Using MinIO Client (mc) Without a User Ticket When SSO Is Configured

Describes how to use temporary tickets with MinIO Client (mc) commands in SSO-enabled clusters.

When SSO is not configured, issuing mc commands requires you to specify an AccessKey and SecretKey. You generate the keys by using the maprcli s3keys generate command, as described in Getting Started with HPE Ezmeral Data Fabric Object Store.

With SSO configured, it is still necessary to provide AccessKey and SecretKey. However, you can set an environment variable to satisfy this requirement. For example:
export MAPR_JWT_TOKEN_LOCATION="/tmp/jwt"
/opt/mapr/bin/mc alias setdemo https://<hostname> -f:9000
Added 'demo' successfully.

Obtain the JWT from your SSO provider, and place it in a secure location that can be specified in the environment variable.

After setting the JWT location, you can issue mc commands without specifying the AccessKey or SecretKey. When the environment variable is set, Data Fabric reads the JWT location from the environment variable and uses maprcli to contact the CLDB to obtain the AccessKey and SecretKey seamlessly.

To view the AccessKey and SecretKey for an alias, use the mc alias ls command. For example:
/opt/mapr/bin/mc alias ls demo
demo
  URL       : https://127.0.0.1:9000
  AccessKey : 6TTSP773RPYKQ8511SWVQT924MTA4M57U2BYKVB5Q83GNOABR
  SecretKey : 8KFL9W77LFMG36MJXGD057QZPL9FMN73BFJ5CDSEW09LNMHSW
  API       : s3v4
  Path      : auto