gcf authenticating directly to /oauth/login and bypassing custom authentication #29
Comments
|
Hi Jon, I have an existing story in our backlog to tackle this issue: https://www.pivotaltracker.com/story/show/60925130 It's a bit further out, is this something you're blocked on today? Scott |
|
Hi Scott, I wouldn't say it is blocking us, but since we do use LDAP authentication, we cannot have our customers use gcf until it is working. Until then, we can have them use the ruby version. |
|
Thanks, Jon. We discussed it as a team today and have a good idea of what needs to be done. I also pulled it up higher in the backlog along with a block of login other stories. We should hit it in the next two weeks or so. Scott On Tuesday, December 3, 2013 at 9:48 AM, Jon Price wrote:
|
|
That's great news! Thank you for pulling that in, I would really like to be able to direct people to use the new client. On a side note, we went live with our new v2 environment today and our first 2 new customers created orgs which contain spaces in the name ( I hadn't considered testing that....) anyway, it works fine with the ruby client, but gcf doesn't like it at all. For now, we have renamed those orgs and put some validation in place to prevent people from doing that. Jon |
|
Hi Scott, From looking at the backlog, it doesn't look like anyone has done anything with this. Do you have an updated ETA on when this may be implemented? Jon |
|
Hi Jon, We should get to it in the next two or three weeks. Need to point some more stories above it in the backlog to know for sure. Scott |
|
Hi @jmprice, Can you tell us the output of
|
|
Hi Max, cf curl /v2/info Jon |
|
@jmprice We delivered this fix in master. Would you be able to download the edge binary and try it out? Thanks! |
|
Closing for now, please re-open if we haven't successfully resolved this issue @jmprice. |
|
The new code does now go to login and is getting the prompts, but it doesn't go to /oauth/authorize which is where the ldap authentication takes place. I can send you the output of the login.log for a request from the ruby cf client which is working correctly and the go cf client if that would help. -- Jon |
|
@jmprice Are you still having this issue? If so, can you open a new issue with details? |
|
Hi Karl - this is most certainly still an issue which is preventing us from moving to the new client. It is in the pivotal tracker at https://www.pivotaltracker.com/s/projects/892938/stories/66626492 but there has been no progress on it. |
|
Hi @jmprice, we're finally working on this issue. Can you send us the ruby cf client's login.log? That would help us to debug this issue. Thanks! |
|
Hi Karen, Attached are the logs from a ruby cf request and a go cf request. -- Jon |
|
Apparently github will only let me attach images and not text files. How would you like for me to send you the log files? |
|
Hey @jmprice we're pretty sure that this was fixed by the UAA / Login Server team and that this works with the go cli as of CF Release v172. Would you mind if we closed this issue? Feel free to re-open if this still doesn't work for you or if there's anything else should discuss. We're sorry it took us so long to resolve this. |
the gcf client is passing credentials directly to uaa.config.AuthorizationEndpoint/oauth/token which is bypassing custom profiles like LDAP.
The text was updated successfully, but these errors were encountered: