kyle havlovitz <kylehav@...>
Ok, thanks for the helpful links.
I replaced my config with the uaa.yml and login.yml from there and now the
uaac commands from above work and I can run 'uaac token owner get'. I still
can't login to cf with the cli though.
toggle quoted message
Show quoted text
On Fri, Sep 4, 2015 at 4:15 PM, Filip Hanik <fhanik(a)pivotal.io> wrote: Minimalist defaults are in the UAA repo (uaa.yml and login.yml)
https://github.com/cloudfoundry/uaa/tree/master/uaa/src/main/resources
Yaml is very sensitive to indentation. So hand crafting it may become a
bit difficult.
If you want the UAA to provide all default values (including
admin/adminsecret client and cf/<blank password> client, then don't add any
uaa.yml config file at all. Just start up UAA with it's defaults.
It will suck in client defaults from
https://github.com/cloudfoundry/uaa/blob/feature/invitations_flow_by_email_domain/uaa/src/main/webapp/WEB-INF/spring/oauth-clients.xml#L47-L172
Filip
On Fri, Sep 4, 2015 at 2:05 PM, kyle havlovitz <kylehav(a)gmail.com> wrote:
is there an example somewhere of a minimalist working config for them?
I'm going through at the moment and trying to make mine resemble the config
here:
https://github.com/cloudfoundry/cf-release/blob/master/jobs/uaa/templates/uaa.yml.erb
I'm also defining a test admin user in the scim users section
On Fri, Sep 4, 2015 at 4:00 PM, Filip Hanik <fhanik(a)pivotal.io> wrote:
ok, that tells me that your configuration of the UAA clients is incorrect
On Fri, Sep 4, 2015 at 1:44 PM, kyle havlovitz <kylehav(a)gmail.com>
wrote:
ok so the 'uaac token client get' fails, and the error is 'Bad
credentials'
On Fri, Sep 4, 2015 at 3:33 PM, Filip Hanik <fhanik(a)pivotal.io> wrote:
ok, so we can validate that
uaac target http://localhost:8080
uaac token client get admin -s <your admin client secret>
uaac clients
Should show your 'cf' client in the list
then we can do
uaac token owner get cf <username> -s "" -p <user password>
and if that works, we can take it to the next step
On Fri, Sep 4, 2015 at 1:26 PM, kyle havlovitz <kylehav(a)gmail.com>
wrote:
I started the uaa by building from the tagged version in cf-release
v215 and running it via tomcat with a custom config file, but I didn't
specify a database. I have both a cf and admin section in the uaa clients
config:
cf:
id: cf
override: true
authorized-grant-types: password,implicit,refresh_token
authorities: uaa.none
scope:
cloud_controller.read,cloud_controller.write,openid,password.write,cloud_controller.admin,scim.read,scim.write
secret: 'xxxxxxxxxx'
admin:
id: admin
authorized-grant-types: client_credentials
authorities:
clients.read,clients.write,clients.secret,password.write,scim.read,uaa.admin
scope: read,write,password
resource-ids: clients
secret: 'xxxxxxxxxx'
On Fri, Sep 4, 2015 at 3:09 PM, Filip Hanik <fhanik(a)pivotal.io>
wrote:
ok, so the URL you have is /oauth/token, that's fine. your trace
returns
"authorization_endpoint":"http://localhost:8080","token_endpoint":"
http://localhost:8080/uaa"
indicating that there is a misconfiguration somewhere, but we can
fix that later.
How did you start the UAA? Are you sure that your UAA has a client
named 'cf' in its database?
On Fri, Sep 4, 2015 at 1:05 PM, kyle havlovitz <kylehav(a)gmail.com>
wrote:
Running that command against /uaa/oauth/token gives just a redirect
to /login. Doing it with /oauth/token gives a 401 unauthorized, same as the
cf cli.
What do you mean by deploy it as root "/"? As in, a override the
url it hosts the endpoints at?
|
