Jumpbox connected with OAUTH

Wouldn’t it be nice to have a jumpbox available for your users without needing to maintain a list of users?

Well, we did it again! And made it happen…
It’s called oauth-jumpbox

So let’s get you up and running…
We are going to use the UAA from BUCC in this example;
if you are not familiar with BUCC check out our blog post here

First, you need a working BUCC

git clone https://github.com/starkandwayne/bucc
cd bucc
bucc up

Upload a cloud-config
cp src/bosh-deployment/warden/cloud-config.yml .
Add another static IP that we are going to use for the oauth-jumpbox
change line 21 in cloud-config.yml

static: []



Upload our edited cloud-config

bosh update-cloud-config cloud-config.yml

Let’s get the latest manifest that is already configured to use the BUCC-UAA
wget https://raw.githubusercontent.com/cloudfoundry-community/oauth-jumpbox-boshrelease/master/manifests/oauth-jumpbox.yml

Upload the lastest stemcell for warden see

bosh deploy oauth-jumpbox.yml -d oauth-jumpbox

If the deployment succeeded, we can retrieve the generated password from CredHub that we need to use when creating the client in the UAA.

credhub get -n /bucc/oauth-jumpbox/client_secret

Take a note of the value and replace MY_SECRET below.

We can now create a client in the UAA.

bucc uaac
uaac client add jumpbox \
     --name jumpbox \
     --scope openid \
     --autoapprove true \
     --authorized_grant_types password,refresh_token \
     --secret "MY_SECRET"

Create a user in the UAA.

bucc uaac
uaac user add [email protected] -p test

Set up routes on your local machines.
bucc routes

Let’s login.
ssh "[email protected]"@

And now you are logged in via the UAA in a busybox container.

We are really exited to hear your opinions or PR’s.

Spread the word

twitter icon facebook icon linkedin icon