cluster setssoconf

Specifies how to configure the HPE Ezmeral Data Fabric to work with an SSO server.

Note the following considerations for using cluster setssoconf:
  • For fabrics installed using the seed node method, run cluster setssoconf on the primary CLDB node of the primary fabric of the global namespace. For more information, see Identifying All CLDB Nodes.
  • For fabrics installed using methods other than the seed node method, run cluster setssoconf on the primary CLDB node of the cluster. For more information, see Listing CLDB Nodes.
  • To run the command, you must be the cluster admin (typically the mapr user) or a user with the fabric manager role.

Syntax

CLI
cluster setssoconf
        -issuerendpoint issuers endpoint
        -providername sso provider name keycloak
       [ -clientid client's id ]
       [ -clientsecret client's secret ]
       [ -certfile sso certificate ]
REST
Request Type POST
Request URL 
http[s]://<host>:<port>/rest/cluster/setssoconf

Parameters

Parameter Required or Optional Description
-issuerendpoint Required The IP address of the SSO provider server.
-providername Required The name of your SSO provider. Currently, only keycloak is supported.
-clientid Optional An identifier that enables communication between Data Fabric and the SSO provider. For example: 0oa8m2onb7CAohGdW5d8
-clientsecret Optional The key that is used to encrypt communication between Data Fabric and the SSO provider. For example: _BfjlzbnnQNbNdprf0vnQDSyXcuzziMzyrbm0raB
-certfile Optional The self-signed certificate (.crt) file from the SSO provider (Keycloak).
-json Optional Renders the command output in JSON format.

Example

This example configures the endpoint, client information, and certificate file for a cluster to communicate with a Keycloak SSO server:

CLI
# maprcli cluster setssoconf -issuerendpoint https://<IP_address>:8443/realms/TestReallm/ 
-providername keycloak -clientid testclient -clientsecret <secret>
-certfile /tmp/SAN_SignedCert.crt -json
{
   "timestamp":1693834990616,
   "timeofday":"2023-09-04 06:43:10.616 GMT-0700 AM",
   "status":"OK",
   "total":1,
   "data":[
        {
                "status":"SUCCESS: SSO configuration set on CLDB."
        }
   ]
}
REST
NOTE
When using a self-signed certificate, pass the -k option to curl to avoid the certificate check.
curl -k -u <username> -v -X POST https://abc.sj.us:8443/rest/cluster/setssoconf?issuerendpoint="https://<IP_address>:8443/realms/TestReallm/"&providername=keycloak