Avi CLI Access to a SAML-Authenticated Avi Controller
Overview
Avi Vantage supports single sign-on (SSO) to the Avi Controller’s UI using Security Assertion Markup Language (SAML). However, during debugging or even normal day-to-day operations, there is often a need to access the Avi Controller’s CLI using SSH. SAML credentials cannot be used to login to the CLI.
To access the Avi Controller via SSH, a registered user must have a valid token. Once a token has been created, one can initiate an SSH connection to the Controller using cli
as the SSH user. A CLI shell will be created. Once the shell has been created, a login prompt will be presented. Provide the required username and the token as the password.
Generate the Authorization Token
- Login to the Avi UI.
-
Click on the three dots in the dashboard.
-
Click on Generate Token.
A pop-up screen appears as shown below: -
Enter the Lifetime for the token’s validity in hours.
- To generate a single use token, enter 0.
- The maximum value that can be entered in this field is 87600 hours.
- In case another token is generated before the first one expires, the first token still remains valid.
-
Click on Generate. The token is generated and displayed as shown below:
- Copy the token to be used for CLI/SSH access.