Re: can't login with cf CLI but the UAAC tool works

Filip Hanik

Minimalist defaults are in the UAA repo (uaa.yml and login.yml)

Yaml is very sensitive to indentation. So hand crafting it may become a bit

If you want the UAA to provide all default values (including
admin/adminsecret client and cf/<blank password> client, then don't add any
uaa.yml config file at all. Just start up UAA with it's defaults.
It will suck in client defaults from


On Fri, Sep 4, 2015 at 2:05 PM, kyle havlovitz <kylehav(a)> wrote:

is there an example somewhere of a minimalist working config for them? I'm
going through at the moment and trying to make mine resemble the config

I'm also defining a test admin user in the scim users section

On Fri, Sep 4, 2015 at 4:00 PM, Filip Hanik <fhanik(a)> wrote:

ok, that tells me that your configuration of the UAA clients is incorrect

On Fri, Sep 4, 2015 at 1:44 PM, kyle havlovitz <kylehav(a)> wrote:

ok so the 'uaac token client get' fails, and the error is 'Bad

On Fri, Sep 4, 2015 at 3:33 PM, Filip Hanik <fhanik(a)> wrote:

ok, so we can validate that

uaac target http://localhost:8080
uaac token client get admin -s <your admin client secret>
uaac clients

Should show your 'cf' client in the list

then we can do

uaac token owner get cf <username> -s "" -p <user password>

and if that works, we can take it to the next step

On Fri, Sep 4, 2015 at 1:26 PM, kyle havlovitz <kylehav(a)>

I started the uaa by building from the tagged version in cf-release
v215 and running it via tomcat with a custom config file, but I didn't
specify a database. I have both a cf and admin section in the uaa clients


id: cf
override: true
authorized-grant-types: password,implicit,refresh_token
authorities: uaa.none
secret: 'xxxxxxxxxx'


id: admin
authorized-grant-types: client_credentials
scope: read,write,password
resource-ids: clients
secret: 'xxxxxxxxxx'

On Fri, Sep 4, 2015 at 3:09 PM, Filip Hanik <fhanik(a)> wrote:

ok, so the URL you have is /oauth/token, that's fine. your trace


indicating that there is a misconfiguration somewhere, but we can fix
that later.

How did you start the UAA? Are you sure that your UAA has a client
named 'cf' in its database?

On Fri, Sep 4, 2015 at 1:05 PM, kyle havlovitz <kylehav(a)>

Running that command against /uaa/oauth/token gives just a redirect
to /login. Doing it with /oauth/token gives a 401 unauthorized, same as the
cf cli.

What do you mean by deploy it as root "/"? As in, a override the url
it hosts the endpoints at?

Join to automatically receive all group messages.