mc idp ldap accesskey sts-revoke

Required release version

This command is available in AIStor Client RELEASE.2025-03-31T22-38-30Z or later.
The functionality requires AIStor RELEASE.2025-03-27T23-09-45Z or later.

The mc idp ldap accesskey sts-revoke command removes security token service (sts) credentials associated with an account.

Revoke all STS tokens for an account, or specify the type(s) of STS tokens to revoke for an account.

Syntax

Example

The following command removes all STS access tokens for LDAP user bobfisher from the myaistor deployment:

mc idp ldap accesskey sts-revoke myaistor uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io --all

Syntax

The command has the following syntax:

mc [GLOBALFLAGS] admin accesskey sts-revoke                  \
                                 ALIAS                       \
                                 USER | --self               \
                                 --all | --token-type value

Brackets [] indicate optional parameters.
Parameters sharing a line are mutually dependent.
Parameters separated using the pipe | operator are mutually exclusive.

Copy the example to a text editor and modify as-needed before running the command in the terminal/shell.

Parameters

ALIAS

Required

The alias of the AIStor deployment.

USER

Required, unless using the --self flag.

The distinguished name (DN) or short name (uid) of the AIStor LDAP user whose STS tokens you wish to remove.

Mutually exclusive with the --self flag.

--self

Required, unless specifying a USER.

Remove STS tokens for the currently authenticated AIStor LDAP user. The authenticated user for the alias must be an LDAP service account.

Mutually exclusive with specifying a USER.

--all

Required, unless specifying a --token-type.

Remove all STS tokens for the LDAP user.

Mutually exclusive with --token-type.

--token-type

Required, unless using the --all flag.

Specify a revoke type to restrict the revoked STS tokens to only those with the assigned RevokeTokenType. Assign a revoke type to an STS token at time of creation by adding the RevokeTokenType query parameter during the generating API call.

All tokens matching the type are revoked.

Mutually exclusive with --all.

Global Flags

This command supports any of the global flags.

Examples

Revoke STS tokens of type `app-1` for user `bob`

The following command revokes all STS tokens with the RevokeTokenType of app-1 for the user with uid of bobfisher on the AIStor deployment with alias of myaistor.

mc idp ldap accesskey sts-revoke myaistor bobfisher --token-type app-1

Revoke all STS tokens for the authenticated user

The following command revokes all STS tokens for the user authenticated to alias myaistor. The authenticated user must have authenticated with an LDAP service account.

mc idp ldap accesskey sts-revoke myaistor --self --all

Revoke STS tokens of type `app-trial` for the authenticated user

The following command revokes all STS tokens with the RevokeTokenType of app-trial for the authenticated user on the AIStor deployment with alias of myaistor.

mc idp ldap accesskey sts-revoke myaistor -self --token-type app-trial

Behavior

S3 Compatibility

The mc commandline tool is built for compatibility with the AWS S3 API and is tested with AIStor and AWS S3 for expected functionality and behavior.

AIStor provides no guarantees for other S3-compatible services, as their S3 API implementation is unknown and therefore unsupported. While mc commands may work as documented, any such usage is at your own risk.

mc idp ldap accesskey sts-revoke

Syntax

Parameters

ALIAS

USER

--self

--all

--token-type

Global Flags

Examples

Revoke STS tokens of type app-1 for user bob

Revoke all STS tokens for the authenticated user

Revoke STS tokens of type app-trial for the authenticated user

Behavior

S3 Compatibility

Revoke STS tokens of type `app-1` for user `bob`

Revoke STS tokens of type `app-trial` for the authenticated user