Hi Karthik, You can use the UAA Server which is part of CloudFoundry deployment for your App authorization needs. You can also deploy UAA Server stand-alone. Details can be found here : https://github

Dan is right. Also, you can find more details about the configuration to be done on the SiteMinder side here: http://docs.pivotal.io/pivotalcf/opsguide/images/CASM-PivotalCloudFoundryFederationRunbook

UAA Provides an Admin Tool UAAC (written in ruby) to manage Users, Clients and Groups. You can find more information here: https://github.com/cloudfoundry/cf-uaac Thanks, Sree Tummidi Sr. Product Mana

You would need to set up Open AM as a SAML 2.0 Identity Provider and provide the Identity Provider Metadata in the cf-manifest under login->saml->providers section login.saml.providers: description: "

Hi Josh, Rebranding is possible today. This can be done by updating the assets under : https://github.com/cloudfoundry/uaa/blob/master/uaa/src/main/webapp/resources/ As mentioned by Matt below we do h

Yep, this is not supported. Our recommendation is to do consolidation on the LDAP side. -Sree

Hi, The best approach is to use AD LS which can act as a proxy and consolidate the traffic from multiple AD domains https://msdn.microsoft.com/en-us/library/aa705886(v=vs.85).aspx Thanks, Sree Tummidi

Hi All, Starting with *CF Release 220*, we have added OpenID Connect ID Token support in UAA. Currently this feature is *disabled* by default to remain fully backwards compatible. uaa.id_token.disable

Hi Ricky The team is looking into this now. Seems like there has been a lot of back & forth on the email thread and this context has not been captured in the github issue. Thanks, Sree Tummidi Sr. Pro

Hi Anna, We dropped support for Maven build on UAA last year. You would need to do the build conversion locally. Thanks, Sree Sent from my iPhone

Yes, UAA supports both Symmetric & Asymmetric patterns for token signature and verification. My recommendation would be to go for the Asymmetric pattern as this is a standard where signatures are conc

Can you please provide more specifics. If you have encountered an issue , you can log that against the UAA project under Cloud Foundry on Github Thanks, Sree Sent from my iPhone

Hi, The access token that you are passing in the header serves as both a proof of authentication & authorization(scopes allowed) The validation of the request includes checking for the presence of the

Hi all, The UAA team has come with a proposal for handling claims (User Attributes & Group Memberships) from SAML Identity Providers. These claims can be further mapped to CF roles in order to derive

Just wanted to add that we could collaborate on the design front and we are open to pull requests !! -sree Sent from my iPad

Hi, We do have plans to support custom attributes and is a roadmap item. This is however not in the immediate future. Thanks, Sree Sent from my iPhone

On behalf of the entire Identity Team I'm pleased to announce the release of UAA 2.5.1 The highlights of this release include - Multi-tenancy support for SCIM groups & external group mappings - Notifi

Yes, we do plan on mapping ORG & Space Roles to Groups in LDAP or via SAML. At this time , the only scope that can be mapped is cloud_controller.admin as its defined as an OAuth scope for Cloud Contro

I believe there are audit events generated for all these actions which can be captured and forwarded to an SIEM solution like splunk Thanks, Sree Sent from my iPhone

This support is not yet available Thanks, Sree Sent from my iPad