# How to use the saml2pf9 CLI

## Extract
```
$ tar xvfz saml2pf9_0.2.1_Linux_x86_64.tar.gz
```

## Install
```
$ sudo install ./saml2pf9 /usr/local/bin
$ which saml2pf9
/usr/local/bin/saml2pf9
$
```

## Configure
```
$ saml2pf9 configure --idp-provider=GoogleApps --url=https://cs-jmiller-ddu.platform9.net --username=jmiller@ethzero.cloud --tenant-id=8114b6583377fcd8ea91869
? Please choose a provider: GoogleApps
? PF9 URL https://cs-jmiller-ddu.platform9.net
? PF9 Tenant Id 8114b6583377fcd8ea91869
? Username jmiller@ethzero.cloud

account {
  URL: https://cs-jmiller-ddu.platform9.net
  TenantId: 8114b6583377fcd8ea91869
  Username: jmiller@ethzero.cloud
  Provider: GoogleApps
  MFA: Auto
  SkipVerify: false
}

Configuration saved for IDP account: default
$
```

## Authenticate
```
$ saml2pf9 login --idp-account=default --force --verbose
```

## Create a new kubeconfig
For SSO users, this kubeconfig is valid for 24 hours

```
$ saml2pf9 kubeconfig --skip-prompt > /path/to/kubeconfig
```

Pro Tip: Create a shell alias for the above so that you run it with a simple command

For a kubeconfig that never expires, using an x509 certificate auth, pass the `--force-cert-auth` argument. This requires >= PF9 5.5

```
$ saml2pf9 kubeconfig --skip-prompt --force-cert-auth
```

## Other Options

Take a look at the included `README.md`