Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 379 lines (268 sloc) 13.464 kb
39b9174b » tekul
2011-12-06 Minor edit to README.md (review test)
1 <link href="https://raw.github.com/clownfart/Markdown-CSS/master/markdown.css" rel="stylesheet"></link>
3c3c502f » tekul
2011-10-28 Update README and scripts to illustrate the implicit flow login/token…
2 # CloudFoundry User Account and Authentication (UAA) Server
ace57779 » daleolds
2011-10-11 start of UAA
3
d117c68d » dsyer
2012-01-05 Add useful listings to README
4 ## Co-ordinates
5
67f369ff » tekul
2012-01-20 CFID-101: Use Apache http client in LegacyAuthenticationManager.
6 * Team:
d117c68d » dsyer
2012-01-05 Add useful listings to README
7 * Dale Olds (`olds@vmware.com`)
8 * Dave Syer (`dsyer@vmware.com`)
9 * Luke Taylor (`ltaylor@vmware.com`)
10 * Joel D'Sa (`jdsa@vmware.com`)
e9329003 » daleolds
2012-02-07 remove incorrect URLs.
11 * Team mailing list: `cf-id@vmware.com`
12 * Docs: docs/
d117c68d » dsyer
2012-01-05 Add useful listings to README
13
650b10c3 » dsyer
2011-10-26 Initial draft - uaa with hard-coded user database
14 ## Quick Start
ace57779 » daleolds
2011-10-11 start of UAA
15
ab32020d » dsyer
2011-10-27 Update README
16 If this works you are in business:
ace57779 » daleolds
2011-10-11 start of UAA
17
600eda2a » ciberch
2011-11-29 Update README.md
18 $ git clone git@github.com:vmware-ac/uaa.git
ab32020d » dsyer
2011-10-27 Update README
19 $ cd uaa
20 $ mvn install
39b9174b » tekul
2011-12-06 Minor edit to README.md (review test)
21
00cf04c5 » dsyer
2011-11-22 Simplify integration test incantation
22 Each module has a `mvn tomcat:run` target to run individually, or you
23 could import them as projects into STS (use 2.8.0 or better if you
24 can). The apps all work together the apps running on the same port
917374ec » dsyer
2012-03-30 CFID-228: extract common JAR (now requires Maven 3 for tomcat)
25 (8080) as `/uaa`, `/app` and `/api`. You can probably use Maven 2.2.1
afc88bb5 » dsyer
2012-04-19 CFID-257: Tidy README and API docs and add extra instructions for ins…
26 to build the code, but you need to use Maven 3 if you want to run the
27 server from the command line (or run integration tests).
650b10c3 » dsyer
2011-10-26 Initial draft - uaa with hard-coded user database
28
3c3c502f » tekul
2011-10-28 Update README and scripts to illustrate the implicit flow login/token…
29 ### Demo of command line usage
650b10c3 » dsyer
2011-10-26 Initial draft - uaa with hard-coded user database
30
73e67fa0 » andypiper
2012-04-10 clarified documentation and explained how to run gem against cloud fo…
31 First run the UAA server as described above:
650b10c3 » dsyer
2011-10-26 Initial draft - uaa with hard-coded user database
32
3c3c502f » tekul
2011-10-28 Update README and scripts to illustrate the implicit flow login/token…
33 $ cd uaa
00cf04c5 » dsyer
2011-11-22 Simplify integration test incantation
34 $ mvn tomcat:run
650b10c3 » dsyer
2011-10-26 Initial draft - uaa with hard-coded user database
35
73e67fa0 » andypiper
2012-04-10 clarified documentation and explained how to run gem against cloud fo…
36 Then start another terminal and from the project base directory, ask
07d47621 » dsyer
2012-03-26 CFID-41, CFID-214: again don't make any assumptions about the database
37 the login endpoint to tell you about the system:
38
39 $ curl -H "Accept: application/json" localhost:8080/uaa/login
40 {
41 "timestamp":"2012-03-28T18:25:49+0100",
42 "commit_id":"111274e",
43 "prompts":{"username":["text","Username"],
44 "password":["password","Password"]
45 }
46 }
47
48 Then you can try logging in with the UAA ruby gem. Make sure you have
49 ruby 1.9, and bundler installed, then
650b10c3 » dsyer
2011-10-26 Initial draft - uaa with hard-coded user database
50
73e67fa0 » andypiper
2012-04-10 clarified documentation and explained how to run gem against cloud fo…
51 $ cd gem/; bundle
52 $ ./bin/uaa target localhost:8080/uaa
53 $ ./bin/uaa login marissa koala
650b10c3 » dsyer
2011-10-26 Initial draft - uaa with hard-coded user database
54
ff934930 » dsyer
2012-02-05 CFID-76: Tidy up login and add some rdocs
55 (or leave out the username / password to be prompted).
