Logging in to a Developer Portal server
You log in to a management server from the command line by using the
login command. The parameters that you supply determine the identity provider that is used
to authenticate the supplied user ID, and the scope of the tasks that can be performed after
successful log in.
To log in to the Developer Portal server from the command line, enter the following command:
apic login --server mgmt_endpoint_url --username user_id --password password --realm realm
The parameters for the
apic logincommand are as follows:
- Either the platform API endpoint URL, or the consumer API endpoint URL. Use the platform API endpoint URL if you are logging in as a member of a cloud administration organization or provider organization, and the consumer API endpoint URL if you are logging in as a member of a consumer organization. These endpoint URLs are configured during the installation of API Connect, as described in Installing the Management subsystem into a Kubernetes environment and Deploying the Management subsystem in a VMware environment. If you have access to the Cloud Manager user interface, you can view the configured endpoint URLs as described in Viewing platform and UI endpoints, ignoring any segments at the end of the displayed URLs. If you are not sure of the endpoint URL, ask your administrator.
- The user ID you want to log in with.
- The password associated with the supplied user ID.
- The realm parameter specifies the identity provider that is used to
authenticated the supplied user ID, and the scope of the tasks that can be performed after
successful log in.The format of the realm depends on the type of user, as follows:
If you want to log in as a member of the cloud administration organization, or as a member of a provider organization, you can help determine which identity provider to use in the
- Member of the cloud administration
- Member of a provider
- Member of a consumer
where provider_org is the name of your provider organization, and catalog is the name of the Catalog in that provider organization.
consumer:provider_org:catalog/identity_providerImportant: If you log in to the CLI as a member of a consumer organization, you must supply the
--mode=consumerparameter to the
apic logincommand, and to all consumer commands. To avoid having to type the parameter every time, you can set the
modeconfiguration variable, by entering the following command:
apic config:set mode=consumer
--realmparameter by entering the following command to see a list of all available identity providers (you do not need to be logged in to use this command):
where scope has the value
apic identity-providers:list --scope scope --server mgmt_endpoint_url --fields title,realm
providerdepending on whether you want to log in as a member of the cloud administration organization, or as a member of a provider organization. The output lists the names and titles of all identity providers, for example:
apic identity-providers:list --scope admin --server myserver.com --fields title,realm total_results: 2 results: - title: Cloud Manager User Registry realm: admin/default-idp-1 - title: Corporate LDAP user registry realm: admin/corporate-ldap
titlevalue should enable you to determine which identity provider to use; you can then copy the corresponding
--realmparameter directly from the displayed
realmvalue. For any identity providers that were created by your administrator after API Connect was installed, the names will have been determined at creation time. The default Cloud Manager Local User Registry for login as a member of the cloud administration organization is
default-idp-1, and the default API Manager Local User Registry for login as a member of a provider organization is
default-idp-2.By default, API Connect creates a local user registry for user login for every context. The identity providers associated with these default registries are as follows:
Registry Identity provider name Cloud Manager Local User Registry (for login as a member of the cloud administration organization) default-idp-1 API Manager Local User Registry (for login as a member of a provider organization) default-idp-2 Sandbox Catalog User Registry (for login as a member of a consumer organization) sandbox-idp
If you want to log in as a member of a consumer organization, and you are not using the default Sandbox Catalog User Registry, ask your administrator for the name of your identity provider.
- Member of the cloud administration organization:
Obtaining your organization information
You need to know some information about your organization as this needed as input for some of the Developer Portal CLI commands.
apic orgs:get -s mgmt_endpoint_url <org_name>
To log out of a management server, use the following command:
apic logout --server mgmt_endpoint_url