Integration of UAA with Kerberos #uaa #kerberos


Enrique Cano
 

Hi

Has anyone got any experience integrating UAA with Kerberos? Basically, we are trying to obtain a bearer token from UAA by somehow providing a Kerberos ticket instead of client or user credentials.

Thanks in advance

Enrique


Chao Wang
 

Hi Enrique,

UAA does not support Kerberos today, however, it supports OAuth/OIDC/SAML/LDAP.  

Thanks,

Chao


Camilo Aguilar
 

FWIW, I'm using UAA to federate authentication against a SAML provider that is already integrated with Kerberos. If that’s not possible for you, there is also 

On Mon, May 20, 2019 at 11:51 AM Chao Wang <chawang@...> wrote:

Hi Enrique,

UAA does not support Kerberos today, however, it supports OAuth/OIDC/SAML/LDAP.  

Thanks,

Chao

--
Camilo Aguilar
Software Engineer



Guillaume Berche
 

We had discussions at Orange on how kerberos could help with browser less, password less experience with cf cli. IFAIK this would however indeed imply 1st class kerberos support in both cf cli and uaa.

That would be interesting to hear if there would be interests in the community.

Guillaume.


Le lun. 20 mai 2019 21:41, Camilo Aguilar <camilo.aguilar@...> a écrit :
FWIW, I'm using UAA to federate authentication against a SAML provider that is already integrated with Kerberos. If that’s not possible for you, there is also 

On Mon, May 20, 2019 at 11:51 AM Chao Wang <chawang@...> wrote:

Hi Enrique,

UAA does not support Kerberos today, however, it supports OAuth/OIDC/SAML/LDAP.  

Thanks,

Chao

--
Camilo Aguilar
Software Engineer



Enrique Cano
 

Thanks, Camilo, that's very interesting and helpful. So, it's possible to do it, we just need to have a SAML provider integrated with Kerberos, and then we can integrate UAA with that SAML provider, is that correct? What SAML provider did you use?

Many thanks

Enrique


Camilo Aguilar
 

If you don’t have a SAML provider already in place, I would rather use Keycloak.

The SAML provider we used was our customer’s Active Directory Federated Services. We used UAA to not have to integrate our apps with SAML and Kerberos, which was our customer’s authentication and authorization solution. 

On Wed, May 29, 2019 at 10:55 AM Enrique Cano <enrique.canocarballar@...> wrote:
Thanks, Camilo, that's very interesting and helpful. So, it's possible to do it, we just need to have a SAML provider integrated with Kerberos, and then we can integrate UAA with that SAML provider, is that correct? What SAML provider did you use?

Many thanks

Enrique

--
Camilo Aguilar
Software Engineer