650b10c3 » dsyer
2011-10-26 Initial draft - uaa with hard-coded user database
56
fb10cbeb » dsyer
2012-04-13 CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
57 This authenticates and obtains an access token from the server using
58 the OAuth2 implicit grant, similar to the approach intended for a
59 client like VMC. The token is returned in stdout, so copy paste the
60 value into this next command:
650b10c3 » dsyer
2011-10-26 Initial draft - uaa with hard-coded user database
61
73e67fa0 » andypiper
2012-04-10 clarified documentation and explained how to run gem against cloud fo…
62 $ ./bin/uaa --client-id=admin --client-secret=adminclientsecret decode [token]
ff934930 » dsyer
2012-02-05 CFID-76: Tidy up login and add some rdocs
63
73e67fa0 » andypiper
2012-04-10 clarified documentation and explained how to run gem against cloud fo…
64 and you should see your username and the client id of the original token grant on stdout.
65
66 {
67 "id":"17a99e38-c5fd-46a3-9d37-6b12db0937c9",
68 "resource_ids":["cloud_controller","password"],
69 "expires_at":1334117495,
70 "scope":["read"],
71 "email":"marissa@test.org",
72 "client_authorities":["ROLE_UNTRUSTED"],
73 "expires_in":43171,
74 "user_authorities":["ROLE_USER"],
75 "user_id":"marissa",
76 "client_id":"vmc"
77 }
78
79 ### Demo of command line usage against e.g. cloudfoundry.com
80
81 The same command line example should work against a UAA running on cloudfoundry.com. In this case, there is no need to run a local uaa server, so simply ask the external login endpoint to tell you about the system:
82
83 $ curl -H "Accept: application/json" uaa.cloudfoundry.com/login
84 {
85 "prompts":{"username":["text","Username"],
86 "password":["password","Password"]
87 }
88 }
89
90 You can then try logging in with the UAA ruby gem. Make sure you have ruby 1.9, and bundler installed, then
91
92 $ cd gem/; bundle
93 $ ./bin/uaa target uaa.cloudfoundry.com
94 $ ./bin/uaa login [yourusername] [yourpassword]
95
96 (or leave out the username / password to be prompted).
97
98 This authenticates and obtains an access token from the server using the OAuth2 implicit
99 grant, similar to the approach intended for a client like VMC.
650b10c3 » dsyer
2011-10-26 Initial draft - uaa with hard-coded user database
100
6bab6c9a » dsyer
2011-11-14 Put tomcat in a profile (tomcat)
101 ## Integration tests
102
103 With all apps deployed into a running server on port 8080 the tests
104 will include integration tests (a check is done before each test that
105 the app is running). You can deploy them in your IDE or using the
fb10cbeb » dsyer
2012-04-13 CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
106 command line with `mvn tomcat:run` and then run the tests as normal.
6bab6c9a » dsyer
2011-11-14 Put tomcat in a profile (tomcat)
107
00cf04c5 » dsyer
2011-11-22 Simplify integration test incantation
108 For individual modules, or for the whole project, you can also run
fb10cbeb » dsyer
2012-04-13 CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
109 integration tests and the server from the command line in one go with
6bab6c9a » dsyer
2011-11-14 Put tomcat in a profile (tomcat)
110
917374ec » dsyer
2012-03-30 CFID-228: extract common JAR (now requires Maven 3 for tomcat)
111 $ mvn test -P integration
6bab6c9a » dsyer
2011-11-14 Put tomcat in a profile (tomcat)
112
28afa21c » dsyer
2011-11-15 Remove or tidy jsps and update README
113 (This might require an initial `mvn install` from the parent directory
114 to get the wars in your local repo first.)
