David, Another option you might want to explore is having AD generate client certificates for your users.
On Sat, Oct 29, 2022 at 12:01 PM Shawn Weeks <swe...@weeksconsulting.us> wrote: > > NiFi should always accept a cert at the rest api if you provide one. If your > using curl just add the “--key” and “--cert” and call whatever api url your > trying directly. You’ll need to make sure that the cert your using is signed > by the same local CA that NiFi is set to trust and that you’ve added a user > in NiFi that matches the common name on the cert or whatever regex you set > for “nifi.security.identity.mapping.value.pattern” > > Thanks > Shawn > > > On Oct 28, 2022, at 3:55 PM, David Early via users <users@nifi.apache.org> > > wrote: > > > > Hi all, > > > > We have a 3 node cluster secured with Microsort AD for the first time. > > > > I need access to the REST api. The nifi-api/access/token does not work in > > this case. > > > > We did use a local CA for certificate generation on the servers. > > > > I am reading that it is possible to do certificate based auth to the > > api....we need this in a script (python) to run on a remote server which is > > checking for old flowfiles that can get stuck in a few places. > > > > Can I use cert based API connection when using AD as the main > > authentication/authorization for the ui? > > > > Anything special that needs to be done? I've just not used certs with the > > api before, but we have used cert based site to site on other systems and > > it works fine. Just not sure how to do it with nipyapi or just from curl > > on the cli. > > > > David >
