You must map your
Dell APEX Navigator client-id to the IdP client-id on the PowerScale system and provide your IdP's OAuth well-known metadata endpoint.
Prerequisites
Ensure that the PowerScale system has already registered trust with
Dell APEX Navigator.
Steps
Retrieve the client-id for
Dell APEX Navigator on the PowerScale system using the OneFS Postman Collection provided earlier in this guide.
Send the
Create OneFS Session POST request with the username and password of your system set in the request body.
POST /session/1/session HTTP/1.1
Host: {{cluster-ip-address}}:8080
Content-Type: application/json
Authorization: Bearer {{dci-jwt}}
Example request:
{
"username": "root",
"password": "Dell@123!",
"services": ["namespace","platform"]
}
Send the
Get Oauth ClientID GET request to view all the OAuth clients on the system.
Find the last entry in the returned list which is the most recently created client-id through the trust registration and open the
OAuth2 Token Exchange POST request.
POST https://{{host}}:8080/platform/19/auth/oauth/oauth2-token-exchanges
Example request:
{
"oauth2_client_id":"OAuth-Client-Id from previous step",
"customer_client_id":"IdP App client-id",
"customer_metadata_url":"IdP Oauth Metadata Endpoint"
}
Create an Oauth2-Token-Exchange on the PowerScale cluster by sending a POST request to the
/platform/19/auth/oauth/oauth2-token-exchanges API with a request body as follows: