Hi All,
just to close the thread, I finally understood where my problem was: the API I
have to access to requires “mutual TLS authentication”, so I needed to properly
point the InvokeHTTP processor to both a keystore and a truststore, populating
them with the correct certificates.
Best regards,
Luca
Luca Giovannini
Information Systems Analyst
[Deda Next]
Da: Luca Giovannini via users <users@nifi.apache.org>
Inviato: martedì 24 settembre 2024 17:00
A: users@nifi.apache.org
Oggetto: R: API key NiFi
Thank you very much Josef,
I studied a little and was able to configure the InvokeHTTP processor with SSL
Context Service and to point it to a local truststore where I imported the
certificate.
I believe I did this correctly and I am now getting this ERROR:
Routing to Failure due to exception: javax.net.ssl.SSLHandshakeException:
Received fatal alert: handshake_failure
I delved a little more and my current hypothesis is that SSL Context Service
and the remote server might not have a cypher in common.
I am able to access the API via Postman and this is what it tells me about the
protocol and cypher it used (successfully):
tls: {…}
1. reused: false
2. authorized: false
3. authorizationError: "SELF_SIGNED_CERT_IN_CHAIN"
4. ▶cipher: {…}
* name: "TLS_AES_128_GCM_SHA256"
* standardName: "TLS_AES_128_GCM_SHA256"
* version: "TLSv1/SSLv3"
5. protocol: "TLSv1.3"
6. ephemeralKeyInfo: {}
So my question is: how can I check which are the cyphers available to NiFi? (I
am using NiFi 1.12.1)
I have looked for this information in the logs, but I didn’t find it.
I know how to set log levels for a specific processor, but how to do it for a
controller service? Is the example below correct?
Were can I find all the possible values of the “name” field?
<logger name="org.apache.nifi.processors.standard.InvokeHTTP" level="TRACE"/>
<logger name="org.apache.nifi.controller.StandardRestrictedSSLContextService"
level="TRACE"/>
Thanks again for any hint or help,
Luca
Luca Giovannini
Information Systems Analyst
https://www.dedanext.it/
[Deda Next]
Da: josef.zahn...@swisscom.com<mailto:josef.zahn...@swisscom.com>
<josef.zahn...@swisscom.com<mailto:josef.zahn...@swisscom.com>>
Inviato: martedì 24 settembre 2024 08:47
A: users@nifi.apache.org<mailto:users@nifi.apache.org>; Luca Giovannini
<luca.giovann...@dedagroup.it<mailto:luca.giovann...@dedagroup.it>>
Oggetto: Re: API key NiFi
Hi guys
Based on your request it’s not clear for me whether your REST API use Client
Certificates to authenticate/authorizer or not. I assume not, typically you’’
must import the CA Public Key (where the REST API has been signed with) into a
java truststore (JKS) which you assign to the InvokeHTTP “SSL Context Service”.
That truststore is only to get a trusted/secured SSL connection, nothing else.
Next step is to authorize, in a lot of cases you insert username/password to
get a token, or as you call it “API key password”. This token is typically
valid for a short period of time. So to sum it up, it isn’t clear what exactly
you are looking for, your information isn’t clear enough, at least for me.
Where and how did you get this “API key password”
Cheers Josef
From: Luca Giovannini via users
<users@nifi.apache.org<mailto:users@nifi.apache.org>>
Date: Monday, 23 September 2024 at 15:31
To: users@nifi.apache.org<mailto:users@nifi.apache.org>
<users@nifi.apache.org<mailto:users@nifi.apache.org>>
Subject: R: API key NiFi
Be aware: This is an external email.
Hi All,
any insights/help on this?
Anything would help us a lot!
Thank you,
Luca
Luca Giovannini
Information Systems Analyst
Deda Next
www.linkedin.com/in/lucagio/<http://www.linkedin.com/in/lucagio/>
Mobile +39.347.7993183
Via Marco Emilio Lepido 178,
40132 Bologna, Italy
https://www.dedanext.it/
[Deda Next]
Da: Simone Sablone via users
<users@nifi.apache.org<mailto:users@nifi.apache.org>>
Inviato: lunedì 9 settembre 2024 13:07
A: users@nifi.apache.org<mailto:users@nifi.apache.org>
Oggetto: API key NiFi
Hi All,
I need to access to an HTTP API endpoint protected with an "API Key"
authorization protocol and I am rather new to all of this.
I have a .CRT certificate, a .CER certificate, a .PFX file and corresponding
password, and API Key password (key and value pair).
I am able to make it work with Postman, but I can't figure out how to do it
with NiFi.
I know I have to use an "Invoke HTTP" processor, probably with an SSL Context
Service, but I can't fugure out how to configure them.
Can you help me?
Thank you very much for your support.
Simone Sablone – Data Scientist - Dedagroup
M 339 6812735 | https://www.linkedin.com/in/simone-sablone-b5a7a1130
Dedagroup Spa – Sede di Roma, Via Paolo di Dono 73
www.deda.group<http://www.deda.group/>
[cid:image002.png@01DB1402.8C92E990]<https://www.deda.group/home>
Le informazioni contenute in questo messaggio di posta elettronica sono
riservate e confidenziali e ne e' vietata la diffusione in qualsiasi modo o
forma. Qualora Lei non fosse la persona destinataria del presente messaggio, La
invitiamo a non diffonderlo e ad eliminarlo, dandone gentilmente comunicazione
al mittente.
The information included in this e-mail and any attachments are confidential
and may also be privileged. If you are not the correct recipient, you are
kindly requested to notify the sender immediately, to cancel it and not to
disclose the contents to any other person.