115
fb10cbeb » dsyer
2012-04-13 CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
116 To make the tests work in various environments you can modify the
117 configuration of the server and the tests (e.g. the admin client)
118 using a variety of mechanisms. The simplest is to provide additional
119 Maven profiles on the command line, e.g.
120
121 $ (cd uaa; mvn test -P vcap)
122
123 will run the integration tests against a uaa server running in a local
124 vcap, so for example the service URL is set to `uaa.vcap.me` (by
125 default). There are several Maven profiles to play with, and they can
126 be used to run the server, or the tests or both:
127
128 * `local`: runs the server on the ROOT context `http://localhost:8080/`
129
130 * `vcap`: also runs the server on the ROOT context and points the
131 tests at `uaa.vcap.me`.
132
133 * `devuaa`: points the tests at `http://devuaa.cloudfoundry.com` (an
134 instance of UAA deployed on cloudfoundry).
135
136 All these profiles set the `CLOUD_FOUNDRY_CONFIG_PATH` to pick up a
137 `uaa.yml` and (if appropriate) set the context root for running the
138 server (see below for more detail on that).
139
e9622460 » dsyer
2012-01-27 CFID-105: tweak tests and update README for BVT changes
140 ### BVTs
141
142 There is a really simple cucumber feature spec (`--tag @uaa`) to
07d47621 » dsyer
2012-03-26 CFID-41, CFID-214: again don't make any assumptions about the database
143 verify that the UAA server is there. There is also a rake task to
e9622460 » dsyer
2012-01-27 CFID-105: tweak tests and update README for BVT changes
144 launch the integration tests from the `uaa` submodule in `vcap`.
145 Typical usage for a local (`uaa.vcap.me`) instance:
146
147 $ cd vcap/tests
148 $ rake bvt:run_uaa
149
fb10cbeb » dsyer
2012-04-13 CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
150 You can change the most common important settings with environment
151 variables (see below), or with a custom `uaa.yml`. N.B. `MAVEN_OPTS`
152 cannot be used to set JVM system properties for the tests, but it can
153 be used to set memory limits for the process etc.
154
155 ### Custom YAML Configuration
156
07d47621 » dsyer
2012-03-26 CFID-41, CFID-214: again don't make any assumptions about the database
157 To modify the runtime parameters you can provide a `uaa.yml`, e.g.
e9622460 » dsyer
2012-01-27 CFID-105: tweak tests and update README for BVT changes
158
159 $ cat > /tmp/uaa.yml
160 uaa:
161 host: uaa.appcloud21.dev.mozycloud
162 test:
163 username: dev@cloudfoundry.org # defaults to vcap_tester@vmware.com
164 password: changeme
165 email: dev@cloudfoundry.org
fb10cbeb » dsyer
2012-04-13 CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
166
167 then from `vcap-tests`
168
e9622460 » dsyer
2012-01-27 CFID-105: tweak tests and update README for BVT changes
169 $ CLOUD_FOUNDRY_CONFIG_PATH=/tmp rake bvt:run_uaa
07d47621 » dsyer
2012-03-26 CFID-41, CFID-214: again don't make any assumptions about the database
170
fb10cbeb » dsyer
2012-04-13 CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
171 or from `uaa/uaa`
e9622460 » dsyer
2012-01-27 CFID-105: tweak tests and update README for BVT changes
172
fb10cbeb » dsyer
2012-04-13 CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
173 $ CLOUD_FOUNDRY_CONFIG_PATH=/tmp mvn test
07d47621 » dsyer
2012-03-26 CFID-41, CFID-214: again don't make any assumptions about the database
174
fb10cbeb » dsyer
2012-04-13 CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
175 The integration tests look for a Yaml file in the following locations
176 (later entries override earlier ones), and the webapp does the same
177 when it starts up so you can use the same config file for both:
178
179 classpath:uaa.yml
180 file:${CLOUD_FOUNDRY_CONFIG_PATH}/uaa.yml
181 file:${UAA_CONFIG_FILE}
182 ${UAA_CONFIG_URL}
183
184 ### Using Maven with Cloud Foundry or VCAP
185
186 To test against a vcap instance use the Maven profile `vcap` (it
187 switches off some of the tests that create random client and user
188 accounts):
07d47621 » dsyer
2012-03-26 CFID-41, CFID-214: again don't make any assumptions about the database
189
190 $ (cd uaa; mvn test -P vcap)
fb10cbeb » dsyer
2012-04-13 CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
191
07d47621 » dsyer
2012-03-26 CFID-41, CFID-214: again don't make any assumptions about the database
192 To change the target server it should suffice to set
f1d1a890 » dsyer
2012-04-02 CFID-230: update UAA docs
193 `VCAP_BVT_TARGET` (the tests prefix it with `uaa.` to form the
917374ec » dsyer
2012-03-30 CFID-228: extract common JAR (now requires Maven 3 for tomcat)
194 server url), e.g.
