cluster setssoconf
Specifies how to configure the HPE Ezmeral Data Fabric to work with an SSO server.
Note these considerations for using
cluster setssoconf
:- For the Data Fabric software-as-a-service platform,
cluster setssoconf
must be run on the primary CLDB node of the primary fabric of the global namespace. - For the Data Fabric customer-managed platform,
cluster setssoconf
must be run on the primary CLDB node of the cluster. For more information, see Listing CLDB Nodes. - You must be the cluster admin (typically the
mapr
user) or a user with the fabric manager role to run this command.
Syntax
- CLI
-
cluster setssoconf -issuerendpoint issuers endpoint -providername sso provider name keycloak | okta [ -clientid client's id ] [ -clientsecret client's secret ] [ -certfile sso certificate ]
Parameters
Parameter | Description |
---|---|
-issuerendpoint |
The IP address of the SSO provider server. |
-providername |
The name of your SSO provider. Currently, only keycloak
is supported. |
-clientid |
An identifier that enables communication between Data Fabric and the SSO provider. For example:
0oa8m2onb7CAohGdW5d8 |
-clientsecret |
The key that is used to encrypt communication between Data Fabric and
the SSO provider. For example:
_BfjlzbnnQNbNdprf0vnQDSyXcuzziMzyrbm0raB |
-certfile |
The self-signed certificate (.crt ) file from the SSO
provider (Keycloak). |
-json |
Renders the command output in JSON format. |
Example
This example configures the endpoint, client information, and certificate file for a cluster to communicate with a Keycloak SSO server:
- CLI
-
~]# maprcli cluster setssoconf -issuerendpoint https://<IP_address>:8443/realms/TestReallm/ -providername keycloak -clientid testclient -clientsecret <secret> -certfile /tmp/SAN_SignedCert.crt -json { "timestamp":1693834990616, "timeofday":"2023-09-04 06:43:10.616 GMT-0700 AM", "status":"OK", "total":1, "data":[ { "status":"SUCCESS: SSO configuration set on CLDB." } ] }
- REST
- N/A