I am looking for resources to configure Apache KNOXTOKEN service to access Apache NIFI REST API.
I already have KNOXSSO configured, and am able to access the NIFI UI through it. However, I could not find resources to make NIFI REST services securely accessible via Curl and JWT.
Pointers appreciated.
Minor tweak to the other suggestion here...
When integrating with KnoxSSO, NiFi accepts the Knox JWT token in a cookie. By default, I believe this cookie is named hadoop-jwt. If you're trying to access NiFi Rest Api's using curl I believe you'd need to get the JWT value from Knox (or maybe by looking at the cookie in your browsers DevTools) and include it in a cookie in your curl requests.
If you include the Knox JWT token in an Authorization header the verification will fail. JWTs specified in the Authorization header must be tokens that NiFi generated/signed. To validated a token generated/signed by Knox, NiFi follows the Knox conventions.
For other authentication mechanisms like SPNEGO or login identity providers, there are end-points like /access/token or /access/kerberos where you can obtain a token.
I don't think there is a way to do that for Knox since it requires the SSO workflow of being redirected a login page in your browser.
You would have to first authenticate to the NiFi UI via Knox SSO, and then use something like Chrome Dev tools to look in the browser's local storage and find the token that the NiFi UI has for the current user.
Then you can use that token to make API calls by passing it in the Bearer header like:
curl -k --header "Authorization: Bearer $token" https://<nifi-host>:<port>/nifi-api/flow/cluster/summary
