UAA 3.1.0 Release Announcement

Sree Tummidi

Hi All,

On behalf of the entire Identity team I am pleased to announce the release
of UAA 3.1.0 <>
The UAA bosh release based on this version can be found here

Branding & White-labeling

We have introduced properties for branding the UAA UI Pages. The default
branding is Cloud Foundry. We have also updated the Cloud Foundry brand to
the latest. All Pivotal specific assets & stylesheets have been removed
from the UAA repository.

Below is the branding snippet from UAA.yml for setting the branding
properties. These properties can be bootstrapped from UAA.yml & UAA Release
Manifest (if using the UAA Bosh Release)

companyName: <Company Name>
productLogo: <Enter base64 Encoded Image>
squareLogo: <Enter base64 Encoded Image>
footerLegalText: <This legal text will show up in the footer.>
Terms: /exampleTerms
Privacy Agreement: privacy_example.html

Related Stories

- Apply White-Label Logo to all UAA Screens
- Apply White Label Fav Icon to All UAA Pages
- Apply White-Label Footer to All UAA Screens
- Update the Email Templates to use the Company Name from the White -
Label Properties <>
- Update CF branding

Dynamic Home Page for UAA

This release drops support for login.tile property which has a static list
of tiles displayed under the "Where To"page.
We have added the ability for the "Where To" Page in UAA to be created
dynamically based on OAuth Clients registered with UAA and configured to be
displayed on the home page. This serves as a dynamic SSO Dashboard for all
Identity Zones.

New end-points (oauth/clients/meta) have been introduced to set Launch URL,
Display Icon and Show On Home Page property. These properties can be
bootstrapped from the UAA.yml file & UAA Release Manifest (if using the UAA
Bosh Release)

# Clients
description: "List of OAuth2 clients that the UAA will be bootstrapped with"
id: <test-client>
name: <display_name>
override: true
secret: some-secret
authorities: test_resource.test_action
scope: test_resource.test_action
show-on-homepage: true
app-icon: <Enter base64 encoded image>

Related Stories

- Provide the ability to have a Configurable Home Page for UAA
- Build the UAA Home Page based on applications with showonHomePage
property set to true
- Show Client Name along with Logo on the Where To Page
- oauth/clients/meta needs client name field
<> #### Descriptions
for SCIM Groups & Identity Providers

We have added support for setting user friendly display names for SCIM
groups & Identity Providers. The API's have been updated to support this
operation. The behavior earlier was to set the description for SCIM groups
aka OAuth Scopes in file. This can now be bootstrapped
from UAA.yml & UAA-Release Manifest (if using the UAA Bosh Release)

Below is a snippet from UAA.yml

groups: Read identity zones
zones.write: Create and update identity zones Retrieve identity providers
idps.write: Create and update identity providers
clients.admin: Create, modify and delete OAuth clients
clients.write: Create and modify OAuth clients Read information about OAuth clients
clients.secret: Change the password of an OAuth client

Related Stories

- Provide the ability to set and retrieve description for an Identity
Provider <>
- Display scope descriptions from db
- Provide the ability to add & retrieve descriptions for SCIM Groups
- bootstrap all scope descriptions listed in the UAA documentation into
UAA DB. Right now only 4 are being bootstrapped

Other Minor Features

- Support Wildcards for OAuth Client Redirect URI
- Hide username/password boxes if internal user store is disabled and
there is no ldap provider/ldap provider active.
- Make the IdentityProvider.config a generic
- Introduce a dynamic mechanism to derive which properties are displayed
on the home page <>

Bug Fixes

- Indirect group memberships in a zone are not allowed in tokens
- uaa-release login.yml.erb does not populate the saml private key
- reating duplicate identity provider should return 409 instead of 500
- /Groups/zones should allow creation of groups
- Deleting a zone doesn't delete the cross zone scopes like
zones.{zoneid}.*.* <>
- Excluding Authorities from a access token cause load configuration
error <>
- LoginInfoEndpoint should return login.url
- /passcode link should be based on entityBaseURL
- LoginInfoEndpoint 'uaa' and 'login' (if local) - should be zonified
- LDAP certificate issue

Sree Tummidi
Sr. Product Manager
Identity - Pivotal Cloud Foundry

Join to automatically receive all group messages.