I would use some kind of SSO type proxy service and have your Nifi processors request an authorization from that whereby the proxy service performs the authentication to the backend service you are protecting and only returns to Nifi the needed token to interact with it.
Probably for this approach you'll need a single JAAS implementation to the proxy and the token payloads can be any underlying implementation that the remote service requires. Not sure off hand which SSO proxy might just drop into your scenario but a custom JAAS impl will probably be needed in Nifi regardless. What you don't want Nifi to do is juggle and manage white box awareness of all these different remote services. Rather just request authorization and pass session tokens onward. As they say, though, the devil is in the details. Darren Sent from my Verizon, Samsung Galaxy smartphone
