Configuring Data Fabric Communications with Your SSO Server
Describes how to configure the HPE Ezmeral Data Fabric to work with an SSO server.
To enable your SSO provider to communicate with the HPE Ezmeral Data Fabric, release
7.4.0 or later must be installed, and you must configure SSO information by running the
maprcli cluster setssoconf
command.
Note these considerations:
- Only the cluster admin or a user with the fabric manager role can run the
maprcli cluster setssoconf
command. - For a customer-managed data fabric, you must run the command only on the primary CLDB node. SSO information is propagated automatically to other CLDB nodes in the cluster.
- For a consumption-based data fabric, you must run the command only on the primary CLDB node of the primary data fabric. SSO information is propagated automatically to other CLDB nodes and other fabrics in the global namespace.
To configure SSO:
- Identify the primary CLDB node by using one of the following methods:
- On any node in the cluster, run the following
maprcli
command:maprcli clustergroup getcgtable -showprimary true -json
- Log in to the Control System and go to the service information page for CLDB.
The primary CLDB is the CLDB with a CLDB Mode equivalent to
MASTER_READ_WRITE
. For more information, see Viewing CLDB Information.
- On any node in the cluster, run the following
- Log on to the primary CLDB node as the cluster admin (typically the
mapr
user). - Run the cluster setssoconf command, and specify the following
options:
-issuerendpoint
-providername
-clientid
-clientsecret
-certfile
-json
(optional)
For information about each option, see cluster setssoconf.maprcli cluster setssoconf -issuerendpoint https://<IP_address>/realms/TestReallm/ -providername keycloak -clientid testclient -clientsecret <secret> -certfile /opt/mapr/keycloak/conf/<hostname>.crt -json { "timestamp":1693834990616, "timeofday":"2023-09-04 06:43:10.616 GMT-0700 AM", "status":"OK", "total":1, "data":[ { "status":"SUCCESS: SSO configuration set on CLDB." } ] }