Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 380 lines (268 sloc) 13.464 kb
39b9174 ___ Minor edit to README.md (review test)
tekul authored
1 <link href="https://raw.github.com/clownfart/Markdown-CSS/master/markdown.css" rel="stylesheet"></link>
3c3c502 ___ Update README and scripts to illustrate the implicit flow login/token gr...
tekul authored
2 # CloudFoundry User Account and Authentication (UAA) Server
ace5777 Dale Olds start of UAA
daleolds authored
3
d117c68 Dave Syer Add useful listings to README
dsyer authored
4 ## Co-ordinates
5
67f369f ___ CFID-101: Use Apache http client in LegacyAuthenticationManager.
tekul authored
6 * Team:
d117c68 Dave Syer Add useful listings to README
dsyer authored
7 * Dale Olds (`olds@vmware.com`)
8 * Dave Syer (`dsyer@vmware.com`)
9 * Luke Taylor (`ltaylor@vmware.com`)
10 * Joel D'Sa (`jdsa@vmware.com`)
e932900 Dale Olds remove incorrect URLs.
daleolds authored
11 * Team mailing list: `cf-id@vmware.com`
12 * Docs: docs/
d117c68 Dave Syer Add useful listings to README
dsyer authored
13
650b10c Dave Syer Initial draft - uaa with hard-coded user database
dsyer authored
14 ## Quick Start
ace5777 Dale Olds start of UAA
daleolds authored
15
ab32020 Dave Syer Update README
dsyer authored
16 If this works you are in business:
ace5777 Dale Olds start of UAA
daleolds authored
17
600eda2 Monica Wilkinson Update README.md
ciberch authored
18 $ git clone git@github.com:vmware-ac/uaa.git
ab32020 Dave Syer Update README
dsyer authored
19 $ cd uaa
20 $ mvn install
39b9174 ___ Minor edit to README.md (review test)
tekul authored
21
00cf04c Dave Syer Simplify integration test incantation
dsyer authored
22 Each module has a `mvn tomcat:run` target to run individually, or you
23 could import them as projects into STS (use 2.8.0 or better if you
24 can). The apps all work together the apps running on the same port
917374e Dave Syer CFID-228: extract common JAR (now requires Maven 3 for tomcat)
dsyer authored
25 (8080) as `/uaa`, `/app` and `/api`. You can probably use Maven 2.2.1
afc88bb Dave Syer CFID-257: Tidy README and API docs and add extra instructions for instal...
dsyer authored
26 to build the code, but you need to use Maven 3 if you want to run the
27 server from the command line (or run integration tests).
650b10c Dave Syer Initial draft - uaa with hard-coded user database
dsyer authored
28
3c3c502 ___ Update README and scripts to illustrate the implicit flow login/token gr...
tekul authored
29 ### Demo of command line usage
650b10c Dave Syer Initial draft - uaa with hard-coded user database
dsyer authored
30
73e67fa Andy Piper clarified documentation and explained how to run gem against cloud found...
andypiper authored
31 First run the UAA server as described above:
650b10c Dave Syer Initial draft - uaa with hard-coded user database
dsyer authored
32
3c3c502 ___ Update README and scripts to illustrate the implicit flow login/token gr...
tekul authored
33 $ cd uaa
00cf04c Dave Syer Simplify integration test incantation
dsyer authored
34 $ mvn tomcat:run
650b10c Dave Syer Initial draft - uaa with hard-coded user database
dsyer authored
35
73e67fa Andy Piper clarified documentation and explained how to run gem against cloud found...