195
fb10cbeb » dsyer
2012-04-13 CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
196 $ VCAP_BVT_TARGET=appcloud21.dev.mozycloud mvn test -P vcap
197
198 You can also override some of the other most important default
199 settings using environment variables. The defaults as usual come from
200 `uaa.yml` but tests will search first in an environment variable:
e9622460 » dsyer
2012-01-27 CFID-105: tweak tests and update README for BVT changes
201
fb10cbeb » dsyer
2012-04-13 CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
202 * `UAA_ADMIN_CLIENT_ID` the client id for bootstrapping client
203 registrations needed for the rest of the tests.
e9622460 » dsyer
2012-01-27 CFID-105: tweak tests and update README for BVT changes
204
fb10cbeb » dsyer
2012-04-13 CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
205 * `UAA_ADMIN_CLIENT_SECRET` the client secret for boottrapping client
206 registrations
207
208 All other settings from `uaa.yml` can be overriden individually as
209 system properties. Running in an IDE this is easy just using whatever
210 features allow you to modify the JVM in test runs, but using Maven you
211 have to use the `argLine` property to get settings passed onto the
212 test JVM, e.g.
213
214 $ mvn -DargLine=-Duaa.test.username=foo test
215
216 will create an account with `userName=foo` for testing (instead using
217 the default setting from `uaa.yml`).
218
219 If you prefer environment variables to system properties you can use a
220 custom `uaa.yml` with placeholders for your environment variables,
221 e.g.
222
223 uaa:
224 test:
225 username: ${UAA_TEST_USERNAME:marissa}
e9622460 » dsyer
2012-01-27 CFID-105: tweak tests and update README for BVT changes
226
fb10cbeb » dsyer
2012-04-13 CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
227 will look for an environment variable (or system property)
228 `UAA_TEST_USERNAME` before defaulting to `marissa`. This is the trick
229 used to expose `UAA_ADMIN_CLIENT_SECRET` etc. in the standard
230 configuration.
e9622460 » dsyer
2012-01-27 CFID-105: tweak tests and update README for BVT changes
231
3c3c502f » tekul
2011-10-28 Update README and scripts to illustrate the implicit flow login/token…
232 ## Inventory
650b10c3 » dsyer
2011-10-26 Initial draft - uaa with hard-coded user database
233
60e128a0 » dsyer
2011-12-01 Add postgres support and and check with PLATFORM=postgresql
234 There are actually several projects here, the main `uaa` server application and some samples:
650b10c3 » dsyer
2011-10-26 Initial draft - uaa with hard-coded user database
235
917374ec » dsyer
2012-03-30 CFID-228: extract common JAR (now requires Maven 3 for tomcat)
236 0. `common` is a module containing a JAR with all the business logic. It is used in
237 the webapps below.
