cluster setssoconf
Specifies how to configure the HPE Ezmeral Data Fabric to work with an SSO server.
Note the following considerations for using
cluster setssoconf
:- For the Data Fabric software-as-a-service platform, run
cluster setssoconf
on the primary CLDB node of the primary fabric of the global namespace. For more information, see Identifying All CLDB Nodes. - For the Data Fabric customer-managed platform, run
cluster setssoconf
on the primary CLDB node of the cluster. For more information, see Listing CLDB Nodes. - To run the command, you must be the cluster admin (typically the
mapr
user) or a user with the fabric manager role.
Syntax
- CLI
-
cluster setssoconf -issuerendpoint issuers endpoint -providername sso provider name keycloak [ -clientid client's id ] [ -clientsecret client's secret ] [ -certfile sso certificate ]
- REST
Request Type POST Request URL http[s]://<host>:<port>/rest/cluster/setssoconf
Parameters
Parameter | Required or Optional | Description |
---|---|---|
-issuerendpoint |
Required | The IP address of the SSO provider server. |
-providername |
Required | The name of your SSO provider. Currently, only keycloak
is supported. |
-clientid |
Optional | An identifier that enables communication between Data Fabric and the SSO provider. For example:
0oa8m2onb7CAohGdW5d8 |
-clientsecret |
Optional | The key that is used to encrypt communication between Data Fabric and
the SSO provider. For example:
_BfjlzbnnQNbNdprf0vnQDSyXcuzziMzyrbm0raB |
-certfile |
Optional | The self-signed certificate (.crt ) file from the SSO
provider (Keycloak). |
-json |
Optional | Renders the command output in JSON format. |
Example
This example configures the endpoint, client information, and certificate file for a cluster to communicate with a Keycloak SSO server:
- CLI
-
# maprcli cluster setssoconf -issuerendpoint https://<IP_address>:8443/realms/TestReallm/ -providername keycloak -clientid testclient -clientsecret <secret> -certfile /tmp/SAN_SignedCert.crt -json { "timestamp":1693834990616, "timeofday":"2023-09-04 06:43:10.616 GMT-0700 AM", "status":"OK", "total":1, "data":[ { "status":"SUCCESS: SSO configuration set on CLDB." } ] }
- REST
-
NOTEWhen using a self-signed certificate, pass the
-k
option tocurl
to avoid the certificate check.curl -k -u <username> -v -X POST https://abc.sj.us:8443/rest/cluster/setssoconf?issuerendpoint="https://<IP_address>:8443/realms/TestReallm/"&providername=keycloak