Re: Regarding UAA service

Home Messages Hashtags Subgroups

#5038

Re: Regarding UAA service

Sree Tummidi #5038 Hi Dax, Please use the attributes below for mapping "phone_number" "given_name" "family_name" "email" Thanks, Sree Tummidi Sr. Product Manager Identity - Pivotal Cloud Foundry toggle quoted message Show quoted text On Fri, Jun 3, 2016 at 12:14 AM, Dax Joshi <dax.joshi(a)tcs.com> wrote: Hello Sree, Jonathan, Hope you are doing good. Regarding that issue, it took time but now it seems that we are on right track. while SAML configuration with UAA, previously we didn't included following option : In the new attempt we tried with these.. But it gives 400 Bad Request. Even we tried to map firstname with following 4 different keys "givenName", "givenname" "name":{"givenName"} "name":{"givenname"} But none of that worked. All option gave 400 in Response. When we executed only with "email" from this json, it worked well and now we are getting correct email id from auth_token Can you please tell me what keys should be used to map the first name and last name there ? Thanks & Regards, Dax Joshi Systems Engineer Tata Consultancy Services GARIMA PARK,IT/ITES SEZ, PLOT # 41, Gandhinagar - 382007,Gujarat India Cell:- 9586581656 Mailto: dax.joshi(a)tcs.com Website: http://www.tcs.com ____________________________________________ Experience certainty. IT Services Business Solutions Consulting ____________________________________________ From: Dax Joshi/AHD/TCS To: Sree Tummidi <stummidi(a)pivotal.io> Cc: Jonathan Lo <jlo(a)us.ibm.com>, cf-dev(a)lists.cloudfoundry.org Date: 05/19/2016 02:24 AM Subject: Re: Regarding UAA service ------------------------------ Thanks a lot for your response. We will surely look into it and get back to you. Thanks & Regards, Dax Joshi Systems Engineer Tata Consultancy Services GARIMA PARK,IT/ITES SEZ, PLOT # 41, Gandhinagar - 382007,Gujarat India Cell:- 9586581656 Mailto: dax.joshi(a)tcs.com Website: http://www.tcs.com <http://www.tcs.com/> ____________________________________________ Experience certainty. IT Services Business Solutions Consulting ____________________________________________ -----Sree Tummidi <stummidi(a)pivotal.io> wrote: ----- To: Dax Joshi <dax.joshi(a)tcs.com> From: Sree Tummidi <stummidi(a)pivotal.io> Date: 05/18/2016 08:55PM Cc: Jonathan Lo <jlo(a)us.ibm.com>, cf-dev(a)lists.cloudfoundry.org Subject: Re: Regarding UAA service Hi Dax, This is happening because your SAML has not been set up properly. The email, first name and last name need to be mapped to attributes from the incoming SAML assertion. Please reach out to the Predix team so that they can set the correct attribute mappings. Thanks, Sree Sent from my iPhone On May 17, 2016, at 7:22 PM, Dax Joshi <dax.joshi(a)tcs.com <dax.joshi(a)tcs.com>> wrote: Hi, Any update on this ? Please let me know. I need to solve this issue as soon as possible. Thanks & Regards, Dax Joshi Systems Engineer Tata Consultancy Services GARIMA PARK,IT/ITES SEZ, PLOT # 41, Gandhinagar - 382007,Gujarat India Cell:- 9586581656 Mailto: dax.joshi(a)tcs.com <dax.joshi(a)tcs.com> Website: http://www.tcs.com <http://www.tcs.com/> ____________________________________________ Experience certainty. IT Services Business Solutions Consulting ____________________________________________ From: Dax Joshi/AHD/TCS To: Sree Tummidi <stummidi(a)pivotal.io <stummidi(a)pivotal.io>> Cc: Jonathan Lo <jlo(a)us.ibm.com <jlo(a)us.ibm.com>>, cf-dev(a)lists.cloudfoundry.org <cf-dev(a)lists.cloudfoundry.org> Date: 05/14/2016 10:55 AM Subject: Re: Regarding UAA service ------------------------------ Hi Sree and Jonathan, Thank you very much for your consideration and reply. I am working on predix. I have bind my UAA service with SAML. I use the GE's common login page to login so that using SSO anyone from the same business can use my application. https://<uaa-url>.predix-uaa.run.asv-pr.ice.predix.io/oauth/authorize?client_id=<client-id>&response_type=code <https://489afafd-c6b4-4d81-ae52-e51116af4597.predix-uaa.run.asv-pr.ice.predix.io/oauth/authorize?client_id=ppduaa&response_type=code> Which redirect me to GE's common login page. After successful login SAML is sending user information to https://<uaa-url>.predix-uaa.run.asv-pr.ice.predix.io/saml/SSO/alias/<uaa-url>.cloudfoundry-saml-login <https://489afafd-c6b4-4d81-ae52-e51116af4597.predix-uaa.run.asv-pr.ice.predix.io/saml/SSO/alias/489afafd-c6b4-4d81-ae52-e51116af4597.cloudfoundry-saml-login> While