Re: UAA SAML2 Federation

Sree Tummidi

The browser interaction is a must because the actual SAML Auth with the IDP happens via the browser. UAA implements the SAML POST profile which involves a browser.
The code itself is generated as a one time token by the UAA after the SAML auth is complete.


Sent from my iPad

On Jun 9, 2015, at 6:26 AM, Pablo Alonso Rodriguez <palonsoro(a)> wrote:

Ok. I see.

Then, would it be possible to request a temporary access code to the UAA by means of a REST API or another more programmatic way?

What I would like to avoid is our users having to manually copy and paste a code from the browser.

Thank you very much

2015-06-09 13:46 GMT+02:00 Daniel Mikusa <dmikusa(a)>:

On Tue, Jun 9, 2015 at 4:45 AM, Pablo Alonso Rodriguez <palonsoro(a)> wrote:
Good morning.

Recently, we have successfully federated the UAA to an external identity provider via SAML2.

However, we are only able to log in via cf login --sso, so that we can get a temporary code by loging in the idp web page.

Is there any way to directly pass the credentials to the identity provider from the cf cli?
I don't think so, I think that's a limitation of SAML. Check out this thread for some more info on this.


Thank you in advance.

cf-dev mailing list

cf-dev mailing list
cf-dev mailing list

Join to automatically receive all group messages.