Re: UAA, SAML, and LDAP questions


Sree Tummidi
 

Hi Aaron,
You could potentially use the access token (similar to a personal access
token used for GitHub API ) to achieve the CLI automation. The access token
can either be retrieved via an authentication to the CLI itself or via UAAC.
Regular users would still continue to use the -sso option.


Thanks,
Sree Tummidi
Sr. Product Manager
Identity - Pivotal Cloud Foundry


On Wed, May 13, 2015 at 1:56 PM, Huber, Aaron M <aaron.m.huber(a)intel.com>
wrote:

That’s the main concern we have as well – we currently need LDAP for the
CLI since SAML doesn’t work in that case, but we’d like SAML for web-based
interactions (SSO in a portal, etc.). But at present it seems like that’s
not possible without the user having to deal with effectively two separate
accounts.



Aaron



*From:* Mike Youngstrom [mailto:youngm(a)gmail.com]
*Sent:* Wednesday, May 13, 2015 1:34 PM
*To:* Filip Hanik
*Cc:* Huber, Aaron M; CF Developers Mailing List
*Subject:* Re: [cf-dev] UAA, SAML, and LDAP questions



Well, that's a bummer. Is there any way around that? Our SAML is backed
by the same LDAP so they are the same user. We can provide a unique ID to
correlate SAML with LDAP users.



Mike



On Wed, May 13, 2015 at 2:28 PM, Filip Hanik <fhanik(a)pivotal.io> wrote:

yes, it would result in two different shadow accounts, differentiated by
the value of the user's origin field







On Wed, May 13, 2015 at 2:08 PM, aaron_huber <aaron.m.huber(a)intel.com>
wrote:

Would the same user logging in via SAML and LDAP result in two different
UAA
user objects with different sources, so that the user would have two
different sets of orgs/spaces/apps?

Aaron



--
View this message in context:
http://cf-dev.70369.x6.nabble.com/cf-dev-UAA-SAML-and-LDAP-questions-tp62p65.html
Sent from the CF Dev mailing list archive at Nabble.com.

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev




_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev



_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.