|
Upgrading to UAA 4.35.0 from UAA 4.30.0 stopped the UAA logging
#uaa
When I was using UAA 4.30.0, UAA used to log a lot of messages which was fine. However, I recently upgraded the UAA to 4.35.0 and the logging stopped working. I deploy UAA by getting the source from g
|
When I was using UAA 4.30.0, UAA used to log a lot of messages which was fine. However, I recently upgraded the UAA to 4.35.0 and the logging stopped working. I deploy UAA by getting the source from g
|
By
Shetty, Viraj S [CTR]
· #8688
·
|
|
Running UAA on Kubernetes behind TLS-enabled ingress controller
#uaa
hi Enrique, The port number will not be forced if the appropriate proxy headers are set *AND* the request comes from a trusted IP (Tomcat's RemoteIpValve) ie, the HttpServletRequest.getScheme does not
|
hi Enrique, The port number will not be forced if the appropriate proxy headers are set *AND* the request comes from a trusted IP (Tomcat's RemoteIpValve) ie, the HttpServletRequest.getScheme does not
|
By
Filip Hanik
· #8687
·
|
|
Running UAA on Kubernetes behind TLS-enabled ingress controller
#uaa
Thank you, Filip. We are not using uaa-release, and we can control the protocol (https). Our issue is that the port number is forced to be 443 when we don't want that to happen. Regards Enrique
|
Thank you, Filip. We are not using uaa-release, and we can control the protocol (https). Our issue is that the port number is forced to be 443 when we don't want that to happen. Regards Enrique
|
By
Enrique Cano
· #8684
·
|
|
Running UAA on Kubernetes behind TLS-enabled ingress controller
#uaa
request.getScheme() can return https properly if you configure the web server (Tomcat/Jetty) to trust the headers X-Forwarded-Proto based on the IP address of the proxy server. If you're using uaa-rel
|
request.getScheme() can return https properly if you configure the web server (Tomcat/Jetty) to trust the headers X-Forwarded-Proto based on the IP address of the proxy server. If you're using uaa-rel
|
By
Filip Hanik
· #8679
·
|
|
Running UAA on Kubernetes behind TLS-enabled ingress controller
#uaa
Hi We are running UAA behind an ingress controller on Kubernetes. The connection to the ingress controller is https on a port other than 443 e.g. 8443. The connection to UAA pod is http. The issue we
|
Hi We are running UAA behind an ingress controller on Kubernetes. The connection to the ingress controller is https on a port other than 443 e.g. 8443. The connection to UAA pod is http. The issue we
|
By
Enrique Cano
· #8677
·
|
|
Using X.509 certificates as a mechanism for OAuth client authentication
#uaa
I do not think UAA currently supports the draft-ietf-oauth-mtls-04 to use a TLS client certificate instead of using client-id/client-secret to authenticate the OAuth client. Is this or something simil
|
I do not think UAA currently supports the draft-ietf-oauth-mtls-04 to use a TLS client certificate instead of using client-id/client-secret to authenticate the OAuth client. Is this or something simil
|
By
brian.sung@...
· #8664
·
|
|
user creation and activation in uaa
#cf
#uaa
#java
Hi all, I want to create users in the cloudfoundary uaa for my web application.I am using the authorization code grant for that instead of redirecting to the client redirected url it is redirecting to
|
Hi all, I want to create users in the cloudfoundary uaa for my web application.I am using the authorization code grant for that instead of redirecting to the client redirected url it is redirecting to
|
By
...
· #8626
·
|
|
Integration of UAA with Kerberos
#uaa
#kerberos
If you don’t have a SAML provider already in place, I would rather use Keycloak. The SAML provider we used was our customer’s Active Directory Federated Services. We used UAA to not have to integrate
|
If you don’t have a SAML provider already in place, I would rather use Keycloak. The SAML provider we used was our customer’s Active Directory Federated Services. We used UAA to not have to integrate
|
By
Camilo Aguilar
· #8623
·
|
|
Integration of UAA with Kerberos
#uaa
#kerberos
Thanks, Camilo, that's very interesting and helpful. So, it's possible to do it, we just need to have a SAML provider integrated with Kerberos, and then we can integrate UAA with that SAML provider, i
|
Thanks, Camilo, that's very interesting and helpful. So, it's possible to do it, we just need to have a SAML provider integrated with Kerberos, and then we can integrate UAA with that SAML provider, i
|
By
Enrique Cano
· #8622
·
|
|
Integration of UAA with Kerberos
#uaa
#kerberos
We had discussions at Orange on how kerberos could help with browser less, password less experience with cf cli. IFAIK this would however indeed imply 1st class kerberos support in both cf cli and uaa
|
We had discussions at Orange on how kerberos could help with browser less, password less experience with cf cli. IFAIK this would however indeed imply 1st class kerberos support in both cf cli and uaa
|
By
Guillaume Berche
· #8618
·
|
|
Integration of UAA with Kerberos
#uaa
#kerberos
FWIW, I'm using UAA to federate authentication against a SAML provider that is already integrated with Kerberos. If that’s not possible for you, there is also https://www.keycloak.org/ which supports
|
FWIW, I'm using UAA to federate authentication against a SAML provider that is already integrated with Kerberos. If that’s not possible for you, there is also https://www.keycloak.org/ which supports
|
By
Camilo Aguilar
· #8615
·
|
|
Integration of UAA with Kerberos
#uaa
#kerberos
Hi Enrique, UAA does not support Kerberos today, however, it supports OAuth/OIDC/SAML/LDAP. Thanks, Chao
|
Hi Enrique, UAA does not support Kerberos today, however, it supports OAuth/OIDC/SAML/LDAP. Thanks, Chao
|
By
Chao Wang
· #8614
·
|
|
Integration of UAA with Kerberos
#uaa
#kerberos
Hi Has anyone got any experience integrating UAA with Kerberos? Basically, we are trying to obtain a bearer token from UAA by somehow providing a Kerberos ticket instead of client or user credentials.
|
Hi Has anyone got any experience integrating UAA with Kerberos? Basically, we are trying to obtain a bearer token from UAA by somehow providing a Kerberos ticket instead of client or user credentials.
|
By
Enrique Cano
· #8613
·
|