this redirection I have seen in browser network, in encoded format as form data SAML is passing user's correct and full information to UAA. including first name, last name, email, groups, roles etc.. After that UAA service redirects the browser to my landing page which I have set as redirect_uri with one cookie named TS0164a009 and one code in request param. In our application we use that code with /oauth/token service and get the auth_token. After this we use the auth_token with /check_token or /userinfo service of uaa to get the user information. In which we get following json { "user_id": "d9cf7779-744a-407d-a846-36e0570d70d9", "user_name": "sso", "email": "sso(a)unknown.org <sso(a)unknown.org>", "client_id": "client_id", "exp": 1462921362, "scope": [ "scim.me <http://scim.me/>", "openid" ], "jti": "684643f2-a15a-4fca-b9ca-2f9ba2c22f82", "aud": [ "scim", "openid", "ppduaa" ], "sub": "d9cf7779-744a-407d-a846-36e0570d70d9", "iss": " https://<uaa-url>.predix-uaa.run.asv-pr.ice.predix.io/oauth/token" <https://489afafd-c6b4-4d81-ae52-e51116af4597.predix-uaa.run.asv-pr.ice.predix.io/oauth/token%27> , "iat": 1462878162, "cid": "client-id", "grant_type": "authorization_code", "azp": "client_id", "auth_time": 1462878076, "zid": "489afafd-c6b4-4d81-ae52-e51116af4597", "rev_sig": "d8ddc2e6", "origin": "gefssstg" } Here I have replaced uaa-url, sso and client_id with its actual values. You can notice that I am not even receiving correct mail id. it gives @ unknown.org <http://unknown.org/> In this json nothing except sso seems to be useful to me. Please guide me how to get the exact user details from UAA that SAML is passing to it. Let me know if anything else you need. Regards, Dax Joshi Systems Engineer Tata Consultancy Services GARIMA PARK,IT/ITES SEZ, PLOT # 41, Gandhinagar - 382007,Gujarat India Cell:- 9586581656 Mailto: dax.joshi(a)tcs.com <dax.joshi(a)tcs.com> Website: http://www.tcs.com <http://www.tcs.com/> ____________________________________________ Experience certainty. IT Services Business Solutions Consulting ____________________________________________ From: Sree Tummidi <stummidi(a)pivotal.io <stummidi(a)pivotal.io>> To: Jonathan Lo <jlo(a)us.ibm.com <jlo(a)us.ibm.com>> Cc: Dax Joshi <dax.joshi(a)tcs.com <dax.joshi(a)tcs.com>> Date: 05/14/2016 04:01 AM Subject: Re: Regarding UAA service ------------------------------ Hi Dax, Nice to meet you virtually. In the future you can use the cf-dev@ lists.cloudfoundry.org <http://lists.cloudfoundry.org/> for any UAA & CloudFoundry related questions. Can you elaborate on what you are trying to achieve with UAA & SAML Integration and the use-case you have in mind Thanks, Sree Tummidi Sr. Product Manager Identity - Pivotal Cloud Foundry On Fri, May 13, 2016 at 10:50 AM, Jonathan Lo <jlo(a)us.ibm.com <jlo(a)us.ibm.com>> wrote: Hi Dax, Could you provide a bit more detail so that I can better direct your query? As far as I know, you would be able to decode your access token in order to obtain a user id, with which you could then get more user information. I've CCed Sree, our UAA PM, on the email. Regards, Jonathan Sent from my iPhone ------------------------------ On May 13, 2016, 4:30:16 AM, dax.joshi(a)tcs.com <dax.joshi(a)tcs.com> wrote: From: dax.joshi(a)tcs.com <dax.joshi(a)tcs.com> To: jlo(a)us.ibm.com <jlo(a)us.ibm.com> Cc: Date: May 13, 2016 4:30:16 AM Subject: Regarding UAA service Hi Jonathan, This is Dax Joshi From TCS. I found you email from https://github.com/GESoftware-CF/uaa <https://github.com/GESoftware-CF/uaa>. I have a query regarding getting loggedin user details in case of UAA service and SAML Integration. Please let me know if we can talk over phone at your convenient time. Please include other persons in this loop if they can help me. Thanks, Dax Joshi Systems Engineer Tata Consultancy Services GARIMA PARK,IT/ITES SEZ, PLOT # 41, Gandhinagar - 382007,Gujarat India Cell:- 9586581656 <9586581656> Mailto: dax.joshi(a)tcs.com <dax.joshi(a)tcs.com> Website: http://www.tcs.com <http://www.tcs.com/> ____________________________________________ Experience certainty. IT Services Business Solutions Consulting ____________________________________________ =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you attachment.html attachment.html attachment.gif
More All Messages By This Member

View All 3 Messages In Topic

#5038

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.

Home Hashtags Subgroups Terms