andypiper authored
36 Then start another terminal and from the project base directory, ask
07d4762 Dave Syer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored
37 the login endpoint to tell you about the system:
38
39 $ curl -H "Accept: application/json" localhost:8080/uaa/login
40 {
41 "timestamp":"2012-03-28T18:25:49+0100",
42 "commit_id":"111274e",
43 "prompts":{"username":["text","Username"],
44 "password":["password","Password"]
45 }
46 }
47
48 Then you can try logging in with the UAA ruby gem. Make sure you have
49 ruby 1.9, and bundler installed, then
650b10c Dave Syer Initial draft - uaa with hard-coded user database
dsyer authored
50
73e67fa Andy Piper clarified documentation and explained how to run gem against cloud found...
andypiper authored
51 $ cd gem/; bundle
52 $ ./bin/uaa target localhost:8080/uaa
53 $ ./bin/uaa login marissa koala
650b10c Dave Syer Initial draft - uaa with hard-coded user database
dsyer authored
54
ff93493 Dave Syer CFID-76: Tidy up login and add some rdocs
dsyer authored
55 (or leave out the username / password to be prompted).
650b10c Dave Syer Initial draft - uaa with hard-coded user database
dsyer authored
56
fb10cbe Dave Syer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and sp...
dsyer authored
57 This authenticates and obtains an access token from the server using
58 the OAuth2 implicit grant, similar to the approach intended for a
59 client like VMC. The token is returned in stdout, so copy paste the
60 value into this next command:
650b10c Dave Syer Initial draft - uaa with hard-coded user database
dsyer authored
61
73e67fa Andy Piper clarified documentation and explained how to run gem against cloud found...
andypiper authored
62 $ ./bin/uaa --client-id=admin --client-secret=adminclientsecret decode [token]
ff93493 Dave Syer CFID-76: Tidy up login and add some rdocs
dsyer authored
63
73e67fa Andy Piper clarified documentation and explained how to run gem against cloud found...
andypiper authored
64 and you should see your username and the client id of the original token grant on stdout.
65
66 {
67 "id":"17a99e38-c5fd-46a3-9d37-6b12db0937c9",
68 "resource_ids":["cloud_controller","password"],
69 "expires_at":1334117495,
70 "scope":["read"],
71 "email":"marissa@test.org",
72 "client_authorities":["ROLE_UNTRUSTED"],
73 "expires_in":43171,
74 "user_authorities":["ROLE_USER"],
75 "user_id":"marissa",
76 "client_id":"vmc"
77 }
78
79 ### Demo of command line usage against e.g. cloudfoundry.com
80
81 The same command line example should work against a UAA running on cloudfoundry.com. In this case, there is no need to run a local uaa server, so simply ask the external login endpoint to tell you about the system:
82
83 $ curl -H "Accept: application/json" uaa.cloudfoundry.com/login
84 {
85 "prompts":{"username":["text","Username"],
86 "password":["password","Password"]
87 }
88 }
89
90 You can then try logging in with the UAA ruby gem. Make sure you have ruby 1.9, and bundler installed, then
91
92 $ cd gem/; bundle
93 $ ./bin/uaa target uaa.cloudfoundry.com
94 $ ./bin/uaa login [yourusername] [yourpassword]
95
96 (or leave out the username / password to be prompted).
97
98 This authenticates and obtains an access token from the server using the OAuth2 implicit
99 grant, similar to the approach intended for a client like VMC.
650b10c Dave Syer Initial draft - uaa with hard-coded user database
dsyer authored
100
6bab6c9 Dave Syer Put tomcat in a profile (tomcat)
dsyer authored
101 ## Integration tests
102
103 With all apps deployed into a running server on port 8080 the tests
104 will include integration tests (a check is done before each test that
105 the app is running). You can deploy them in your IDE or using the
fb10cbe Dave Syer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and sp...
dsyer authored
106 command line with `mvn tomcat:run` and then run the tests as normal.
