[
https://issues.apache.org/jira/browse/NIFI-11014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17654825#comment-17654825
]
Irudya Raj edited comment on NIFI-11014 at 1/5/23 8:04 AM:
-----------------------------------------------------------
[~exceptionfactory] I managed to setup x.509 client certificate and transferred
client certs from my Java program to execute NiFi APIs. I have enabled all
access policy to this x.509 user identity. The authentication is successful but
it throws access policy error in response. Can you advise?
403 Forbidden from GET https://<>/nifi-api/flow/client-id
FYI, I can programmatically access GET https://<>/nifi-api/access end point and
get the following response.
{"accessStatus":\{"identity":"CN=api_client, OU=<>, O=s<>, L=<>, ST=<>,
C=<>","status":"ACTIVE","message":"Access Granted: Certificate authenticated."}}
!nifi-log.png!
was (Author: JIRAUSER296250):
[~exceptionfactory] I managed to setup x.509 client certificate and transferred
client certs from my Java program to execute NiFi APIs. I have enabled all
access policy to this x.509 user identity. The authentication is successful but
it throws access policy error in response. Can you advise?
403 Forbidden from GET https://<>/nifi-api/flow/client-id
FYI, I can programmatically access GET https://<>/nifi-api/access end point and
get the following response.
{"accessStatus":\{"identity":"CN=api_client, OU=dastc, O=stee, L=Singapore,
ST=Singapore, C=SG","status":"ACTIVE","message":"Access Granted: Certificate
authenticated."}}
!nifi-log.png!
> JWT token is rejected by NiFi when calling APIs
> -----------------------------------------------
>
> Key: NIFI-11014
> URL: https://issues.apache.org/jira/browse/NIFI-11014
> Project: Apache NiFi
> Issue Type: Bug
> Components: NiFi Stateless
> Affects Versions: 1.15.3
> Environment: NiFi with Keycloak as OIDC provider.
> Reporter: Irudya Raj
> Priority: Major
> Attachments: nifi-log.png
>
>
> I have created oauth token using spring boot and transferred this token to
> authorization header bearer. NiFi is configured with PS512 JWS algorithm via
> nifi.security.user.oidc.preferred.jwsalgorithm property. But the API request
> fails with message "nifi unable to validate the id token: signed jwt
> rejected: another algorithm expected, or no matching key(s) found"
> I am able to use NiFi web. Keycloak is configure to use PS512 algo for ID
> token and access tokens.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
