Globus Connect Server OIDC Create

Name

globus-connect-server oidc create - Create a Globus OIDC server for the endpoint

Synopsis

globus-connect-server oidc create --display-name DISPLAY_NAME --server-name [FULLY_QUALIFIED_SERVER_NAME] --certificate-path [CERT_PATH] --certificate-chain-path [CHAIN_PATH] --private-key-path [PRIVATE_KEY_PATH] --manage-certificate-and-key [TRUE_OR_FALSE] [OPTIONS]…​

Description

The globus-connect-server oidc create command provides a command-line interface for adding a Globus OIDC server to an endpoint. This command should be run once on any data transfer node that has been set up with node setup, and it will create the configuration for the remaining nodes.

The display name, and support contact information are required to run the command. A custom PAM module - which is set to login if not specified - can be set with --pam-service.

The OIDC server can be configured to use either a domain, certificate, and key supplied by the --server-name, --certificate-path, --certificate-chain-path, and --private-key-path options, or it can use a subdomain of the endpoint domain by using the --quickstart-server-name option.

A Globus OIDC server can not be created on an endpoint that has an OIDC registration.

Options

-h, --help

Show a help message and exit.

--version

Show the version and exit.

--display-name DISPLAY_NAME (required)

The display name for the OIDC server. This will be displayed on the login page when the user attempts to sign in. Note that this is limited to 64 characters.

--quickstart-server-name [HOSTNAME_LABEL]

Unqualified domain name for the OIDC service, when configuring it to use a subdomain of the endpoint’s domain. This cannot be used in conjunction with the --server-name, --certificate-path, --certificate-chain-path, -private-key-path, or --manage-certificate-and-key parameters.

--server-name [FULLY_QUALIFIED_SERVER_NAME]

Fully-qualified domain name for the OIDC service.

--certificate-path [CERT_PATH]

Full path to the certificate for the virtual host for the OIDC service.

--certificate-chain-path [CHAIN_PATH]

Full path to the certificate chain for the virtual host for the OIDC service.

--private-key-path [PRIVATE_KEY_PATH]

Full path to the private key for the virtual host for the OIDC service.

--manage-certificate-and-key

If specified the certificate and key will be encrypted and synchronized between data transfer nodes; if not passed, you are responsible for ensuring that the certificate, chain, and key files are present on each data transfer node.

--support-contact SUPPORT_CONTACT (required)

The support contact name for the OIDC server. This is required by Globus Auth.

--support-email SUPPORT_EMAIL (required)

The support contact email for the OIDC server. This is required by Globus Auth and is shown on the login screen in the event that a user requires support contact information.

-p, --pam-service PAM_SERVICE

The PAM module to use when authenticating the user. This is set to login if omitted.

Example

This invocation creates a Globus OIDC server, setting the display name to "Example OIDC Server" and the support contact is configured to "Test User" with an email address of "testuser@test.com".

globus-connect-server oidc create \
    --display-name "Example OIDC Server" \
    --server-name "exampledomain.com" \
    --certificate-path [PATH] \
    --certificate-chain-path [PATH] \
    --private-key-path [PATH] \
    --manage-certificate-and-key \
    --support-contact "Test User" \
    --support-email "testuser@test.com"