6bab6c9 Dave Syer Put tomcat in a profile (tomcat)
dsyer authored
107
00cf04c Dave Syer Simplify integration test incantation
dsyer authored
108 For individual modules, or for the whole project, you can also run
fb10cbe Dave Syer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and sp...
dsyer authored
109 integration tests and the server from the command line in one go with
6bab6c9 Dave Syer Put tomcat in a profile (tomcat)
dsyer authored
110
917374e Dave Syer CFID-228: extract common JAR (now requires Maven 3 for tomcat)
dsyer authored
111 $ mvn test -P integration
6bab6c9 Dave Syer Put tomcat in a profile (tomcat)
dsyer authored
112
28afa21 Dave Syer Remove or tidy jsps and update README
dsyer authored
113 (This might require an initial `mvn install` from the parent directory
114 to get the wars in your local repo first.)
115
fb10cbe Dave Syer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and sp...
dsyer authored
116 To make the tests work in various environments you can modify the
117 configuration of the server and the tests (e.g. the admin client)
118 using a variety of mechanisms. The simplest is to provide additional
119 Maven profiles on the command line, e.g.
120
121 $ (cd uaa; mvn test -P vcap)
122
123 will run the integration tests against a uaa server running in a local
124 vcap, so for example the service URL is set to `uaa.vcap.me` (by
125 default). There are several Maven profiles to play with, and they can
126 be used to run the server, or the tests or both:
127
128 * `local`: runs the server on the ROOT context `http://localhost:8080/`
129
130 * `vcap`: also runs the server on the ROOT context and points the
131 tests at `uaa.vcap.me`.
132
133 * `devuaa`: points the tests at `http://devuaa.cloudfoundry.com` (an
134 instance of UAA deployed on cloudfoundry).
135
136 All these profiles set the `CLOUD_FOUNDRY_CONFIG_PATH` to pick up a
137 `uaa.yml` and (if appropriate) set the context root for running the
138 server (see below for more detail on that).
139
e962246 Dave Syer CFID-105: tweak tests and update README for BVT changes
dsyer authored
140 ### BVTs
141
142 There is a really simple cucumber feature spec (`--tag @uaa`) to
07d4762 Dave Syer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored
143 verify that the UAA server is there. There is also a rake task to
e962246 Dave Syer CFID-105: tweak tests and update README for BVT changes
dsyer authored
144 launch the integration tests from the `uaa` submodule in `vcap`.
145 Typical usage for a local (`uaa.vcap.me`) instance:
146
147 $ cd vcap/tests
148 $ rake bvt:run_uaa
149
fb10cbe Dave Syer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and sp...
dsyer authored
150 You can change the most common important settings with environment
151 variables (see below), or with a custom `uaa.yml`. N.B. `MAVEN_OPTS`
152 cannot be used to set JVM system properties for the tests, but it can
153 be used to set memory limits for the process etc.
154
155 ### Custom YAML Configuration
156
07d4762 Dave Syer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored
157 To modify the runtime parameters you can provide a `uaa.yml`, e.g.
e962246 Dave Syer CFID-105: tweak tests and update README for BVT changes
dsyer authored
158
159 $ cat > /tmp/uaa.yml
160 uaa:
161 host: uaa.appcloud21.dev.mozycloud
162 test:
163 username: dev@cloudfoundry.org # defaults to vcap_tester@vmware.com
164 password: changeme
165 email: dev@cloudfoundry.org
fb10cbe Dave Syer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and sp...
dsyer authored
166
167 then from `vcap-tests`
168
e962246 Dave Syer CFID-105: tweak tests and update README for BVT changes
dsyer authored
169 $ CLOUD_FOUNDRY_CONFIG_PATH=/tmp rake bvt:run_uaa
07d4762 Dave Syer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored
170
fb10cbe Dave Syer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and sp...
dsyer authored
171 or from `uaa/uaa`
e962246 Dave Syer CFID-105: tweak tests and update README for BVT changes
dsyer authored
172
fb10cbe Dave Syer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and sp...
dsyer authored
173 $ CLOUD_FOUNDRY_CONFIG_PATH=/tmp mvn test
07d4762 Dave Syer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored
174
fb10cbe Dave Syer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and sp...
dsyer authored
175 The integration tests look for a Yaml file in the following locations
176 (later entries override earlier ones), and the webapp does the same
177 when it starts up so you can use the same config file for both:
178
179 classpath:uaa.yml
180 file:${CLOUD_FOUNDRY_CONFIG_PATH}/uaa.yml
181 file:${UAA_CONFIG_FILE}
182 ${UAA_CONFIG_URL}
183
184 ### Using Maven with Cloud Foundry or VCAP
185
186 To test against a vcap instance use the Maven profile `vcap` (it
187 switches off some of the tests that create random client and user
188 accounts):
07d4762 Dave Syer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored
189
190 $ (cd uaa; mvn test -P vcap)
fb10cbe Dave Syer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and sp...
dsyer authored
191
07d4762 Dave Syer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored
192 To change the target server it should suffice to set
f1d1a89 Dave Syer CFID-230: update UAA docs
dsyer authored
193 `VCAP_BVT_TARGET` (the tests prefix it with `uaa.` to form the
917374e Dave Syer CFID-228: extract common JAR (now requires Maven 3 for tomcat)
dsyer authored
194 server url), e.g.
195
fb10cbe Dave Syer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and sp...
dsyer authored
196 $ VCAP_BVT_TARGET=appcloud21.dev.mozycloud mvn test -P vcap
197
198 You can also override some of the other most important default
199 settings using environment variables. The defaults as usual come from
200 `uaa.yml` but tests will search first in an environment variable:
e962246 Dave Syer CFID-105: tweak tests and update README for BVT changes
dsyer authored
201
fb10cbe Dave Syer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and sp...
dsyer authored
202 * `UAA_ADMIN_CLIENT_ID` the client id for bootstrapping client
203 registrations needed for the rest of the tests.
e962246 Dave Syer CFID-105: tweak tests and update README for BVT changes
dsyer authored
204
fb10cbe Dave Syer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and sp...
dsyer authored
205 * `UAA_ADMIN_CLIENT_SECRET` the client secret for boottrapping client
206 registrations
207
208 All other settings from `uaa.yml` can be overriden individually as
209 system properties. Running in an IDE this is easy just using whatever
210 features allow you to modify the JVM in test runs, but using Maven you
211 have to use the `argLine` property to get settings passed onto the
212 test JVM, e.g.
213
214 $ mvn -DargLine=-Duaa.test.username=foo test
215
216 will create an account with `userName=foo` for testing (instead using
217 the default setting from `uaa.yml`).
218
219 If you prefer environment variables to system properties you can use a
220 custom `uaa.yml` with placeholders for your environment variables,
221 e.g.
222
223 uaa:
224 test:
225 username: ${UAA_TEST_USERNAME:marissa}
e962246 Dave Syer CFID-105: tweak tests and update README for BVT changes
dsyer authored
226
fb10cbe Dave Syer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and sp...
dsyer authored
227 will look for an environment variable (or system property)
228 `UAA_TEST_USERNAME` before defaulting to `marissa`. This is the trick
229 used to expose `UAA_ADMIN_CLIENT_SECRET` etc. in the standard
230 configuration.
e962246 Dave Syer CFID-105: tweak tests and update README for BVT changes
dsyer authored
231
3c3c502 ___ Update README and scripts to illustrate the implicit flow login/token gr...
tekul authored
232 ## Inventory
650b10c Dave Syer Initial draft - uaa with hard-coded user database
dsyer authored
233
60e128a Dave Syer Add postgres support and and check with PLATFORM=postgresql
dsyer authored
234 There are actually several projects here, the main `uaa` server application and some samples:
650b10c Dave Syer Initial draft - uaa with hard-coded user database
dsyer authored
235
917374e Dave Syer CFID-228: extract common JAR (now requires Maven 3 for tomcat)
dsyer authored
236 0. `common` is a module containing a JAR with all the business logic. It is used in
237 the webapps below.
238
3c3c502 ___ Update README and scripts to illustrate the implicit flow login/token gr...
tekul authored
239 1. `uaa` is the actual UAA server
650b10c Dave Syer Initial draft - uaa with hard-coded user database
dsyer authored
240
0c65ef3 Joel D'sa Changed the name of the gem to cf-uaa-client
joeldsa authored
241 2. `gem` is a ruby gem (`cf-uaa-client`) for interacting with the UAA server
ff93493 Dave Syer CFID-76: Tidy up login and add some rdocs
dsyer authored
242
243 3. `api` (sample) is an OAuth2 resource service which returns a mock list of deployed apps
650b10c Dave Syer Initial draft - uaa with hard-coded user database
dsyer authored
244
ff93493 Dave Syer CFID-76: Tidy up login and add some rdocs
dsyer authored
245 4. `app` (sample) is a user application that uses both of the above
650b10c Dave Syer Initial draft - uaa with hard-coded user database
dsyer authored
246
3c3c502 ___ Update README and scripts to illustrate the implicit flow login/token gr...
tekul authored
247 In CloudFoundry terms
650b10c Dave Syer Initial draft - uaa with hard-coded user database
dsyer authored
248
3c3c502 ___ Update README and scripts to illustrate the implicit flow login/token gr...
tekul authored
249 * `uaa` provides an authentication service plus authorized delegation for
250 back-end services and apps (by issuing OAuth2 access tokens).
650b10c Dave Syer Initial draft - uaa with hard-coded user database
dsyer authored
251
3c3c502 ___ Update README and scripts to illustrate the implicit flow login/token gr...
tekul authored
252 * `api` is `api.cloudfoundry.com` - it's a service which provides resources
253 which other applications may wish to access on behalf of the resource
254 owner (the end user).
650b10c Dave Syer Initial draft - uaa with hard-coded user database
dsyer authored
255
3c3c502 ___ Update README and scripts to illustrate the implicit flow login/token gr...
tekul authored
256 * `app` is `code.cloudfoundry.com` or `studio.cloudfoundry.com` - a
257 webapp that needs single sign on and access to the `api` service on
258 behalf of users.
650b10c Dave Syer Initial draft - uaa with hard-coded user database
dsyer authored
259
92647e4 Dave Syer Upgrade to Spring 3.1
dsyer authored
260 ## UAA Server
261
3c3c502 ___ Update README and scripts to illustrate the implicit flow login/token gr...
tekul authored
262 The authentication service is `uaa`. It's a plain Spring MVC webapp.
263 Deploy as normal in Tomcat or your container of choice, or execute
afc88bb Dave Syer CFID-257: Tidy README and API docs and add extra instructions for instal...
dsyer authored
264 `mvn tomcat:run` to run it directly from `uaa` directory in the source
265 tree (make sure the common jar is installed first using `mvn install`
266 from the common subdirectory or from the top level directory). When
267 running with maven it listens on port 8080.
650b10c Dave Syer Initial draft - uaa with hard-coded user database
dsyer authored
268
afc88bb Dave Syer CFID-257: Tidy README and API docs and add extra instructions for instal...
dsyer authored
269 The UAA Server supports the APIs defined in the UAA-APIs document. To summarise:
650b10c Dave Syer Initial draft - uaa with hard-coded user database
dsyer authored
270
3c3c502 ___ Update README and scripts to illustrate the implicit flow login/token gr...
tekul authored
271 1. The OAuth2 /authorize and /token endpoints
650b10c Dave Syer Initial draft - uaa with hard-coded user database
dsyer authored
272
3c3c502 ___ Update README and scripts to illustrate the implicit flow login/token gr...
tekul authored
273 2. A /login_info endpoint to allow querying for required login prompts
650b10c Dave Syer Initial draft - uaa with hard-coded user database
dsyer authored
274
3c3c502 ___ Update README and scripts to illustrate the implicit flow login/token gr...
tekul authored
275 3. A /check_token endpoint, to allow resource servers to obtain information about
276 an access token submitted by an OAuth2 client.
