Globus Connect Server Administration Guides
  • Quickstart Guide
  • Installation Guide
  • Data Access Admin Guide
  • Domain Guide
  • Domain Migration to gaccess.io
  • HTTPS Access to Collections
  • Identity Mapping Admin Guide
  • Globus OIDC Installation Guide
  • Troubleshooting Guide
  • Command-Line Reference
    • Command summary
    • Audit
      • Load
      • Query
      • Dump
    • Endpoint
      • Setup
      • Show
      • Update
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription ID
      • Cleanup
      • Key Convert
      • Domain
      • Role
      • Upgrade
    • OIDC
      • Create
      • Delete
      • Register
      • Show
      • Update
    • Node
      • Create
      • Disable
      • Enable
      • New Secret
      • Setup
      • List
      • Show
      • Update
      • Cleanup
      • Delete
    • Login
    • Session
      • Consent
      • Show
      • Update
    • Whoami
    • Logout
    • Storage Gateway
      • Create
      • List
      • Show
      • Update
      • Delete
    • Collection
      • Create
      • List
      • Show
      • Batch Delete
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription Admin Verified Collection Property
      • Update
      • Delete
      • Domain
      • Check
      • Role
    • Auth Policy
      • Create
      • List
      • Show
      • Update
      • Delete
    • Sharing Policy
      • Create
      • List
      • Show
      • Delete
    • User Credentials
      • Activescale Create
      • OAuth Create
      • Delete
      • List
      • S3 Create
      • S3 Keys Add
      • S3 Keys Delete
      • S3 Keys Update
    • Self Diagnostic
  • Globus Connect Server Manager API
    • Authorization
    • Versioning
    • Endpoint
    • Roles
    • Nodes
    • Storage Gateways
    • Collections
    • User Credentials
    • Domains
    • Sharing Policies
  • API Access for Portals
  • Automated Endpoint Deployment
  • Data Access Application Guide
  • Application Migration Guide
  • Change Log
Skip to main content
Globus Docs
  • Getting Started
    Getting Started

    Getting Started and Tutorial docs cover how to perform some activity or provide an introduction to a feature. They are not comprehensive, but help you get started with Globus or with new Globus features.

    • Users
    • Admins
    • Developers
  • Reference
    Reference
    • Service
      • Auth
      • Groups
      • Transfer
      • Timers
      • Flows
      • Compute
      • Search
    • Agents
      • Globus Connect Server
      • GCS CLI
      • Globus Connect Personal
      • Globus Compute
    • SDK
      • Python
      • JS
    • Clients
      • CLI
    • Security and Compliance
      • Product Security
      • Privacy
      • Solutions for Sensitive Data
      • FAQs
  • Solutions & Guides
    Solutions & Guides

    Find practical approaches for leveraging Globus in research environments, integrating with platforms, and building science gateways. Access hands-on guides, integration instructions, and real-world scenarios for advanced usage.

    • Portals/Science Gateways
    • Guides
  • Support
    Support

    Find answers to frequently asked questions, connect with the community by joining our mailing lists, or reach out directly to Globus support.

    • FAQs
    • Mailing Lists
    • Contact Us
    • Check Support Tickets
  • Site Search
  1. Home
  2. Globus Connect Server
  3. v5.4
  4. Command-Line Reference
  5. OIDC
  6. Create

Globus Connect Server OIDC Create

Name

globus-connect-server oidc create - Create a Globus OIDC server for the endpoint

Synopsis

globus-connect-server oidc create --display-name DISPLAY_NAME --server-name [FULLY_QUALIFIED_SERVER_NAME] --certificate-path [CERT_PATH] --certificate-chain-path [CHAIN_PATH] --private-key-path [PRIVATE_KEY_PATH] --manage-certificate-and-key [TRUE_OR_FALSE] [OPTIONS]…​

Description

The globus-connect-server oidc create command provides a command-line interface for adding a Globus OIDC server to an endpoint. This command should be run once on any data transfer node that has been set up with node setup, and it will create the configuration for the remaining nodes.

The display name, and support contact information are required to run the command. A custom PAM module - which is set to login if not specified - can be set with --pam-service.

