Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100644 405 lines (276 sloc) 15.41 kB
39b9174 @tekul Minor edit to README.md (review test)
tekul authored
1 <link href="https://raw.github.com/clownfart/Markdown-CSS/master/markdown.css" rel="stylesheet"></link>
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
2 # CloudFoundry User Account and Authentication (UAA) Server
ace5777 @daleolds start of UAA
daleolds authored
3
f59c412 Add Travis CI and Coveralls badges to README
Philip Kuryloski and Robert Gallagher authored
4 [![Build Status](https://travis-ci.org/cloudfoundry/uaa.svg?branch=develop)](https://travis-ci.org/cloudfoundry/uaa)
5 [![Coverage Status](https://coveralls.io/repos/cloudfoundry/uaa/badge.png?branch=develop)](https://coveralls.io/r/cloudfoundry/uaa?branch=develop)
6
ab8e6d2 @fhanik Doc updates - correct mailing list, etc
fhanik authored
7 The UAA is a multi tenant identity management service, used in Cloud Foundry, but also available
8 as a stand alone OAuth2 server. It's primary role is as an OAuth2 provider, issuing tokens for client
126fd01 @dsyer CFID-265: tidy client config and add docs
dsyer authored
9 applications to use when they act on behalf of Cloud Foundry users.
10 It can also authenticate users with their Cloud Foundry credentials,
11 and can act as an SSO service using those credentials (or others). It
12 has endpoints for managing user accounts and for registering OAuth2
13 clients, as well as various other management functions.
14
d117c68 @dsyer Add useful listings to README
dsyer authored
15 ## Co-ordinates
16
b454f03 @fhanik Fixup formatting and link reference
fhanik authored
17 * Tokens: [A note on tokens, scopes and authorities](https://github.com/cloudfoundry/uaa/tree/master/docs/UAA-Tokens.md)
ab8e6d2 @fhanik Doc updates - correct mailing list, etc
fhanik authored
18 * Technical forum: [cf-dev mailing list](https://lists.cloudfoundry.org)
f2a6532 @dsyer Fix link to docs in README to work with github
dsyer authored
19 * Docs: [docs/](https://github.com/cloudfoundry/uaa/tree/master/docs)
c25824e @fhanik Fix links
fhanik authored
20 * API Documentation: [UAA-APIs.rst](https://github.com/cloudfoundry/uaa/tree/master/docs/UAA-APIs.rst)
d851d7e @fhanik Document wildcard scopes
fhanik authored
21 * Specification: [The Oauth 2 Authorization Framework](http://tools.ietf.org/html/rfc6749)
dc74ebc @fhanik Fix docs/ path
fhanik authored
22 * LDAP: [UAA LDAP Integration](https://github.com/cloudfoundry/uaa/tree/master/docs/UAA-LDAP.md)
d117c68 @dsyer Add useful listings to README
dsyer authored
23
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
24 ## Quick Start
ace5777 @daleolds start of UAA
daleolds authored
25
ab32020 @dsyer Update README
dsyer authored
26 If this works you are in business:
ace5777 @daleolds start of UAA
daleolds authored
27
8cefad2 @tekul Minor update to README.
tekul authored
28 $ git clone git://github.com/cloudfoundry/uaa.git
accc466 @fhanik Apply build profiles
fhanik authored
29 $ cd uaa
4f852d8 Update docs to reference gradle build
Philip Kuryloski and Rob Gallagher authored
30 $ ./gradlew run
39b9174 @tekul Minor edit to README.md (review test)
tekul authored
31
4f852d8 Update docs to reference gradle build
Philip Kuryloski and Rob Gallagher authored
32 The apps all work together with the apps running on the same port
ab8e6d2 @fhanik Doc updates - correct mailing list, etc
fhanik authored
33 (8080) as [`/uaa`](http://localhost:8080/uaa), [`/app`](http://localhost:8080/app) and [`/api`](http://localhost:8080/api).