650b10c Dave Syer Initial draft - uaa with hard-coded user database
dsyer authored
277
92647e4 Dave Syer Upgrade to Spring 3.1
dsyer authored
278 4. SCIM user provisioning endpoint
650b10c Dave Syer Initial draft - uaa with hard-coded user database
dsyer authored
279
92647e4 Dave Syer Upgrade to Spring 3.1
dsyer authored
280 5. OpenID connect endpoints to support authentication /userinfo and
281 /check_id (todo). Implemented roughly enough to get it working (so
282 /app authenticates here), but not to meet the spec.
e578bc0 Dave Syer CFID-36: tidy up and add some docs
dsyer authored
283
284 Authentication can be performed by command line clients by submitting
60e128a Dave Syer Add postgres support and and check with PLATFORM=postgresql
dsyer authored
285 credentials directly to the `/authorize` endpoint (as described in
e578bc0 Dave Syer CFID-36: tidy up and add some docs
dsyer authored
286 UAA-API doc). There is an `ImplicitAccessTokenProvider` in Spring
92647e4 Dave Syer Upgrade to Spring 3.1
dsyer authored
287 Security OAuth that can do the heavy lifting if your client is Java.
288
289 By default `uaa` will launch with a context root `/uaa`. There is a
afc88bb Dave Syer CFID-257: Tidy README and API docs and add extra instructions for instal...
dsyer authored
290 Maven profile `local` to launch with context root `/`, and another
291 called `vcap` to launch at `/` with a postgresql backend.
92647e4 Dave Syer Upgrade to Spring 3.1
dsyer authored
292
ff268de Dave Syer CFID-96: remove private profile and initialise empty database with admin...
dsyer authored
293 ### Configuration
294
295 There is a `uaa.yml` in the application which provides defaults to the
296 placeholders in the Spring XML. Wherever you see
297 `${placeholder.name}` in the XML there is an opportunity to override
298 it either by providing a System property (`-D` to JVM) with the same
afc88bb Dave Syer CFID-257: Tidy README and API docs and add extra instructions for instal...
dsyer authored
299 name, or a custom `uaa.yml` (as described above).
ff268de Dave Syer CFID-96: remove private profile and initialise empty database with admin...
dsyer authored
300
07d4762 Dave Syer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored
301 All passwords and client secrets in the config files are plain text,
302 but they will be inserted into the UAA database encrypted with BCrypt.
ff268de Dave Syer CFID-96: remove private profile and initialise empty database with admin...
dsyer authored
303
92647e4 Dave Syer Upgrade to Spring 3.1
dsyer authored
304 ### User Account Data
305
07d4762 Dave Syer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored
306 The default is to use an in-memory RDBMS user store that is
307 pre-populated with a single test users: `marissa` has password
308 `koala`.
92647e4 Dave Syer Upgrade to Spring 3.1
dsyer authored
309
07d4762 Dave Syer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored
310 To use Postgresql for user data, activate one of the Spring profiles
311 `hsqldb` or `postgresql`.
650b10c Dave Syer Initial draft - uaa with hard-coded user database
dsyer authored
312
07d4762 Dave Syer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored
313 The active profiles can be configured in `uaa.yml` using
314
315 spring_profiles: postgresql
316
317 or by passing the `spring.profiles.active` parameter to the JVM. For,
318 example to run with an embedded HSQL database:
8c2d455 ___ Added spring profile usage info to readme
tekul authored
319
07d4762 Dave Syer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored
320 mvn -Dspring.profiles.active=hsqldb tomcat:run
8c2d455 ___ Added spring profile usage info to readme
tekul authored
321
322 Or to use PostgreSQL instead of HSQL:
323
07d4762 Dave Syer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored
324 mvn -Dspring.profiles.active=postgresql tomcat:run
67f369f ___ CFID-101: Use Apache http client in LegacyAuthenticationManager.