238
3c3c502f » tekul
2011-10-28 Update README and scripts to illustrate the implicit flow login/token…
239 1. `uaa` is the actual UAA server
650b10c3 » dsyer
2011-10-26 Initial draft - uaa with hard-coded user database
240
0c65ef3b » joeldsa
2012-02-15 Changed the name of the gem to cf-uaa-client
241 2. `gem` is a ruby gem (`cf-uaa-client`) for interacting with the UAA server
ff934930 » dsyer
2012-02-05 CFID-76: Tidy up login and add some rdocs
242
243 3. `api` (sample) is an OAuth2 resource service which returns a mock list of deployed apps
650b10c3 » dsyer
2011-10-26 Initial draft - uaa with hard-coded user database
244
ff934930 » dsyer
2012-02-05 CFID-76: Tidy up login and add some rdocs
245 4. `app` (sample) is a user application that uses both of the above
650b10c3 » dsyer
2011-10-26 Initial draft - uaa with hard-coded user database
246
3c3c502f » tekul
2011-10-28 Update README and scripts to illustrate the implicit flow login/token…
247 In CloudFoundry terms
650b10c3 » dsyer
2011-10-26 Initial draft - uaa with hard-coded user database
248
3c3c502f » tekul
2011-10-28 Update README and scripts to illustrate the implicit flow login/token…
249 * `uaa` provides an authentication service plus authorized delegation for
250 back-end services and apps (by issuing OAuth2 access tokens).
650b10c3 » dsyer
2011-10-26 Initial draft - uaa with hard-coded user database
251
3c3c502f » tekul
2011-10-28 Update README and scripts to illustrate the implicit flow login/token…
252 * `api` is `api.cloudfoundry.com` - it's a service which provides resources
253 which other applications may wish to access on behalf of the resource
254 owner (the end user).
650b10c3 » dsyer
2011-10-26 Initial draft - uaa with hard-coded user database
255
3c3c502f » tekul
2011-10-28 Update README and scripts to illustrate the implicit flow login/token…
256 * `app` is `code.cloudfoundry.com` or `studio.cloudfoundry.com` - a
257 webapp that needs single sign on and access to the `api` service on
258 behalf of users.
650b10c3 » dsyer
2011-10-26 Initial draft - uaa with hard-coded user database
259
92647e44 » dsyer
2011-12-15 Upgrade to Spring 3.1
260 ## UAA Server
261
3c3c502f » tekul
2011-10-28 Update README and scripts to illustrate the implicit flow login/token…
262 The authentication service is `uaa`. It's a plain Spring MVC webapp.
263 Deploy as normal in Tomcat or your container of choice, or execute
afc88bb5 » dsyer
2012-04-19 CFID-257: Tidy README and API docs and add extra instructions for ins…
264 `mvn tomcat:run` to run it directly from `uaa` directory in the source
265 tree (make sure the common jar is installed first using `mvn install`
266 from the common subdirectory or from the top level directory). When
267 running with maven it listens on port 8080.
650b10c3 » dsyer
2011-10-26 Initial draft - uaa with hard-coded user database
268
afc88bb5 » dsyer
2012-04-19 CFID-257: Tidy README and API docs and add extra instructions for ins…
269 The UAA Server supports the APIs defined in the UAA-APIs document. To summarise:
650b10c3 » dsyer
2011-10-26 Initial draft - uaa with hard-coded user database
270
3c3c502f » tekul
2011-10-28 Update README and scripts to illustrate the implicit flow login/token…
271 1. The OAuth2 /authorize and /token endpoints
650b10c3 » dsyer
2011-10-26 Initial draft - uaa with hard-coded user database
272
3c3c502f » tekul
2011-10-28 Update README and scripts to illustrate the implicit flow login/token…
273 2. A /login_info endpoint to allow querying for required login prompts
650b10c3 » dsyer
2011-10-26 Initial draft - uaa with hard-coded user database
274
3c3c502f » tekul
2011-10-28 Update README and scripts to illustrate the implicit flow login/token…
275 3. A /check_token endpoint, to allow resource servers to obtain information about
276 an access token submitted by an OAuth2 client.
