Re: Cloudfoundry UAA / Questions
Filip Hanik
1. For users created in UAA database, are there any policies we could
apply regarding password expiry/strength of the password/lockout on repeated retry failures etc..? Currently there is a password score calculator. There is a feature being implemented for a more clearly configurable password strength. Expect it to be in the next release. Lockout is implemented, and will also be configurable in the next release. 2. Is there any pluggable mechanism for user creation in UAA that we could use to create them say in AD – instead of in UAA user database? The UAA can integrate with LDAP (AD) or with SAML IDPs. When you use one of these authentication mechanism, a shadow account will be created in the UAA. These users will only be able to authenticate against their respective identity providers. 3. Is there any work/pocs done on UAA integration with Shibboleth Identity provider to have federated identity? I.e. Integration with identity providers behind firewalls? I believe Shibboleth is a SAML v2 provider, so it should be able to be configured like any other provider. 4. Is UAA HA/DR capable if the underlying user database is replicated? Basically does it boil down to underlying UAA database HA/DR and any tenants identity provider’s HA/DR capability? Yes, that is how we run our UAA in production. It's backed by a HA/DR database. 5. Other than notion of Zones/Multi-tenants are there any advantages of using UAA over plain Spring Security OAuth2/Spring Cloud Security? Yes, most of the work has already been done for you. On Sat, May 30, 2015 at 11:58 AM, Reddy, Satyapal <satyapal.reddy(a)emc.com> wrote: Looking into using UAA and have couple of questions:
|
|