|
Uaa.log
You can control logging in the log4j configuration file.
You can control logging in the log4j configuration file.
|
By
Filip Hanik
· #8834
·
|
|
[EXTERNAL MESSAGE] Re: [cf-dev] Using SAML 2 Bearer token with our own UAA Server
#uaa
probably https:// and not http://
probably https:// and not http://
|
By
Filip Hanik
· #8808
·
|
|
[EXTERNAL MESSAGE] Re: [cf-dev] Using SAML 2 Bearer token with our own UAA Server
#uaa
It's been a while since I dug into that code, but I think the Recipient should match the URL you're posting the message to, which is: http://<host>/uaa/oauth/token/alias/cloudfoundry-saml-login-dev Fi
It's been a while since I dug into that code, but I think the Recipient should match the URL you're posting the message to, which is: http://<host>/uaa/oauth/token/alias/cloudfoundry-saml-login-dev Fi
|
By
Filip Hanik
· #8807
·
|
|
Using SAML 2 Bearer token with our own UAA Server
#uaa
1. Take a look at the endpoint `/saml/metadata` on your server. For example https://login.run.pivotal.io/saml/metadata In the metadata, take a look at: urn:oasis:names:tc:SAML:2.0:bindings:URI binding
1. Take a look at the endpoint `/saml/metadata` on your server. For example https://login.run.pivotal.io/saml/metadata In the metadata, take a look at: urn:oasis:names:tc:SAML:2.0:bindings:URI binding
|
By
Filip Hanik
· #8805
·
|
|
Using SAML 2 Bearer token with our own UAA Server
#uaa
Assertion can be signed, encrypted(name ID) or both. Unsigned and Unencrypted is not recommended. Filip
Assertion can be signed, encrypted(name ID) or both. Unsigned and Unencrypted is not recommended. Filip
|
By
Filip Hanik
· #8803
·
|
|
Using SAML 2 Bearer token with our own UAA Server
#uaa
The SAML 2 Bearer Grant expects an Assertion XML in the parameter `assertion` You are currently passing a `Response` XML data instead. Correct: <saml:Assertion> Incorrect: <samlp:Response> https://doc
The SAML 2 Bearer Grant expects an Assertion XML in the parameter `assertion` You are currently passing a `Response` XML data instead. Correct: <saml:Assertion> Incorrect: <samlp:Response> https://doc
|
By
Filip Hanik
· #8800
·
|
|
Using a TLS connection to the MySQL database
#uaa
You’re welcome. Covered in a later section https://dev.mysql.com/doc/connector-j/5.1/en/connector-j-reference-using-ssl.html
You’re welcome. Covered in a later section https://dev.mysql.com/doc/connector-j/5.1/en/connector-j-reference-using-ssl.html
|
By
Filip Hanik
· #8704
·
|
|
Using a TLS connection to the MySQL database
#uaa
MySQL TLS is enabled through the JDBC URL of the MySQL driver. For example, if you are deploying the UAA using Bosh, it generates the JDBC URL based on your configuration, and inserts that into uaa.ym
MySQL TLS is enabled through the JDBC URL of the MySQL driver. For example, if you are deploying the UAA using Bosh, it generates the JDBC URL based on your configuration, and inserts that into uaa.ym
|
By
Filip Hanik
· #8702
·
|
|
Running UAA on Kubernetes behind TLS-enabled ingress controller
#uaa
hi Enrique, The port number will not be forced if the appropriate proxy headers are set *AND* the request comes from a trusted IP (Tomcat's RemoteIpValve) ie, the HttpServletRequest.getScheme does not
hi Enrique, The port number will not be forced if the appropriate proxy headers are set *AND* the request comes from a trusted IP (Tomcat's RemoteIpValve) ie, the HttpServletRequest.getScheme does not
|
By
Filip Hanik
· #8687
·
|
|
Running UAA on Kubernetes behind TLS-enabled ingress controller
#uaa
request.getScheme() can return https properly if you configure the web server (Tomcat/Jetty) to trust the headers X-Forwarded-Proto based on the IP address of the proxy server. If you're using uaa-rel
request.getScheme() can return https properly if you configure the web server (Tomcat/Jetty) to trust the headers X-Forwarded-Proto based on the IP address of the proxy server. If you're using uaa-rel
|
By
Filip Hanik
· #8679
·
|
|
Proposal for weighted routing user experience in Cloud Foundry
Use case: I want v1-stable to receive 5 times more traffic than each individual upgrade version I deploy Phase 1: Deploy alpha 1 Proposed (sum MUST add up to a 100): v1-stable: 83 v2-alpha1: 17 Sugges
