Tag : uaa

GENESIS CF Kit + LDAP Example

Photo by Christopher Paul High on Unsplash Below is an example of using LDAP to back UAA for the Cloud Foundry Kit in Genesis. Comments have been left on each of the params to note where these values come from or to simply set-and-forget the values: # UAA LDAP configurationparams: ldap_spring_profiles: ldap ldap_ssl_certificate: (( vault

Chris Weibel Profile Image

Posted by:
Chris Weibel

Read More ➝
Quickly deploy the UAA to any cloud

The Cloud Foundry UAA is an independent open source project that you can use within your organization to provide user & client authentication and authorization. It has been a stable component of Cloud Foundry itself for more than half a decade. Rather than your team writing their own authentication and authorization subsystem, I recommend giving

Dr Nic Williams Profile Image

Posted by:
Dr Nic Williams

Read More ➝
Configure UAA in CF with SAML as A Service Provider

Before we start going through how to configure UAA in CF with SAML as a Service Provider, let’s make sure we have common terminology. UAA The User Account and Authentication (UAA) is the OAuth2 server used as the identity management service for Cloud Foundry (CF). UAA supports standard protocols such as the Security Assertion Markup

Dr. Xiujiao Gao 高秀娇 Profile Image

Posted by:
Dr. Xiujiao Gao 高秀娇

Read More ➝
Using the /check_token Endpoint in Cloud Foundry’s UAA

The goal of this interaction is to figure out how to use the /check_token endpoint of the UAA to authenticate clients. This is useful if you want to use the UAA to authenticate a particular client (in my case, an AWS Lambda function that calls my API while standing up a CloudFormation stack), as opposed

Jeremy R Budnack Profile Image

Posted by:
Jeremy R Budnack

Read More ➝
BOSH + UAA with Signed Certificates – Part II

In the second part of configuring UAA with BOSH we’ll cover changes which are needed for Health Monitor which may not be obvious from the tutorial found at http://bosh.io/docs/director-users-uaa.html. Part I of this tutorial is here: https://www.starkandwayne.com/blog/bosh-uaa-with-signed-certificates/ Change Health Manager Authentication In your deployment manifest you should have the user and password defined similar to:

Chris Weibel Profile Image

Posted by:
Chris Weibel

Read More ➝
Verify Order of Signed Certificates for UAA + BOSH

In a previous article (https://www.starkandwayne.com/blog/bosh-uaa-with-signed-certificates/) we discovered how to add a multiple/intermediate level signed certificates to UAA on BOSH. Recently I discovered one of my deployments had the certs in the wrong order and a kind gentleman named Thilak showed me how to verify the order of certificates is correct. While the bosh_cli didn’t complain

Chris Weibel Profile Image

Posted by:
Chris Weibel

Read More ➝
BOSH + UAA with Signed Certificates – Part I

Pivotal has done a great job with documenting adding UAA as the authentication and authorization for BOSH instead of relying on local BOSH accounts. This allows you to later integrate with LDAP or SAML later on. The instructions have you generate a series of unsigned certs which works great except now you have to use

Chris Weibel Profile Image

Posted by:
Chris Weibel

Read More ➝