Authentication using Frontier CLI

How to Authenticate into Frontier CLI to use Frontier services

OIDC and OAuth2 Logo

Frontier CLI utilizes OIDC and OAuth2 for authentication and authorization for services within the Frontier Management Cluster (FMC). To perform any actions or tasks within the CLI, clients are required to authenticate into their OIDC account respective to their organization. The organization can choose any OIDC provider to be used for their Frontier services. The OIDC provider chosen shall be configured by your organization’s frontier administrator. Federal Frontier recommends using Keycloak.X (powered by Quarkus) due to its cost-savings and performance. At this current time, this Frontier guide will evolve around Keycloak.X for the remainder of this tutorial, but this use-case should be similar across other OIDC providers as well.

Authentication Guide

Log into Frontier CLI

To login to Frontier CLI for use of services, run the following command below:

frontier login

Your default browser should automatically appear and prompt you for your username and password.

OIDC Provider Authentication Screen

You may also be asked to enter a temporary code if your account is linked with two-factor authentication. After you successfully logged into your account, you will be given you access token.

OIDC Provider Authentication Token Screen

If you navigate back the Frontier CLI application, you will be prompt to paste that access token given by your OIDC provider.

OIDC Provider Authentication Success

If the token is valid, you will be successfully authenticated into the Frontier CLI application.

Logout of Frontier CLI

If you wish to logout of the Frontier CLI application, run the following command below. This option will only appear if a user or administrator is authenticated.

frontier logout

You will be logged out of your Frontier account and will no longer have access to using any Frontier services within the CLI application while unauthenticated.

Issues Where Authentication or Re-authentication is Required

Be aware of your expiration time to prevent experiences of potential issues or loss of access to perform tasks within the application. If you experience responses from the CLI similar to these images below, you may be required to re-authenticate into the application to continue use of services.

Frontier CLI Authentication Rejection

OIDC Provider Authentication Rejection

Frontier CLI Authentication Rejection Alternative

OIDC Provider Authentication Rejection Alternative