Re: UAA, SAML, and LDAP questions


Filip Hanik
 

yes, it is entirely possible to run both SAML (as many providers as you
need) and LDAP (single provider).

we are keeping an eye on the SAML ECP profile to make it easier to handle
password grants as well as the CLI itself.

Filip

On Wed, May 13, 2015 at 1:34 PM, Mike Youngstrom <youngm(a)gmail.com> wrote:

We're investigating converting our UAA from a custom fork that integrates
with our organization's SSO to the stock UAA using SAML and/or LDAP. We
would like to maintain SSO functionalities for our web tools but after
doing some reading SAML for the CLI might not work the way we expect it.

In order to log into the CLI when using SAML does it require the user to
go to a web page and get a one time login token? cf login --sso? If so, I
don't think that will work for our and some CLI deployment automation we do.

Is it possible to configure UAA to use both SAML and LDAP? The CLI could
use LDAP and the web use SAML?

Thanks,
Mike

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.