Deploying UAA in cloud.gov does not work as intended


Shetty, Viraj S [CTR]
 

I are trying to deploy UAA to cloud.gov (based on cloud foundry). Intention is to use that as the Identity management for all applications deployed in cloud.gov.  I followed the steps laid out in 

https://docs.cloudfoundry.org/concepts/architecture/uaa.html#cf

I was able to get the code, build it and deploy locally.  Both below works fine 

uaac target http://localhost:8080/uaa
uaac token client get admin -s adminsecret

Then, I followed the steps to deploy in cloud.gov. I created a manifest file as below 

applications:
- name: fdic-uaa
  memory: 1024M
  disk_quota: 512M
  instances: 1
  buildpacks: 
    - java_buildpack
  routes:
    - route: fdic-uaa-d.app.cloud.gov
  env:
    SPRING_PROFILES_ACTIVE: default
    UAA_URL: https://fdic-uaa-d.app.cloud.gov
    LOGIN_URL: https://fdic-uaa-d.app.cloud.gov

I followed the steps laid out in  "Deploy UAA to Cloud Foundry". After a few updates to uaa.yml file (uncomment SAML Key Configuration and added "encryption" field), i was able to deploy to cloud foundry without errors. Now when i enter the following command its okay (though it gives some error Unknown key: Max-Age = 86400)

uaac target fdic-uaa-d.app.cloud.gov 

But on retrieving the token, i get the error "Bad Credentials" 

uaac token client get admin -s adminsecret
error response:
{
  "error": "unauthorized",
  "error_description": "Bad credentials"
}
attempt to get token failed

The logs gave the following error 

   2018-12-14T16:12:41.55-0500 [APP/PROC/WEB/0] OUT [2018-12-14 21:12:41.557] cloudfoundry-identity-server - ???? [http-nio-8080-exec-3] .... DEBUG --
- ClientDetailsAuthenticationProvider: User 'admin' not found
   2018-12-14T16:12:41.55-0500 [APP/PROC/WEB/0] OUT [2018-12-14 21:12:41.557] cloudfoundry-identity-server - ???? [http-nio-8080-exec-3] ....  INFO --
- Audit: PrincipalAuthenticationFailure ('null'): principal=admin, origin=[167.176.6.240], identityZoneId=[uaa]
   2018-12-14T16:12:41.55-0500 [APP/PROC/WEB/0] OUT [2018-12-14 21:12:41.557] cloudfoundry-identity-server - ???? [http-nio-8080-exec-3] ....  INFO --
- Audit: ClientAuthenticationFailure ('Bad credentials'): principal=admin, origin=[remoteAddress=167.176.6.240, clientId=admin], identityZoneId=[uaa]
   2018-12-14T16:12:41.55-0500 [APP/PROC/WEB/0] OUT [2018-12-14 21:12:41.558] cloudfoundry-identity-server - ???? [http-nio-8080-exec-3] .... DEBUG --
- ClientBasicAuthenticationFilter: Authentication request for failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials

I also tried to add a clients section in the uaa.yml file and still get an error. 

    clients:
      admin:
         secret: <some secret>
         authorized-grant-types: client_credentials
         scope: uaa.none
         authorities: uaa.admin,clients.admin,clients.read,clients.write,clients.secret

Any assistance will be helpful. Is there a reliable documentation on how to deploy UAA int ocloudfoundry ? I am not sure if I need to set some other atrributes in the uaa.yml 

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.