The NSX Advanced Load Balancer supports single sign-on (SSO) to the NSX Advanced Load Balancer Controller UI using Security Assertion Markup Language (SAML). However, during debugging or even normal day-to-day operations, there is often a need to access the Controller’s CLI using SSH. SAML credentials cannot be used to login to the CLI.

To access the Controller through SSH, a registered user must have a valid token. Once a token has been created, one can initiate an SSH connection to the Controller using cli as the SSH user. A CLI shell will be created. Once the shell has been created, a login prompt will be presented. Provide the required username and the token as the password. This topic explains the process needed to configure a service account for use on an NSX Advanced Load Balancer SaaS Controller.

Generate the Authorization Token

  1. Log in to the NSX Advanced Load Balancer UI.

  2. Click the three dots in the dashboard.



  3. Click Generate Token.



    A pop-up screen appears as shown below:


  4. Enter the Lifetime for the token’s validity in hours.



    Note:

    1. To generate a single use token, enter 0.

    2. The maximum value that can be entered in this field is 87600 hours.

    3. In case another token is generated before the first one expires, the first token still remains valid.

  5. Click Generate. The token is generated for your Service Account.



  6. Save this token for your automation or API usage.

  7. To test your credentials use the following Python code using the Requests library.

    import requests
import urllib3
   
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
   
data = {
  'username': '<service account name>',
  'password': '<your token that was generated in step 5>
}
login = requests.post('https://<your controller name>.saas.avinetworks.com/login', verify=False, data=data)
print(login.status_code)

    The status code 200 is returned for a successful query, and the status code 401 is returned for the failed query.