The OIDC server can be configured to use either a domain, certificate, and key supplied by the --server-name, --certificate-path, --certificate-chain-path, and --private-key-path options, or it can use a subdomain of the endpoint domain by using the --quickstart-server-name option.

A Globus OIDC server can not be created on an endpoint that has an OIDC registration.

Options

-h, --help

Show a help message and exit.

--version

Show the version and exit.

--display-name DISPLAY_NAME (required)

The display name for the OIDC server. This will be displayed on the login page when the user attempts to sign in. Note that this is limited to 64 characters.

--quickstart-server-name [HOSTNAME_LABEL]

Unqualified domain name for the OIDC service, when configuring it to use a subdomain of the endpoint’s domain. This cannot be used in conjunction with the --server-name, --certificate-path, --certificate-chain-path, -private-key-path, or --manage-certificate-and-key parameters.

--server-name [FULLY_QUALIFIED_SERVER_NAME]

Fully-qualified domain name for the OIDC service.

--certificate-path [CERT_PATH]

Full path to the certificate for the virtual host for the OIDC service.

--certificate-chain-path [CHAIN_PATH]

Full path to the certificate chain for the virtual host for the OIDC service.

--private-key-path [PRIVATE_KEY_PATH]

Full path to the private key for the virtual host for the OIDC service.

--manage-certificate-and-key

If specified the certificate and key will be encrypted and synchronized between data transfer nodes; if not passed, you are responsible for ensuring that the certificate, chain, and key files are present on each data transfer node.

--support-contact SUPPORT_CONTACT (required)

The support contact name for the OIDC server. This is required by Globus Auth.

--support-email SUPPORT_EMAIL (required)

The support contact email for the OIDC server. This is required by Globus Auth and is shown on the login screen in the event that a user requires support contact information.

-p, --pam-service PAM_SERVICE

The PAM module to use when authenticating the user. This is set to login if omitted.

Example

This invocation creates a Globus OIDC server, setting the display name to "Example OIDC Server" and the support contact is configured to "Test User" with an email address of "testuser@test.com".

globus-connect-server oidc create \
    --display-name "Example OIDC Server" \
    --server-name "exampledomain.com" \
    --certificate-path [PATH] \
    --certificate-chain-path [PATH] \
    --private-key-path [PATH] \
    --manage-certificate-and-key \
    --support-contact "Test User" \
    --support-email "testuser@test.com"
  • Quickstart Guide
  • Installation Guide
  • Data Access Admin Guide
  • Domain Guide
  • Domain Migration to gaccess.io
  • HTTPS Access to Collections
  • Identity Mapping Admin Guide
  • Globus OIDC Installation Guide
  • Troubleshooting Guide
  • Command-Line Reference
    • Command summary
    • Audit
      • Load
      • Query
      • Dump
    • Endpoint
      • Setup
      • Show
      • Update
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription ID
      • Cleanup
      • Key Convert
      • Domain
      • Role
      • Upgrade
    • OIDC
      • Create
      • Delete
      • Register
      • Show
      • Update
    • Node
      • Create
      • Disable
      • Enable
      • New Secret
      • Setup
      • List
      • Show
      • Update
      • Cleanup
      • Delete
    • Login
    • Session
      • Consent
      • Show
      • Update
    • Whoami
    • Logout
    • Storage Gateway
      • Create
      • List
      • Show
      • Update
      • Delete
    • Collection
      • Create
      • List
      • Show
      • Batch Delete
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription Admin Verified Collection Property
      • Update
      • Delete
      • Domain
      • Check
      • Role
    • Auth Policy
      • Create
      • List
      • Show
      • Update
      • Delete
    • Sharing Policy
      • Create
      • List
      • Show
      • Delete
    • User Credentials
      • Activescale Create
      • OAuth Create
      • Delete
      • List
      • S3 Create
      • S3 Keys Add
      • S3 Keys Delete
      • S3 Keys Update
    • Self Diagnostic
  • Globus Connect Server Manager API
    • Authorization
    • Versioning
    • Endpoint
    • Roles
    • Nodes
    • Storage Gateways
    • Collections
    • User Credentials
    • Domains
    • Sharing Policies
  • API Access for Portals
  • Automated Endpoint Deployment
  • Data Access Application Guide
  • Application Migration Guide
  • Change Log
© 2010- The University of Chicago Legal Privacy Accessibility