We're investigating converting our UAA from a custom fork that integrates with our organization's SSO to the stock UAA using SAML and/or LDAP. We would like to maintain SSO functionalities for our web tools but after doing some reading SAML for the CLI might not work the way we expect it.
In order to log into the CLI when using SAML does it require the user to go to a web page and get a one time login token? cf login --sso? If so, I don't think that will work for our and some CLI deployment automation we do.
Is it possible to configure UAA to use both SAML and LDAP? The CLI could use LDAP and the web use SAML?