650b10c3 » dsyer
2011-10-26 Initial draft - uaa with hard-coded user database
277
92647e44 » dsyer
2011-12-15 Upgrade to Spring 3.1
278 4. SCIM user provisioning endpoint
650b10c3 » dsyer
2011-10-26 Initial draft - uaa with hard-coded user database
279
92647e44 » dsyer
2011-12-15 Upgrade to Spring 3.1
280 5. OpenID connect endpoints to support authentication /userinfo and
281 /check_id (todo). Implemented roughly enough to get it working (so
282 /app authenticates here), but not to meet the spec.
e578bc02 » dsyer
2011-11-09 CFID-36: tidy up and add some docs
283
284 Authentication can be performed by command line clients by submitting
60e128a0 » dsyer
2011-12-01 Add postgres support and and check with PLATFORM=postgresql
285 credentials directly to the `/authorize` endpoint (as described in
e578bc02 » dsyer
2011-11-09 CFID-36: tidy up and add some docs
286 UAA-API doc). There is an `ImplicitAccessTokenProvider` in Spring
92647e44 » dsyer
2011-12-15 Upgrade to Spring 3.1
287 Security OAuth that can do the heavy lifting if your client is Java.
288
289 By default `uaa` will launch with a context root `/uaa`. There is a
afc88bb5 » dsyer
2012-04-19 CFID-257: Tidy README and API docs and add extra instructions for ins…
290 Maven profile `local` to launch with context root `/`, and another
291 called `vcap` to launch at `/` with a postgresql backend.
92647e44 » dsyer
2011-12-15 Upgrade to Spring 3.1
292
ff268dec » dsyer
2012-01-18 CFID-96: remove private profile and initialise empty database with ad…
293 ### Configuration
294
295 There is a `uaa.yml` in the application which provides defaults to the
296 placeholders in the Spring XML. Wherever you see
297 `${placeholder.name}` in the XML there is an opportunity to override
298 it either by providing a System property (`-D` to JVM) with the same
afc88bb5 » dsyer
2012-04-19 CFID-257: Tidy README and API docs and add extra instructions for ins…
299 name, or a custom `uaa.yml` (as described above).
ff268dec » dsyer
2012-01-18 CFID-96: remove private profile and initialise empty database with ad…
300
07d47621 » dsyer
2012-03-26 CFID-41, CFID-214: again don't make any assumptions about the database
301 All passwords and client secrets in the config files are plain text,
302 but they will be inserted into the UAA database encrypted with BCrypt.
ff268dec » dsyer
2012-01-18 CFID-96: remove private profile and initialise empty database with ad…
303
92647e44 » dsyer
2011-12-15 Upgrade to Spring 3.1
304 ### User Account Data
305
07d47621 » dsyer
2012-03-26 CFID-41, CFID-214: again don't make any assumptions about the database
306 The default is to use an in-memory RDBMS user store that is
307 pre-populated with a single test users: `marissa` has password
308 `koala`.
92647e44 » dsyer
2011-12-15 Upgrade to Spring 3.1
309
07d47621 » dsyer
2012-03-26 CFID-41, CFID-214: again don't make any assumptions about the database
310 To use Postgresql for user data, activate one of the Spring profiles
311 `hsqldb` or `postgresql`.
650b10c3 » dsyer
2011-10-26 Initial draft - uaa with hard-coded user database
312
07d47621 » dsyer
2012-03-26 CFID-41, CFID-214: again don't make any assumptions about the database
313 The active profiles can be configured in `uaa.yml` using
314
315 spring_profiles: postgresql
316
317 or by passing the `spring.profiles.active` parameter to the JVM. For,
318 example to run with an embedded HSQL database:
8c2d4555 » tekul
2011-12-19 Added spring profile usage info to readme
319
07d47621 » dsyer
2012-03-26 CFID-41, CFID-214: again don't make any assumptions about the database
320 mvn -Dspring.profiles.active=hsqldb tomcat:run
8c2d4555 » tekul
2011-12-19 Added spring profile usage info to readme
321
322 Or to use PostgreSQL instead of HSQL:
323
07d47621 » dsyer
2012-03-26 CFID-41, CFID-214: again don't make any assumptions about the database
324 mvn -Dspring.profiles.active=postgresql tomcat:run
67f369ff » tekul
2012-01-20 CFID-101: Use Apache http client in LegacyAuthenticationManager.
