Unable to Access NiFi Metrics via API Using Azure AD SSO

[vlrags]

Type of question

General Context

Support question

Hello,

I’m running a secure, production-ready NiFi cluster with SSO configured via Microsoft Azure AD. Everything works well for interactive login through the browser using SSO.

Now, I need to programmatically access NiFi metrics (e.g., via the /nifi-api/flow/process-groups/root endpoint) using an automated user or service principal.
What I’ve Tried:

Client Certificate Auth:

    Created a NiFi user with appropriate access policies.

    Tried using curl with client certificate and key (without including the root certificate).

    **Got a 401 Unauthorized response.**

  Bearer Token via Azure AD OAuth:

      Acquired an access token using client ID and secret from Azure AD:


    curl -s -X POST https://login.microsoftonline.com.com/xxx/oauth2/v2.0/token\
    -d 'grant_type=client_credentials' \
    -d 'client_id=xxx' \
    -d 'client_secret=xxxx' \
    -d 'scope=api://xxxx/.default' \
    | jq -r .access_token

curl -v \
  -H "Authorization: Bearer ${TOKEN}" \
  https://nifi/nifi-api/flow/process-groups/root

Received this error:

An error occurred while attempting to decode the Jwt: Signed JWT rejected: Another algorithm expected, or no matching key(s) found

NiFiKop version

1.14.0

Golang version

No response

Kubernetes version

No response

NiFi version

2.4