all 
access policy to this x.509 user identity. The authentication is successful but 
it throws access policy error in response. Can you advise?

403 Forbidden from GET https://<>/nifi-api/flow/client-id

FYI, I can programmatically access GET https://<>/nifi-api/access end point and 
get the following response.

{"accessStatus":\{"identity":"CN=api_client, OU=dastc, O=stee, L=Singapore, 
ST=Singapore, C=SG","status":"ACTIVE","message":"Access Granted: Certificate 
authenticated."}}

 

!nifi-log.png!  


was (Author: JIRAUSER296250):
[~exceptionfactory] I managed to setup x.509 client certificate and transferred 
client certs from my Java program to execute NiFi APIs. I have enabled all 
access policy to this x.509 user identity. The authentication is successful but 
it throws access policy error in response. Can you advise?

403 Forbidden from GET https://<>/nifi-api/flow/client-id

 

!nifi-log.png!  

> JWT token is rejected by NiFi when calling APIs
> -----------------------------------------------
>
>                 Key: NIFI-11014
>                 URL: https://issues.apache.org/jira/browse/NIFI-11014
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: NiFi Stateless
>    Affects Versions: 1.15.3
>         Environment: NiFi with Keycloak as OIDC provider.
>            Reporter: Irudya Raj
>            Priority: Major
>         Attachments: nifi-log.png
>
>
> I have created oauth token using spring boot and transferred this token to 
> authorization header bearer. NiFi is configured with PS512 JWS algorithm via 
> nifi.security.user.oidc.preferred.jwsalgorithm property. But the API request 
> fails with message "nifi unable to validate the id token: signed jwt 
> rejected: another algorithm expected, or no matching key(s) found" 
> I am able to use NiFi web. Keycloak is configure to use PS512 algo for ID 
> token and access tokens.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to