Using MinIO Client (mc) Without a User Ticket When SSO Is Configured
Describes how to use temporary tickets with MinIO Client (mc) commands in SSO-enabled clusters.
When SSO is not configured, issuing mc
commands requires you to specify an
AccessKey and SecretKey. You generate the keys by using the maprcli s3keys
generate
command, as described in Getting Started with HPE Ezmeral Data Fabric Object Store.
export MAPR_JWT_TOKEN_LOCATION="/tmp/jwt"
/opt/mapr/bin/mc alias setdemo https://<hostname> -f:9000
Added 'demo' successfully.
Obtain the JWT from your SSO provider, and place it in a secure location that can be specified in the environment variable.
After setting the JWT location, you can issue mc
commands without
specifying the AccessKey or SecretKey. When the environment variable is set, Data Fabric reads the JWT location from the environment variable
and uses maprcli
to contact the CLDB to obtain the AccessKey and SecretKey
seamlessly.
mc alias ls
command. For example: /opt/mapr/bin/mc alias ls demo
demo
URL : https://127.0.0.1:9000
AccessKey : 6TTSP773RPYKQ8511SWVQT924MTA4M57U2BYKVB5Q83GNOABR
SecretKey : 8KFL9W77LFMG36MJXGD057QZPL9FMN73BFJ5CDSEW09LNMHSW
API : s3v4
Path : auto