Mike and Shawn, thanks for the feedback, have not had a chance to try either, but appreciate your help. Will be trying the cert this week, will reach out to the AD managers about a more direct AD solution.
Dave On Sat, Oct 29, 2022 at 7:10 PM Mike Thomsen <mikerthom...@gmail.com> wrote: > David, > > Another option you might want to explore is having AD generate client > certificates for your users. > > On Sat, Oct 29, 2022 at 12:01 PM Shawn Weeks <swe...@weeksconsulting.us> > wrote: > > > > NiFi should always accept a cert at the rest api if you provide one. If > your using curl just add the “--key” and “--cert” and call whatever api url > your trying directly. You’ll need to make sure that the cert your using is > signed by the same local CA that NiFi is set to trust and that you’ve added > a user in NiFi that matches the common name on the cert or whatever regex > you set for “nifi.security.identity.mapping.value.pattern” > > > > Thanks > > Shawn > > > > > On Oct 28, 2022, at 3:55 PM, David Early via users < > users@nifi.apache.org> wrote: > > > > > > Hi all, > > > > > > We have a 3 node cluster secured with Microsort AD for the first time. > > > > > > I need access to the REST api. The nifi-api/access/token does not > work in this case. > > > > > > We did use a local CA for certificate generation on the servers. > > > > > > I am reading that it is possible to do certificate based auth to the > api....we need this in a script (python) to run on a remote server which is > checking for old flowfiles that can get stuck in a few places. > > > > > > Can I use cert based API connection when using AD as the main > authentication/authorization for the ui? > > > > > > Anything special that needs to be done? I've just not used certs with > the api before, but we have used cert based site to site on other systems > and it works fine. Just not sure how to do it with nipyapi or just from > curl on the cli. > > > > > > David > > > -- David Early, Ph.D. david.ea...@grokstream.com 720-470-7460 Cell