Re: UAA, SAML, and LDAP questions

Mike Youngstrom <youngm@...>

Great! I'll dig in and give it a try then. Thanks Filip!


On Wed, May 13, 2015 at 1:36 PM, Filip Hanik <fhanik(a)> wrote:

yes, it is entirely possible to run both SAML (as many providers as you
need) and LDAP (single provider).

we are keeping an eye on the SAML ECP profile to make it easier to handle
password grants as well as the CLI itself.


On Wed, May 13, 2015 at 1:34 PM, Mike Youngstrom <youngm(a)> wrote:

We're investigating converting our UAA from a custom fork that integrates
with our organization's SSO to the stock UAA using SAML and/or LDAP. We
would like to maintain SSO functionalities for our web tools but after
doing some reading SAML for the CLI might not work the way we expect it.

In order to log into the CLI when using SAML does it require the user to
go to a web page and get a one time login token? cf login --sso? If so, I
don't think that will work for our and some CLI deployment automation we do.

Is it possible to configure UAA to use both SAML and LDAP? The CLI could
use LDAP and the web use SAML?


cf-dev mailing list

Join to automatically receive all group messages.