Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cf login without --sso fails #858

Closed
sharms opened this issue Jun 14, 2016 · 5 comments
Closed

cf login without --sso fails #858

sharms opened this issue Jun 14, 2016 · 5 comments
Labels
enhancement

Comments

@sharms
Copy link

sharms commented Jun 14, 2016

Command

cf login
cf login --sso

CLI Version

cf version 6.15.0+fa1bfe2-2016-01-13

Error

'cf login' fails to login, but works with 'cf login --sso'.

The API server should have a 'default_authenication_method' that can be set to SSO. Currently every single cf client continually has to add '--sso' every time they log in.

CC API Endpoint Version

API endpoint: https://api.cloud.gov (API version: 2.53.0)
@cf-gitbot
Copy link

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/121533689

The labels on this github issue will be updated when the story is started.

@dkoper
Copy link

dkoper commented Jun 14, 2016

Hi @sharms

Sounds like a feature request for the API server, not for the CLI team?
Can you submit it to https://github.com/cloudfoundry/cloud_controller_ng/issues instead and the CLI team will add support once the backend supports it?

Cheers,
Dies Koper
CF CLI PM

@dkoper
Copy link

dkoper commented Jun 29, 2016

As discussed on the uaa channel on Slack, the CLI reads login.endpoint/login, and could possibly be enhanced to assume --sso when the passcode field is there and the username and password fields are not:

{
    "prompts": {
        "username": ["text", "Email"],
        "password": ["password", "Password"],
        "passcode": ["password", "One Time Code ( Get one at https://login.cloud.gov/passcode )"]
    }
}

This would mean of course that the passcode would become the only way of authentication.
If that's acceptable, as this requires UAA to allow you to suppress those fields, please submit an enhancement request to their tracker and reopen this one with a link so we can try to align our change with theirs.

@dkoper dkoper closed this as completed Jun 29, 2016
@dkoper dkoper mentioned this issue Jun 29, 2016
Closed
@wslack wslack mentioned this issue Mar 6, 2017
Closed
@Abiwax
Copy link

Abiwax commented Jul 6, 2017

for IBM Bluemix, i noticed cf login --sso issue started happening when bluemix was integrated with SSO, users who created bluemix after the integration cannot login using the normal cf login command but users prior to the sso can login without using --sso command, but when using the normal cf login command, the password to use must be the last password used before SSO was integrated and not the password that SSO uses if the password is not the same.

@rupam999
Copy link

Still I am getting

{"error":"invalid_grant","error_description":"User authentication failed: Unauthorized"}

When trying
cf login without --sso fails

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@sharms @dkoper @cf-gitbot @Abiwax @rupam999