kanidm/book/src/client_tools.md

# Client Tools

To interact with Kanidm as an administrator, you'll need to use our command line tools. If you
haven't installed them yet, [install them now](installing_client_tools.md).

## Kanidm configuration

You can configure `kanidm` to help make commands simpler by modifying `~/.config/kanidm` or
`/etc/kanidm/config`.

```toml
uri = "https://idm.example.com"
ca_path = "/path/to/ca.pem"
```

The full configuration reference is in the
[definition of `KanidmClientConfig`](https://kanidm.github.io/kanidm/master/rustdoc/kanidm_client/struct.KanidmClientConfig.html).

Once configured, you can test this with:

```bash
kanidm self whoami --name anonymous
```

## Session Management

To authenticate as a user (for use with the command line), you need to use the `login` command to
establish a session token.

```bash
kanidm login --name USERNAME
kanidm login --name admin
kanidm login -D USERNAME
kanidm login -D admin
```

Once complete, you can use `kanidm` without re-authenticating for a period of time for
administration.

You can list active sessions with:

```bash
kanidm session list
```

Sessions will expire after a period of time. To remove these expired sessions locally you can use:

```bash
kanidm session cleanup
```

To log out of a session:

```bash
kanidm logout --name USERNAME
kanidm logout --name admin
```
fix(docs): filename, header and title mismatch fixes (#2660) 2024-03-20 03:43:33 +01:00			`# Client Tools`
20191202 documentation (#156) Add an initial skeleton and draft of a book, which should be maintained and improved as the server is developed to help guide users. 2019-12-03 07:03:05 +01:00
docs: reformat book and introduce workflow to ensure it stays formatted (#1286) 2022-12-26 23:52:03 +01:00			`To interact with Kanidm as an administrator, you'll need to use our command line tools. If you`
			`haven't installed them yet, [install them now](installing_client_tools.md).`
20191202 documentation (#156) Add an initial skeleton and draft of a book, which should be maintained and improved as the server is developed to help guide users. 2019-12-03 07:03:05 +01:00
Update repo locations and versions in prep for release (#492) 2021-06-25 10:38:45 +02:00			`## Kanidm configuration`
414 clear stale credentials (#447) 2021-05-26 08:11:00 +02:00
docs: reformat book and introduce workflow to ensure it stays formatted (#1286) 2022-12-26 23:52:03 +01:00			You can configure `kanidm` to help make commands simpler by modifying `~/.config/kanidm` or
			`/etc/kanidm/config`.
414 clear stale credentials (#447) 2021-05-26 08:11:00 +02:00
docs: reformat book and introduce workflow to ensure it stays formatted (#1286) 2022-12-26 23:52:03 +01:00			```toml
			`uri = "https://idm.example.com"`
			`ca_path = "/path/to/ca.pem"`
			```
414 clear stale credentials (#447) 2021-05-26 08:11:00 +02:00
Adding kanidm client config docs and notes ref #2248 (#2333) 2023-11-25 00:55:54 +01:00			`The full configuration reference is in the`
			[definition of `KanidmClientConfig`](https://kanidm.github.io/kanidm/master/rustdoc/kanidm_client/struct.KanidmClientConfig.html).

414 clear stale credentials (#447) 2021-05-26 08:11:00 +02:00			`Once configured, you can test this with:`

docs: reformat book and introduce workflow to ensure it stays formatted (#1286) 2022-12-26 23:52:03 +01:00			```bash
			`kanidm self whoami --name anonymous`
			```
414 clear stale credentials (#447) 2021-05-26 08:11:00 +02:00
			`## Session Management`
250 cookie to auth bearer (#321) Fixes #250, replacing cookies with auth-bearer tokens. This is done using fernet with randomised keys each startup. The reason for this is that in the future the size of the auth token may exceed cookie limits, so we must be able to understand and process auth bearer. Additionaly, this lets us store the tokens for say the kanidm cli as reqwest today can't persist a cookie jar. 2020-09-18 05:19:57 +02:00
docs: reformat book and introduce workflow to ensure it stays formatted (#1286) 2022-12-26 23:52:03 +01:00			To authenticate as a user (for use with the command line), you need to use the `login` command to
			`establish a session token.`
250 cookie to auth bearer (#321) Fixes #250, replacing cookies with auth-bearer tokens. This is done using fernet with randomised keys each startup. The reason for this is that in the future the size of the auth token may exceed cookie limits, so we must be able to understand and process auth bearer. Additionaly, this lets us store the tokens for say the kanidm cli as reqwest today can't persist a cookie jar. 2020-09-18 05:19:57 +02:00
docs: reformat book and introduce workflow to ensure it stays formatted (#1286) 2022-12-26 23:52:03 +01:00			```bash
			`kanidm login --name USERNAME`
			`kanidm login --name admin`
1481 2024 access control rework (#2366) Rework default access controls to better separate roles and access profiles. 2023-12-18 00:10:13 +01:00			`kanidm login -D USERNAME`
			`kanidm login -D admin`
docs: reformat book and introduce workflow to ensure it stays formatted (#1286) 2022-12-26 23:52:03 +01:00			```
250 cookie to auth bearer (#321) Fixes #250, replacing cookies with auth-bearer tokens. This is done using fernet with randomised keys each startup. The reason for this is that in the future the size of the auth token may exceed cookie limits, so we must be able to understand and process auth bearer. Additionaly, this lets us store the tokens for say the kanidm cli as reqwest today can't persist a cookie jar. 2020-09-18 05:19:57 +02:00
docs: reformat book and introduce workflow to ensure it stays formatted (#1286) 2022-12-26 23:52:03 +01:00			Once complete, you can use `kanidm` without re-authenticating for a period of time for
			`administration.`
250 cookie to auth bearer (#321) Fixes #250, replacing cookies with auth-bearer tokens. This is done using fernet with randomised keys each startup. The reason for this is that in the future the size of the auth token may exceed cookie limits, so we must be able to understand and process auth bearer. Additionaly, this lets us store the tokens for say the kanidm cli as reqwest today can't persist a cookie jar. 2020-09-18 05:19:57 +02:00
414 clear stale credentials (#447) 2021-05-26 08:11:00 +02:00			`You can list active sessions with:`
20191202 documentation (#156) Add an initial skeleton and draft of a book, which should be maintained and improved as the server is developed to help guide users. 2019-12-03 07:03:05 +01:00
docs: reformat book and introduce workflow to ensure it stays formatted (#1286) 2022-12-26 23:52:03 +01:00			```bash
			`kanidm session list`
			```
20191202 documentation (#156) Add an initial skeleton and draft of a book, which should be maintained and improved as the server is developed to help guide users. 2019-12-03 07:03:05 +01:00
1481 2024 access control rework (#2366) Rework default access controls to better separate roles and access profiles. 2023-12-18 00:10:13 +01:00			`Sessions will expire after a period of time. To remove these expired sessions locally you can use:`
20191202 documentation (#156) Add an initial skeleton and draft of a book, which should be maintained and improved as the server is developed to help guide users. 2019-12-03 07:03:05 +01:00
docs: reformat book and introduce workflow to ensure it stays formatted (#1286) 2022-12-26 23:52:03 +01:00			```bash
			`kanidm session cleanup`
			```
20191202 documentation (#156) Add an initial skeleton and draft of a book, which should be maintained and improved as the server is developed to help guide users. 2019-12-03 07:03:05 +01:00
continuing review of Kanidm book (#775) 2022-05-27 01:07:56 +02:00			`To log out of a session:`
414 clear stale credentials (#447) 2021-05-26 08:11:00 +02:00
docs: reformat book and introduce workflow to ensure it stays formatted (#1286) 2022-12-26 23:52:03 +01:00			```bash
			`kanidm logout --name USERNAME`
			`kanidm logout --name admin`
			```