I appreciate the reply David, Are you aware of documentation for how to provision the client certificate for the CLI actions? We’ve tried this route with limited success, any docs that might help in this regard would be greatly appreciated.
Thank you, Brant Gardner Software Developer – BI & Analytics Time: GMT -6:00 Office: +1 651 467 3620 | Mobile: +1 402 470 7895 | [email protected]<mailto:[email protected]> [A black background with green text Description automatically generated] From: David Handermann <[email protected]> Sent: Monday, June 17, 2024 10:22 To: [email protected] Subject: [EXTERNAL] Re: NiFi CLI in secure environment Hi Brant, Thanks for describing the environment and including the version information. NiFi 2. 0. 0-M3 introduced support for the Client Credentials Grant Type in conjunction with OpenID Connect authentication, but did not include changes to Hi Brant, Thanks for describing the environment and including the version information. NiFi 2.0.0-M3 introduced support for the Client Credentials Grant Type in conjunction with OpenID Connect authentication, but did not include changes to the NiFi CLI. Support for Client Credentials could be added to the NiFi CLI now that the REST API supports it, and that would involve a new feature request. As far as a solution that could be implemented with existing versions, one common pattern is to provision a client certificate that is specific to the NiFi CLI, and use that for automated REST API requests. When configured with OpenID Connect, NiFi still supports mutual TLS with client certificates, so that is another way forward. Regards, David Handermann On Wed, Jun 12, 2024 at 3:54 PM Brant Gardner <[email protected]<mailto:[email protected]>> wrote: We have NiFi 2.0.0-M2 installed in a secure environment (OIDC) and we’re trying to utilize the CLI (running on the same machine, so against localhost). We’re finding it nearly impossible to make any calls against the server due to 403 Forbidden errors. It *does* seem to work with registry commands, just not nifi commands. Is there any documentation for how to contact the server with the CLI in this type of configuration? Brant Gardner Software Developer – BI & Analytics Time: GMT -6:00 [email protected]<mailto:[email protected]> [A black background with green text Description automatically generated]
