Reputation: 1077
How to configure "Proxy user request" for NiFi CLI
According to the documentation, one prerequisite for using NiFi CLI against a secured NiFi instance is to configure proxy user request for the node's identity (e.g. CN=localhost, OU=NIFI).
I understand how to configure it through the NiFi web user interface. However, is it possible to do the same through scripting?
The reason is that I am working on a NiFi installation script, and I would like to install NiFi and configure users/policies in one go if it is possible.
Thank you!
Upvotes: 0
Views: 564
Answers (1)
Reputation: 18660
If you are trying to use NiFi CLI to setup NiFi itself, then you're only real option is for NiFi CLI to perform operations as the Initial Admin identity.
It then depends how NiFi is configured to perform authentication, meaning where is your initial admin identity coming from. Is it a DN from a client cert, a user in LDAP, a kerberos principal, etc?
If it is a client cert, then you can just configure NiFi CLI to use that cert and it should work.
If it is a LDAP user, then you need to have NiFi CLI use one of NiFi's server certs to proxy the LDAP user.
Both of these scenarios are shown in the docs:
https://nifi.apache.org/docs/nifi-docs/html/toolkit-guide.html#security-configuration
Upvotes: 1
Related Questions
- How to pass credential to NiFi rest api
- how to configure Nifi 1.15.2 to use HTTP without authentication
- Connecting to an external HTTP api behind a proxy from nifi
- Nifi rest api Username/Password login not supported by this NiFi reponse
- can we communicate with nifi through cli?
- Getting untrusted proxy message while trying to setup secure NIFI cluster
- How to access NiFi using proxy user request
- Calling Webservice from NIFI with proxy
- Apache Nifi SOCKS Proxy Setup
- NiFi HA-Proxy configuration instructions