To interact with a secured REST API, either need to use client certificates with mutual authentication or use a JWT token. If you log in via LDAP, Kerberos, or Kerberos SPNEGO then a successful authentication will result in a JWT token that can be used for subsequent requests.
I believe you have a couple options... Use a server certificate with HTTPd and authorize it as a proxy in NiFi. Additionally, you'll need to relay the end user identity in the X-ProxiedEntitiesChain HTTP header. Or... Relay the Authorization HTTP header which the end user sent to the proxy. Matt On Mon, Jan 16, 2017 at 1:04 PM, Wayna Runa <[email protected]> wrote: > Thanks Matt for your support. > Yes, an unique context path for NiFi makes sense. I will work on that > after solving the Proxy config. > > I don't have configured JWT in Proxy or NiFi. I don't understand why NiFi > is asking for JWT. > Please, Could anyone share your Apache HTTPd Proxy configuration ? > > Regards. > > - wr > > > > On 16 January 2017 at 14:38, Matt Gilman <[email protected]> wrote: > >> A couple comments. Apache NiFi is comprised of a number of web >> applications. You've mapped to three of them. However, we also support UI >> extensions for Custom Processor configuration (like UpdateAttribute and >> JoltTransformJson) and custom data viewers (based on content type) when >> looking at data through queues and data provenance. >> >> I would suggest mapping a single Location that does not point to any one >> specific context path. Otherwise, a lot of maintenance would be required to >> keep your Location's up to date. >> >> I've never tried using token based access from behind a proxy. Can you >> ensure that Bearer token is being included by ensuring the Authorization >> header is passed along? >> >> Matt >> >>
