[
https://issues.apache.org/jira/browse/NIFI-11014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17656265#comment-17656265
]
David Handermann commented on NIFI-11014:
-----------------------------------------
[~irudayambics] The error message indicates that the new certificate user is
not authorized to perform the request action. If you are using the File User
Group Authorizer, you should be able to add the {{CN=api_client}} Certificate
Distinguished Name to the list of authorized users using the NiFi Users
interface.
> JWT token is rejected by NiFi when calling APIs
> -----------------------------------------------
>
> Key: NIFI-11014
> URL: https://issues.apache.org/jira/browse/NIFI-11014
> Project: Apache NiFi
> Issue Type: Bug
> Components: NiFi Stateless
> Affects Versions: 1.15.3
> Environment: NiFi with Keycloak as OIDC provider.
> Reporter: Irudya Raj
> Priority: Major
> Attachments: nifi-log.png
>
>
> I have created oauth token using spring boot and transferred this token to
> authorization header bearer. NiFi is configured with PS512 JWS algorithm via
> nifi.security.user.oidc.preferred.jwsalgorithm property. But the API request
> fails with message "nifi unable to validate the id token: signed jwt
> rejected: another algorithm expected, or no matching key(s) found"
> I am able to use NiFi web. Keycloak is configure to use PS512 algo for ID
> token and access tokens.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
