Logging in to a management server
You log in to a management server from the command line by using the apic
login
command. The parameters that you supply determine the identity provider that is used
to authenticated the supplied user ID, and the scope of the tasks that can be performed after
successful log in.
apic login --server mgmt_endpoint_url --username user_id --password password --realm realm
apic login
command are as follows:- mgmt_endpoint_url
- Either the platform API endpoint URL, or the consumer API endpoint URL. Use the platform API endpoint URL if you are logging in as a member of a cloud administration organization or provider organization, and the consumer API endpoint URL if you are logging in as a member of a consumer organization. These endpoint URLs are configured during the installation of API Connect, as described in Installing the Management subsystem into a Kubernetes environment and Deploying the Management subsystem in a VMware environment. If you have access to the Cloud Manager user interface, you can view the configured endpoint URLs as described in Viewing platform and UI endpoints, ignoring any segments at the end of the displayed URLs. If you are not sure of the endpoint URL, ask your administrator.
- user_id
- The user ID you want to log in with. Depending on the tasks that you want to perform, this user
ID might be any of the following:
- password
- The password associated with the supplied user ID.
- realm
- The realm parameter specifies the identity provider that is used to
authenticated the supplied user ID, and the scope of the tasks that can be performed after
successful log in.The format of the realm depends on the type of user, as follows:
apic login
and you will be
prompted for the values. For
example:apic login
Enter your API Connect credentials
Server? platform-api.myserver.com
Realm? provider/default-idp-2
Username? myuser
Password?
Logged into myserver.com successfully
How to determine the identity provider
apic identity-providers:list --scope scope --server mgmt_endpoint_url --fields name,title
where
scope has the value admin
or provider
depending
on whether you want to log in as a member of the cloud administration organization, or as a member
of a provider organization. The output lists the names and titles of all identity providers, for
example:apic identity-providers:list --scope admin --server myserver.com --fields name,title
total_results: 2
results:
- name: default-idp-1
title: Cloud Manager User Registry
- name: corporate-ldap
title: Corporate LDAP user registry
The title
value should enable you to determine which identity provider to use;
the corresponding name
value is what you specify in the realm
parameter.
For any identity providers that were created by your administrator after API Connect was installed, the names will have been determined at creation time.
Registry | Identity provider name |
---|---|
Cloud Manager Local User Registry (for login as a member of the cloud administration organization) | default-idp-1 |
API Manager Local User Registry (for login as a member of a provider organization) | default-idp-2 |
Sandbox Catalog User Registry (for login as a member of a consumer organization) | sandbox-idp |
If you want to log in as a member of a consumer organization, and you are not using the default Sandbox Catalog User Registry, ask your administrator for the name of your identity provider.
Logging out
apic logout --server mgmt_endpoint_url