Hi All, We did two releases for UAA last week (2.2.5 & 2.2.6). The details of the new features and bug fixes can be found in the release notes. Please reach out in case of further questions *2.2.6 Rel

Hi Aaron, You could potentially use the access token (similar to a personal access token used for GitHub API ) to achieve the CLI automation. The access token can either be retrieved via an authentica

Hi Aaron, ECP Support is a roadmap item at this time and doesn't have a set timeline. Apart from adding ECP SAML SP support on the UAA side, the SAML IDP needs to implement and support this profile as

Hi All, We are pleased to announce the release of UAA 2.3.0. Please find the release details below: *Features* - Updated Spring Versions <https://www.pivotaltracker.com/story/show/93706906>: Spring 4.

Hi Matt, This new wild card route pattern was introduced for multi-tenancy in UAA post merge. Anything before login or uaa in the URL is now treated as a zone subdomain and the zone context is derived

Hi All, The UAA team is in the process of implementing Password Policy feature <https://www.pivotaltracker.com/story/show/82182984> for users stored in UAA. The following properties around password st

On the Password Score feature, I haven't yet received any updates on whether its being used at all. Please let us know if anyone is using the same. Thank you Nick/Steve/Josh for the feedback !! I agre

Hi, The browser interaction is a must because the actual SAML Auth with the IDP happens via the browser. UAA implements the SAML POST profile which involves a browser. The code itself is generated as

*Features* - Update the Identity Provider End Point to save and retrieve Lockout policy per zone <https://www.pivotaltracker.com/story/show/87445084> - Show relevant message after user lockout <https:

This support is not yet available Thanks, Sree Sent from my iPad

I believe there are audit events generated for all these actions which can be captured and forwarded to an SIEM solution like splunk Thanks, Sree Sent from my iPhone

Yes, we do plan on mapping ORG & Space Roles to Groups in LDAP or via SAML. At this time , the only scope that can be mapped is cloud_controller.admin as its defined as an OAuth scope for Cloud Contro

On behalf of the entire Identity Team I'm pleased to announce the release of UAA 2.5.1 The highlights of this release include - Multi-tenancy support for SCIM groups & external group mappings - Notifi

Hi, We do have plans to support custom attributes and is a roadmap item. This is however not in the immediate future. Thanks, Sree Sent from my iPhone

Just wanted to add that we could collaborate on the design front and we are open to pull requests !! -sree Sent from my iPad

Hi all, The UAA team has come with a proposal for handling claims (User Attributes & Group Memberships) from SAML Identity Providers. These claims can be further mapped to CF roles in order to derive

Hi, The access token that you are passing in the header serves as both a proof of authentication & authorization(scopes allowed) The validation of the request includes checking for the presence of the

Can you please provide more specifics. If you have encountered an issue , you can log that against the UAA project under Cloud Foundry on Github Thanks, Sree Sent from my iPhone

Yes, UAA supports both Symmetric & Asymmetric patterns for token signature and verification. My recommendation would be to go for the Asymmetric pattern as this is a standard where signatures are conc

Hi Anna, We dropped support for Maven build on UAA last year. You would need to do the build conversion locally. Thanks, Sree Sent from my iPhone