Skip to content

Instantly share code, notes, and snippets.

@jeremymv2

jeremymv2/usage.md

Last active August 31, 2022 14:11
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jeremymv2/7efe85cc3992c2aa873275419182187f to your computer and use it in GitHub Desktop.
Save jeremymv2/7efe85cc3992c2aa873275419182187f to your computer and use it in GitHub Desktop.
Download ZIP
saml2pf9 usage
Raw
usage.md

How to use the saml2pf9 CLI

Extract

$ tar xvfz saml2pf9_0.2.1_Linux_x86_64.tar.gz

Install

$ sudo install ./saml2pf9 /usr/local/bin
$ which saml2pf9
/usr/local/bin/saml2pf9
$

Configure

$ saml2pf9 configure --idp-provider=GoogleApps --url=https://cs-jmiller-ddu.platform9.net --username=jmiller@ethzero.cloud --tenant-id=8114b6583377fcd8ea91869
? Please choose a provider: GoogleApps
? PF9 URL https://cs-jmiller-ddu.platform9.net
? PF9 Tenant Id 8114b6583377fcd8ea91869
? Username jmiller@ethzero.cloud

account {
  URL: https://cs-jmiller-ddu.platform9.net
  TenantId: 8114b6583377fcd8ea91869
  Username: jmiller@ethzero.cloud
  Provider: GoogleApps
  MFA: Auto
  SkipVerify: false
}

Configuration saved for IDP account: default
$

Authenticate

$ saml2pf9 login --idp-account=default --force --verbose

Create a new kubeconfig

For SSO users, this kubeconfig is valid for 24 hours

$ saml2pf9 kubeconfig --skip-prompt > /path/to/kubeconfig

Pro Tip: Create a shell alias for the above so that you run it with a simple command

For a kubeconfig that never expires, using an x509 certificate auth, pass the --force-cert-auth argument. This requires >= PF9 5.5

$ saml2pf9 kubeconfig --skip-prompt --force-cert-auth

Other Options

Take a look at the included README.md

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment