Globus Connect Server Administration Guides
  • Quickstart Guide
  • Installation Guide
  • Data Access Admin Guide
  • Domain Guide
  • HTTPS Access to Collections
  • Identity Mapping Admin Guide
  • Globus OIDC Installation Guide
  • Troubleshooting Guide
  • Command-Line Reference
    • Command summary
    • Audit
      • Load
      • Query
      • Dump
    • Endpoint
      • Setup
      • Show
      • Update
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription ID
      • Cleanup
      • Key Convert
      • Domain
      • Role
      • Upgrade
    • OIDC
      • Create
      • Delete
      • Register
      • Show
      • Update
    • Node
      • Create
      • Disable
      • Enable
      • New Secret
      • Setup
      • List
      • Show
      • Update
      • Cleanup
      • Delete
    • Login
    • Session
      • Consent
      • Show
      • Update
    • Whoami
    • Logout
    • Storage Gateway
      • Create
      • List
      • Show
      • Update
      • Delete
    • Collection
      • Create
      • List
      • Show
      • Batch Delete
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription Admin Verified Collection Property
      • Update
      • Delete
      • Domain
      • Check
      • Role
    • Auth Policy
      • Create
      • List
      • Show
      • Update
      • Delete
    • Sharing Policy
      • Create
      • List
      • Show
      • Delete
    • User Credentials
      • Activescale Create
      • OAuth Create
      • Delete
      • List
      • S3 Create
      • S3 Keys Add
      • S3 Keys Delete
      • S3 Keys Update
    • Self Diagnostic
  • Globus Connect Server Manager API
    • Authorization
    • Versioning
    • Endpoint
    • Roles
    • Nodes
    • Storage Gateways
    • Collections
    • User Credentials
    • Domains
    • Sharing Policies
  • API Access for Portals
  • Automated Endpoint Deployment
  • Data Access Application Guide
  • Application Migration Guide
  • Change Log
Skip to main content
Globus Docs
  • APIs
    Auth Flows Groups Search Timers Transfer Globus Connect Server Compute Helper Pages
  • Applications
    Globus Connect Personal Globus Connect Server Premium Storage Connectors Compute Command Line Interface Python SDK JavaScript SDK
  • Guides
  • Support
    FAQs Mailing Lists Contact Us Check Support Tickets
  1. Home
  2. Globus Connect Server
  3. v5.4
  4. Command-Line Reference
  5. OIDC
  6. Create

Globus Connect Server OIDC Create

Name

globus-connect-server oidc create - Create a Globus OIDC server for the endpoint

Synopsis

globus-connect-server oidc create --display-name DISPLAY_NAME --server-name [FULLY_QUALIFIED_SERVER_NAME] --certificate-path [CERT_PATH] --certificate-chain-path [CHAIN_PATH] --private-key-path [PRIVATE_KEY_PATH] --manage-certificate-and-key [TRUE_OR_FALSE] [OPTIONS]…​

Description

The globus-connect-server oidc create command provides a command-line interface for adding a Globus OIDC server to an endpoint. This command should be run once on any data transfer node that has been set up with node setup, and it will create the configuration for the remaining nodes.

The display name, and support contact information are required to run the command. A custom PAM module - which is set to login if not specified - can be set with --pam-service.

The OIDC server can be configured to use either a domain, certificate, and key supplied by the --server-name, --certificate-path, --certificate-chain-path, and --private-key-path options, or it can use a subdomain of the endpoint domain by using the --quickstart-server-name option.

A Globus OIDC server can not be created on an endpoint that has an OIDC registration.

Options

-h, --help

Show a help message and exit.

--version

Show the version and exit.

--display-name DISPLAY_NAME (required)

The display name for the OIDC server. This will be displayed on the login page when the user attempts to sign in. Note that this is limited to 64 characters.

--quickstart-server-name [HOSTNAME_LABEL]

Unqualified domain name for the OIDC service, when configuring it to use a subdomain of the endpoint’s domain. This cannot be used in conjunction with the --server-name, --certificate-path, --certificate-chain-path, -private-key-path, or --manage-certificate-and-key parameters.

--server-name [FULLY_QUALIFIED_SERVER_NAME]

Fully-qualified domain name for the OIDC service.

--certificate-path [CERT_PATH]

Full path to the certificate for the virtual host for the OIDC service.

--certificate-chain-path [CHAIN_PATH]

Full path to the certificate chain for the virtual host for the OIDC service.

--private-key-path [PRIVATE_KEY_PATH]

Full path to the private key for the virtual host for the OIDC service.

--manage-certificate-and-key

If specified the certificate and key will be encrypted and synchronized between data transfer nodes; if not passed, you are responsible for ensuring that the certificate, chain, and key files are present on each data transfer node.

--support-contact SUPPORT_CONTACT (required)

The support contact name for the OIDC server. This is required by Globus Auth.

--support-email SUPPORT_EMAIL (required)

The support contact email for the OIDC server. This is required by Globus Auth and is shown on the login screen in the event that a user requires support contact information.

-p, --pam-service PAM_SERVICE

The PAM module to use when authenticating the user. This is set to login if omitted.

Example

This invocation creates a Globus OIDC server, setting the display name to "Example OIDC Server" and the support contact is configured to "Test User" with an email address of "testuser@test.com".

globus-connect-server oidc create \
    --display-name "Example OIDC Server" \
    --server-name "exampledomain.com" \
    --certificate-path [PATH] \
    --certificate-chain-path [PATH] \
    --private-key-path [PATH] \
    --manage-certificate-and-key \
    --support-contact "Test User" \
    --support-email "testuser@test.com"
  • Quickstart Guide
  • Installation Guide
  • Data Access Admin Guide
  • Domain Guide
  • HTTPS Access to Collections
  • Identity Mapping Admin Guide
  • Globus OIDC Installation Guide
  • Troubleshooting Guide
  • Command-Line Reference
    • Command summary
    • Audit
      • Load
      • Query
      • Dump
    • Endpoint
      • Setup
      • Show
      • Update
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription ID
      • Cleanup
      • Key Convert
      • Domain
      • Role
      • Upgrade
    • OIDC
      • Create
      • Delete
      • Register
      • Show
      • Update
    • Node
      • Create
      • Disable
      • Enable
      • New Secret
      • Setup
      • List
      • Show
      • Update
      • Cleanup
      • Delete
    • Login
    • Session
      • Consent
      • Show
      • Update
    • Whoami
    • Logout
    • Storage Gateway
      • Create
      • List
      • Show
      • Update
      • Delete
    • Collection
      • Create
      • List
      • Show
      • Batch Delete
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription Admin Verified Collection Property
      • Update
      • Delete
      • Domain
      • Check
      • Role
    • Auth Policy
      • Create
      • List
      • Show
      • Update
      • Delete
    • Sharing Policy
      • Create
      • List
      • Show
      • Delete
    • User Credentials
      • Activescale Create
      • OAuth Create
      • Delete
      • List
      • S3 Create
      • S3 Keys Add
      • S3 Keys Delete
      • S3 Keys Update
    • Self Diagnostic
  • Globus Connect Server Manager API
    • Authorization
    • Versioning
    • Endpoint
    • Roles
    • Nodes
    • Storage Gateways
    • Collections
    • User Credentials
    • Domains
    • Sharing Policies
  • API Access for Portals
  • Automated Endpoint Deployment
  • Data Access Application Guide
  • Application Migration Guide
  • Change Log
© 2010- The University of Chicago Legal Privacy Accessibility