325
07d47621 » dsyer
2012-03-26 CFID-41, CFID-214: again don't make any assumptions about the database
326 To bootstrap a microcloud type environment you need an admin client.
ff268dec » dsyer
2012-01-18 CFID-96: remove private profile and initialise empty database with ad…
327 For this there is a database initializer component that inserts an
07d47621 » dsyer
2012-03-26 CFID-41, CFID-214: again don't make any assumptions about the database
328 admin client. If the default profile is active (i.e. not
329 `postgresql`) there is also a `vmc` client so that the gem login works
330 out of the box. You can override the default settings and add
331 additional clients in `uaa.yml`:
332
333 oauth:
334 clients:
335 admin:
336 authorized-grant-types: client_credentials
337 scope: read,write,password
f1d1a890 » dsyer
2012-04-02 CFID-230: update UAA docs
338 authorities: ROLE_CLIENT,ROLE_ADIN
07d47621 » dsyer
2012-03-26 CFID-41, CFID-214: again don't make any assumptions about the database
339 id: admin
340 secret: adminclientsecret
341 resource-ids: clients
342
343 The admin client can be used to create additional clients (but not to
344 do anything much else). A client with read/write access to the `scim`
345 resource will be needed to create user accounts. The integration
346 tests take care of this automatically, inserting client and user
347 accounts as necessary to make the tests work.
8c2d4555 » tekul
2011-12-19 Added spring profile usage info to readme
348
3c3c502f » tekul
2011-10-28 Update README and scripts to illustrate the implicit flow login/token…
349 ## The API Application
650b10c3 » dsyer
2011-10-26 Initial draft - uaa with hard-coded user database
350
3c3c502f » tekul
2011-10-28 Update README and scripts to illustrate the implicit flow login/token…
351 An example resource server. It hosts a service which returns
352 a list of mock applications under `/apps`.
650b10c3 » dsyer
2011-10-26 Initial draft - uaa with hard-coded user database
353
00cf04c5 » dsyer
2011-11-22 Simplify integration test incantation
354 Run it using `mvn tomcat:run` from the `api` directory (once all other
355 tomcat processes have been shutdown). This will deploy the app to a
356 Tomcat manager on port 8080.
650b10c3 » dsyer
2011-10-26 Initial draft - uaa with hard-coded user database
357
358 ## The App Application
359
39b9174b » tekul
2011-12-06 Minor edit to README.md (review test)
360 This is a user interface app (primarily aimed at browsers) that uses
e578bc02 » dsyer
2011-11-09 CFID-36: tidy up and add some docs
361 OpenId Connect for authentication (i.e. SSO) and OAuth2 for access
362 grants. It authenticates with the Auth service, and then accesses
00cf04c5 » dsyer
2011-11-22 Simplify integration test incantation
363 resources in the API service. Run it with `mvn tomcat:run` from the
364 `app` directory (once all other tomcat processes have been shutdown).
650b10c3 » dsyer
2011-10-26 Initial draft - uaa with hard-coded user database
365
366 ### Use Cases
367
ab32020d » dsyer
2011-10-27 Update README
368 1. See all apps
650b10c3 » dsyer
2011-10-26 Initial draft - uaa with hard-coded user database
369
39b9174b » tekul
2011-12-06 Minor edit to README.md (review test)
370 GET /app/apps
650b10c3 » dsyer
2011-10-26 Initial draft - uaa with hard-coded user database
371
372 browser is redirected through a series of authentication and access
373 grant steps (which could be slimmed down to implicit steps not
374 requiring user at some point), and then the photos are shown.
375
ab32020d » dsyer
2011-10-27 Update README
376 2. See the currently logged in user details, a bag of attributes
650b10c3 » dsyer
2011-10-26 Initial draft - uaa with hard-coded user database
377 grabbed from the open id provider
378
ab32020d » dsyer
2011-10-27 Update README
379 GET /app
Something went wrong with that request. Please try again.