tekul authored
325
07d4762 Dave Syer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored
326 To bootstrap a microcloud type environment you need an admin client.
ff268de Dave Syer CFID-96: remove private profile and initialise empty database with admin...
dsyer authored
327 For this there is a database initializer component that inserts an
07d4762 Dave Syer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored
328 admin client. If the default profile is active (i.e. not
329 `postgresql`) there is also a `vmc` client so that the gem login works
330 out of the box. You can override the default settings and add
331 additional clients in `uaa.yml`:
332
333 oauth:
334 clients:
335 admin:
336 authorized-grant-types: client_credentials
337 scope: read,write,password
f1d1a89 Dave Syer CFID-230: update UAA docs
dsyer authored
338 authorities: ROLE_CLIENT,ROLE_ADIN
07d4762 Dave Syer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored
339 id: admin
340 secret: adminclientsecret
341 resource-ids: clients
342
343 The admin client can be used to create additional clients (but not to
344 do anything much else). A client with read/write access to the `scim`
345 resource will be needed to create user accounts. The integration
346 tests take care of this automatically, inserting client and user
347 accounts as necessary to make the tests work.
8c2d455 ___ Added spring profile usage info to readme
tekul authored
348
3c3c502 ___ Update README and scripts to illustrate the implicit flow login/token gr...
tekul authored
349 ## The API Application
650b10c Dave Syer Initial draft - uaa with hard-coded user database
dsyer authored
350
3c3c502 ___ Update README and scripts to illustrate the implicit flow login/token gr...
tekul authored
351 An example resource server. It hosts a service which returns
352 a list of mock applications under `/apps`.
650b10c Dave Syer Initial draft - uaa with hard-coded user database
dsyer authored
353
00cf04c Dave Syer Simplify integration test incantation
dsyer authored
354 Run it using `mvn tomcat:run` from the `api` directory (once all other
355 tomcat processes have been shutdown). This will deploy the app to a
356 Tomcat manager on port 8080.
650b10c Dave Syer Initial draft - uaa with hard-coded user database
dsyer authored
357
358 ## The App Application
359
39b9174 ___ Minor edit to README.md (review test)
tekul authored
360 This is a user interface app (primarily aimed at browsers) that uses
e578bc0 Dave Syer CFID-36: tidy up and add some docs
dsyer authored
361 OpenId Connect for authentication (i.e. SSO) and OAuth2 for access
362 grants. It authenticates with the Auth service, and then accesses
00cf04c Dave Syer Simplify integration test incantation
dsyer authored
363 resources in the API service. Run it with `mvn tomcat:run` from the
364 `app` directory (once all other tomcat processes have been shutdown).
650b10c Dave Syer Initial draft - uaa with hard-coded user database
dsyer authored
365
366 ### Use Cases
367
ab32020 Dave Syer Update README
dsyer authored
368 1. See all apps
650b10c Dave Syer Initial draft - uaa with hard-coded user database
dsyer authored
369
39b9174 ___ Minor edit to README.md (review test)
tekul authored
370 GET /app/apps
650b10c Dave Syer Initial draft - uaa with hard-coded user database
dsyer authored
371
372 browser is redirected through a series of authentication and access
373 grant steps (which could be slimmed down to implicit steps not
374 requiring user at some point), and then the photos are shown.
375
ab32020 Dave Syer Update README
dsyer authored
376 2. See the currently logged in user details, a bag of attributes
650b10c Dave Syer Initial draft - uaa with hard-coded user database
dsyer authored
377 grabbed from the open id provider
378
ab32020 Dave Syer Update README
dsyer authored
379 GET /app
Something went wrong with that request. Please try again.