Use case: I want v1-stable to receive 5 times more traffic than each individual upgrade version I deploy Phase 1: Deploy alpha 1 Proposed (sum MUST add up to a 100): v1-stable: 83 v2-alpha1: 17 Sugges
|
By
Filip Hanik
· #8152
·
|
|
Proposal for weighted routing user experience in Cloud Foundry
aaarrgh, there is a bug in my psuedo code clusterWeight = [v1,v1,v1,v1,v1,v1,v2,v2,v2,v3,v3] should be clusterWeight = [v1,v1,v1,v1,v1,v1,v2,v2,v2,v3,v4] Full solution: Implementation: "Randomized Rou
aaarrgh, there is a bug in my psuedo code clusterWeight = [v1,v1,v1,v1,v1,v1,v2,v2,v2,v3,v3] should be clusterWeight = [v1,v1,v1,v1,v1,v1,v2,v2,v2,v3,v4] Full solution: Implementation: "Randomized Rou
|
By
Filip Hanik
· #8148
·
|
|
Proposal for weighted routing user experience in Cloud Foundry
I put a long comment in the doc, maybe comments are good for short notes. here is the spiel "The sum of weights must add to 100" I would say this is where being user friendly ends. If I add reviews-v4
I put a long comment in the doc, maybe comments are good for short notes. here is the spiel "The sum of weights must add to 100" I would say this is where being user friendly ends. If I add reviews-v4
|
By
Filip Hanik
· #8147
·
|
|
Database support for UAA
hi Enrique, UAA used to ship with Oracle compatibility back in 2012. Licensing issues can be overcome from a shipping standpoint since UAA only needs to ship with the JDBC library What became problema
hi Enrique, UAA used to ship with Oracle compatibility back in 2012. Licensing issues can be overcome from a shipping standpoint since UAA only needs to ship with the JDBC library What became problema
|
By
Filip Hanik
· #8048
·
|
|
Feedback request: Disable logging Client IP’s in the Gorouter logs for compliance with the EU General Data Protection Regulation (GDPR)
having a property to disable one single header logging sounds like overkill. what if I want to disable other headers Is the gorouter not using an "Access Log Format" string that effectively lets you c
having a property to disable one single header logging sounds like overkill. what if I want to disable other headers Is the gorouter not using an "Access Log Format" string that effectively lets you c
|
By
Filip Hanik
· #7858
·
|
|
New UAA user doesn't have cloud_controller permission
Works for me when I do git clone https://github.com/cloudfoundry/uaa.git cd uaa ./gradlew run <in another terminal> curl -u "cf:" --data "grant_type=password&username=marissa&password=koala" http://lo
Works for me when I do git clone https://github.com/cloudfoundry/uaa.git cd uaa ./gradlew run <in another terminal> curl -u "cf:" --data "grant_type=password&username=marissa&password=koala" http://lo
|
By
Filip Hanik
· #7494
·
|
|
Adding client to uaa shows insufficient scope
the UAAC target should be whichever UAA you wish to manage Filip wrote:
the UAAC target should be whichever UAA you wish to manage Filip wrote:
|
By
Filip Hanik
· #7436
·
|
|
Adding client to uaa shows insufficient scope
Here is a video that in detail explains OAuth concepts https://goo.gl/EhH5E2 means you're trying to invoke an endpoint that requires the above scopes and your token does not have the correct scopes if
Here is a video that in detail explains OAuth concepts https://goo.gl/EhH5E2 means you're trying to invoke an endpoint that requires the above scopes and your token does not have the correct scopes if
|
By
Filip Hanik
· #7432
·
|
|
Gradlew run got stuck at 97% cargorunlocal
you're welcome. It will help others searching this list if you post what your solution was. Filip wrote:
you're welcome. It will help others searching this list if you post what your solution was. Filip wrote:
|
By
Filip Hanik
· #7429
·
|
|
Gradlew run got stuck at 97% cargorunlocal
"./gradlew run" run - is a gradle task. That task doesn't exit until you Ctrl+C. If it exited, you wouldn't have a running process "./gradlew run" is a convenience quick start mechanism. Otherwise you
"./gradlew run" run - is a gradle task. That task doesn't exit until you Ctrl+C. If it exited, you wouldn't have a running process "./gradlew run" is a convenience quick start mechanism. Otherwise you
|
By
Filip Hanik
· #7427
·
|