Skip to content
Newer
Older
100644 140 lines (90 sloc) 4.55 KB
28afa21 @dsyer Remove or tidy jsps and update README
dsyer authored
1 <link href="https://raw.github.com/clownfart/Markdown-CSS/master/markdown.css" rel="stylesheet"></link>
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
2 # CloudFoundry User Account and Authentication (UAA) Server
ace5777 @daleolds start of UAA
daleolds authored
3
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
4 ## Quick Start
ace5777 @daleolds start of UAA
daleolds authored
5
ab32020 @dsyer Update README
dsyer authored
6 If this works you are in business:
ace5777 @daleolds start of UAA
daleolds authored
7
ab32020 @dsyer Update README
dsyer authored
8 $ git clone git://github.com/vmware-ac/uaa.git
9 $ cd uaa
10 $ mvn install
11
00cf04c @dsyer Simplify integration test incantation
dsyer authored
12 Each module has a `mvn tomcat:run` target to run individually, or you
13 could import them as projects into STS (use 2.8.0 or better if you
14 can). The apps all work together the apps running on the same port
15 (8080) as `/uaa`, `/app` and `/api`.
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
16
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
17 ### Demo of command line usage
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
18
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
19 First run the uaa server as described above:
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
20
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
21 $ cd uaa
00cf04c @dsyer Simplify integration test incantation
dsyer authored
22 $ mvn tomcat:run
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
23
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
24 Then start another terminal and from the project base directory, run:
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
25
2c2d2c2 @dsyer Update README for new ports
dsyer authored
26 $ ./login.sh "localhost:8080/uaa"
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
27
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
28 And hit return twice to accept the default username and password.
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
29
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
30 This authenticates and obtains an access token from the server using the OAuth2 implicit
31 grant, similar to the approach intended for a client like VMC. The token is
32 stored in the file `.access_token`.
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
33
00cf04c @dsyer Simplify integration test incantation
dsyer authored
34 Now kill the `uaa` server and run the `api` server (which starts the
35 `uaa` server as well):
f274eb9 @dsyer Update README for Tomcat
dsyer authored
36
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
37 $ cd api
00cf04c @dsyer Simplify integration test incantation
dsyer authored
38 $ mvn tomcat:run
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
39
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
40 And then (from the base directory) execute:
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
41
f274eb9 @dsyer Update README for Tomcat
dsyer authored
42 $ ./get.sh http://localhost:8080/api/apps
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
43
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
44 which should return a JSON array of (pretend) running applications.
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
45
6bab6c9 @dsyer Put tomcat in a profile (tomcat)
dsyer authored
46 ## Integration tests
47
48 With all apps deployed into a running server on port 8080 the tests
49 will include integration tests (a check is done before each test that
50 the app is running). You can deploy them in your IDE or using the
00cf04c @dsyer Simplify integration test incantation
dsyer authored
51 command line with `mvn tomcat:run`.
6bab6c9 @dsyer Put tomcat in a profile (tomcat)
dsyer authored
52
00cf04c @dsyer Simplify integration test incantation
dsyer authored
53 For individual modules, or for the whole project, you can also run
54 integration tests from the command line in one go with
6bab6c9 @dsyer Put tomcat in a profile (tomcat)
dsyer authored
55
00cf04c @dsyer Simplify integration test incantation
dsyer authored
56 $ mvn integration-test
6bab6c9 @dsyer Put tomcat in a profile (tomcat)
dsyer authored
57
28afa21 @dsyer Remove or tidy jsps and update README
dsyer authored
58 (This might require an initial `mvn install` from the parent directory
59 to get the wars in your local repo first.)
60
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
61 ## Inventory
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
62
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
63 There are actually several projects here:
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
64
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
65 1. `uaa` is the actual UAA server
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
66
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
67 2. `api` is an OAuth2 resource service which returns a mock list of deployed apps
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
68
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
69 3. `app` is a user application that uses both of the above
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
70
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
71 In CloudFoundry terms
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
72
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
73 * `uaa` provides an authentication service plus authorized delegation for
74 back-end services and apps (by issuing OAuth2 access tokens).
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
75
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
76 * `api` is `api.cloudfoundry.com` - it's a service which provides resources
77 which other applications may wish to access on behalf of the resource
78 owner (the end user).
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
79
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
80 * `app` is `code.cloudfoundry.com` or `studio.cloudfoundry.com` - a
81 webapp that needs single sign on and access to the `api` service on
82 behalf of users.
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
83
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
84 The authentication service is `uaa`. It's a plain Spring MVC webapp.
85 Deploy as normal in Tomcat or your container of choice, or execute
f274eb9 @dsyer Update README for Tomcat
dsyer authored
86 `mvn tomcat:run` to run it directly from `uaa` directory in the source tree.
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
87 When running with maven it listen on port 8080.
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
88
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
89 It supports the APIs defined in the UAA-APIs document. To summarise:
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
90
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
91 1. The OAuth2 /authorize and /token endpoints
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
92
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
93 2. A /login_info endpoint to allow querying for required login prompts
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
94
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
95 3. A /check_token endpoint, to allow resource servers to obtain information about
96 an access token submitted by an OAuth2 client.
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
97
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
98 4. SCIM user provisioning endpoints (todo)
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
99
e578bc0 @dsyer CFID-36: tidy up and add some docs
dsyer authored
100 5. OpenID connect endpoints to support authentication
101 (todo). Implemented roughly enough to get it working (so /app
102 authenticates here), but not to meet the spec.
103
104 Authentication can be performed by command line clients by submitting
105 credentials directly to the /authorize endpoint (as described in
106 UAA-API doc). There is an `ImplicitAccessTokenProvider` in Spring
107 Security OAuth that can do the heavy lifting.
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
108
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
109 ## The API Application
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
110
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
111 An example resource server. It hosts a service which returns
112 a list of mock applications under `/apps`.
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
113
00cf04c @dsyer Simplify integration test incantation
dsyer authored
114 Run it using `mvn tomcat:run` from the `api` directory (once all other
115 tomcat processes have been shutdown). This will deploy the app to a
116 Tomcat manager on port 8080.
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
117
118 ## The App Application
119
120 This is a user interface (primarily aimed at browser) app that uses
e578bc0 @dsyer CFID-36: tidy up and add some docs
dsyer authored
121 OpenId Connect for authentication (i.e. SSO) and OAuth2 for access
122 grants. It authenticates with the Auth service, and then accesses
00cf04c @dsyer Simplify integration test incantation
dsyer authored
123 resources in the API service. Run it with `mvn tomcat:run` from the
124 `app` directory (once all other tomcat processes have been shutdown).
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
125
126 ### Use Cases
127
ab32020 @dsyer Update README
dsyer authored
128 1. See all apps
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
129
ab32020 @dsyer Update README
dsyer authored
130 GET /app/apps
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
131
132 browser is redirected through a series of authentication and access
133 grant steps (which could be slimmed down to implicit steps not
134 requiring user at some point), and then the photos are shown.
135
ab32020 @dsyer Update README
dsyer authored
136 2. See the currently logged in user details, a bag of attributes
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
137 grabbed from the open id provider
138
ab32020 @dsyer Update README
dsyer authored
139 GET /app
Something went wrong with that request. Please try again.