cluster setssoconf

Specifies how to configure the HPE Ezmeral Data Fabric to work with an SSO server.

Note the following considerations for using cluster setssoconf:
  • For the Data Fabric software-as-a-service platform, run cluster setssoconf on the primary CLDB node of the primary fabric of the global namespace. For more information, see Identifying All CLDB Nodes.
  • For the Data Fabric customer-managed platform, run cluster setssoconf on the primary CLDB node of the cluster. For more information, see Listing CLDB Nodes.
  • To run the command, you must be the cluster admin (typically the mapr user) or a user with the fabric manager role.

Syntax

CLI
cluster setssoconf
        -issuerendpoint issuers endpoint
        -providername sso provider name keycloak
       [ -clientid client's id ]
       [ -clientsecret client's secret ]
       [ -certfile sso certificate ]
REST
Request Type POST
Request URL
http[s]://<host>:<port>/rest/cluster/setssoconf

Parameters

Parameter Required or Optional Description
-issuerendpoint Required The IP address of the SSO provider server.
-providername Required The name of your SSO provider. Currently, only keycloak is supported.
-clientid Optional An identifier that enables communication between Data Fabric and the SSO provider. For example: 0oa8m2onb7CAohGdW5d8
-clientsecret Optional The key that is used to encrypt communication between Data Fabric and the SSO provider. For example: _BfjlzbnnQNbNdprf0vnQDSyXcuzziMzyrbm0raB
-certfile Optional The self-signed certificate (.crt) file from the SSO provider (Keycloak).
-json Optional Renders the command output in JSON format.

Example

This example configures the endpoint, client information, and certificate file for a cluster to communicate with a Keycloak SSO server:

CLI
# maprcli cluster setssoconf -issuerendpoint https://<IP_address>:8443/realms/TestReallm/ 
-providername keycloak -clientid testclient -clientsecret <secret>
-certfile /tmp/SAN_SignedCert.crt -json
{
   "timestamp":1693834990616,
   "timeofday":"2023-09-04 06:43:10.616 GMT-0700 AM",
   "status":"OK",
   "total":1,
   "data":[
        {
                "status":"SUCCESS: SSO configuration set on CLDB."
        }
   ]
}
REST
NOTE
When using a self-signed certificate, pass the -k option to curl to avoid the certificate check.
curl -k -u <username> -v -X POST https://abc.sj.us:8443/rest/cluster/setssoconf?issuerendpoint="https://<IP_address>:8443/realms/TestReallm/"&providername=keycloak