Re: UAA SAML2 Federation


Sree Tummidi
 

Hi,
The browser interaction is a must because the actual SAML Auth with the IDP happens via the browser. UAA implements the SAML POST profile which involves a browser.
The code itself is generated as a one time token by the UAA after the SAML auth is complete.

Thanks,
Sree


Sent from my iPad

On Jun 9, 2015, at 6:26 AM, Pablo Alonso Rodriguez <palonsoro(a)gmail.com> wrote:

Ok. I see.

Then, would it be possible to request a temporary access code to the UAA by means of a REST API or another more programmatic way?

What I would like to avoid is our users having to manually copy and paste a code from the browser.

Thank you very much

2015-06-09 13:46 GMT+02:00 Daniel Mikusa <dmikusa(a)pivotal.io>:

On Tue, Jun 9, 2015 at 4:45 AM, Pablo Alonso Rodriguez <palonsoro(a)gmail.com> wrote:
Good morning.

Recently, we have successfully federated the UAA to an external identity provider via SAML2.

However, we are only able to log in via cf login --sso, so that we can get a temporary code by loging in the idp web page.

Is there any way to directly pass the credentials to the identity provider from the cf cli?
I don't think so, I think that's a limitation of SAML. Check out this thread for some more info on this.

http://cf-dev.70369.x6.nabble.com/cf-dev-UAA-SAML-and-LDAP-questions-td62.html

Dan


Thank you in advance.

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.