Date
1 - 5 of 5
UAA SAML2 Federation
|
Pablo Alonso Rodriguez <palonsoro@...>
Good morning.
Recently, we have successfully federated the UAA to an external identity provider via SAML2. However, we are only able to log in via cf login --sso, so that we can get a temporary code by loging in the idp web page. Is there any way to directly pass the credentials to the identity provider from the cf cli? Thank you in advance. |
|
|
|
Daniel Mikusa
On Tue, Jun 9, 2015 at 4:45 AM, Pablo Alonso Rodriguez <palonsoro(a)gmail.com>
wrote: Good morning.I don't think so, I think that's a limitation of SAML. Check out this thread for some more info on this. http://cf-dev.70369.x6.nabble.com/cf-dev-UAA-SAML-and-LDAP-questions-td62.html Dan
|
|
|
|
Pablo Alonso Rodriguez <palonsoro@...>
Ok. I see.
toggle quoted message
Show quoted text
Then, would it be possible to request a temporary access code to the UAA by means of a REST API or another more programmatic way? What I would like to avoid is our users having to manually copy and paste a code from the browser. Thank you very much 2015-06-09 13:46 GMT+02:00 Daniel Mikusa <dmikusa(a)pivotal.io>:
|
|
|
|
Sree Tummidi
Hi,
toggle quoted message
Show quoted text
The browser interaction is a must because the actual SAML Auth with the IDP happens via the browser. UAA implements the SAML POST profile which involves a browser. The code itself is generated as a one time token by the UAA after the SAML auth is complete. Thanks, Sree Sent from my iPad On Jun 9, 2015, at 6:26 AM, Pablo Alonso Rodriguez <palonsoro(a)gmail.com> wrote: |
|
|
|
Pablo Alonso Rodriguez <palonsoro@...>
I see.
toggle quoted message
Show quoted text
Then, until ECP profile is implemented (someone at Daniel's link mentioned that it is on the roadmap), the browser is must. Thank you very much for your answers. 2015-06-09 17:03 GMT+02:00 Sree Tummidi <stummidi(a)pivotal.io>: Hi, |
|
|