3471d8f @bmidgley documentation updates uaac etc
bmidgley authored
34
96aa258 Update README to include Bug filing info per Deepika
Chloe Jackson authored
35 ### Deploy to Cloud Foundry
bb43295 @dsyer Add vmc push instructions
dsyer authored
36
37 You can also build the app and push it to Cloud Foundry, e.g.
38
4f852d8 Update docs to reference gradle build
Philip Kuryloski and Rob Gallagher authored
39 $ ./gradlew :cloudfoundry-identity-uaa:war
ab8e6d2 @fhanik Doc updates - correct mailing list, etc
fhanik authored
40 $ cf push myuaa --no-start -m 512M -b https://github.com/cloudfoundry/java-buildpack#v2.4 -p uaa/build/libs/cloudfoundry-identity-uaa-2.3.2-SNAPSHOT.war
32955a1 @fhanik Update readme to use a known version buildpack to avoid changes
fhanik authored
41 $ cf set-env myuaa SPRING_PROFILES_ACTIVE default
42 $ cf set-env myuaa UAA_URL http://myuaa.<domain>
43 $ cf set-env myuaa LOGIN_URL http://myuaa.<domain>
8c42987 Update README
Philip Kuryloski and Robert Gallagher authored
44 $ cf start myuaa
bb43295 @dsyer Add vmc push instructions
dsyer authored
45
35d32c6 @lcddave Clarify variations for push to CF steps
lcddave authored
46 In the steps above, replace:
47
48 * `myuaa` with a unique application name
ab8e6d2 @fhanik Doc updates - correct mailing list, etc
fhanik authored
49 * `2.3.2-SNAPSHOT` with the appropriate version label from your build
32955a1 @fhanik Update readme to use a known version buildpack to avoid changes
fhanik authored
50 * `<domain>` this is your app domain. We will be parsing this from the system environment in the future
51 * We have not tested our system on Apache Tomcat 8 and Java 8, so we pick a build pack that produces lower versions
bb43295 @dsyer Add vmc push instructions
dsyer authored
52
53 ### Demo of command line usage on local server
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
54
73e67fa @andypiper clarified documentation and explained how to run gem against cloud fo…
andypiper authored
55 First run the UAA server as described above:
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
56
4f852d8 Update docs to reference gradle build
Philip Kuryloski and Rob Gallagher authored
57 $ ./gradlew run
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
58
73e67fa @andypiper clarified documentation and explained how to run gem against cloud fo…
andypiper authored
59 Then start another terminal and from the project base directory, ask
07d4762 @dsyer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored
60 the login endpoint to tell you about the system:
61
62 $ curl -H "Accept: application/json" localhost:8080/uaa/login
63 {
64 "timestamp":"2012-03-28T18:25:49+0100",
65 "commit_id":"111274e",
66 "prompts":{"username":["text","Username"],
67 "password":["password","Password"]
68 }
69 }
70
71 Then you can try logging in with the UAA ruby gem. Make sure you have
967dd81 @dsyer Fix README for uaac changes
dsyer authored
72 ruby 1.9, then
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
73
967dd81 @dsyer Fix README for uaac changes
dsyer authored
74 $ gem install cf-uaac
75 $ uaac target http://localhost:8080/uaa
76 $ uaac token get marissa koala
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
77
ff93493 @dsyer CFID-76: Tidy up login and add some rdocs
dsyer authored
78 (or leave out the username / password to be prompted).
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
79
fb10cbe @dsyer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
dsyer authored
80 This authenticates and obtains an access token from the server using
81 the OAuth2 implicit grant, similar to the approach intended for a
8c42987 Update README
Philip Kuryloski and Robert Gallagher authored
82 client like CF. The token is stored in `~/.uaac.yml`, so dig into
83 that file and pull out the access token for your `cf` target (or use
def3acb @dsyer Update README for uaac (new gem)
dsyer authored
84 `--verbose` on the login command line above to see it logged to your
85 console).
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
86
def3acb @dsyer Update README for uaac (new gem)
dsyer authored
87 Then you can login as a resource server and retrieve the token
88 details:
89
967dd81 @dsyer Fix README for uaac changes
dsyer authored
90 $ uaac target http://localhost:8080/uaa
ab8e6d2 @fhanik Doc updates - correct mailing list, etc
fhanik authored
91 $ uaac token decode
ff93493 @dsyer CFID-76: Tidy up login and add some rdocs
dsyer authored
92
967dd81 @dsyer Fix README for uaac changes
dsyer authored
93 You should see your username and the client id of the original
def3acb @dsyer Update README for uaac (new gem)
dsyer authored
94 token grant on stdout, e.g.
95
967dd81 @dsyer Fix README for uaac changes
dsyer authored
96 exp: 1355348409
97 user_name: marissa
98 scope: cloud_controller.read openid password.write scim.userids tokens.read tokens.write
99 email: marissa@test.org
100 aud: scim tokens openid cloud_controller password
101 jti: ea2fac72-3f51-4c8f-a7a6-5ffc117af542
102 user_id: ba14fea0-9d87-4f0c-b59e-32aaa8eb1434
f3e3f5f @pjk25 Rename vmc to cf
pjk25 authored
103 client_id: cf
73e67fa @andypiper clarified documentation and explained how to run gem against cloud fo…
andypiper authored
104
accc466 @fhanik Apply build profiles
fhanik authored
105 ### Running local system against default MySQL and PostgreSQL settings (and Flyway migration script information)
106
107 $ ./gradlew -Dspring.profiles.active=default,mysql run
108
109 This command will assume that there is a MySQL database available with the default settings for access
110 and will respond to the following JDBC settings.
111
112 driver = 'org.mariadb.jdbc.Driver'
113 url = 'jdbc:mysql://localhost:3306/uaa'
114 user = 'root'
115 password = 'changeme'
116 schemas = ['uaa']
117
118 In a similar fashion, should you execute the command
119
120 $ ./gradlew -Dspring.profiles.active=default,postgresql run
121
122 It uses the settings defined as
123
124 driver = 'org.postgresql.Driver'
125 url = 'jdbc:postgresql:uaa'
126 user = 'root'
127 password = 'changeme'
128
129 These settings are duplicated in two places for the Gradle integration.
130 They are defined as defaults in the Spring XML configuration files and they are defined in the main
131 build.gradle file. The reason they are in the Gradle build file, is so that during Gradle always executes the flywayClean
132 task prior to launching the UAA application. If you wish to not clean the DB, you can define the variable
133
134 -Dflyway.clean=false
135
136 as part of your command line. This disables the flywayClean task in the gradle script.
137 Another way to disable to the flywayClean is to not specify the spring profiles on the command line,
138 but set the profiles in the uaa.yml and login.yml files.
139
8c42987 Update README
Philip Kuryloski and Robert Gallagher authored
140 ### Demo of command line usage on run.pivotal.io
73e67fa @andypiper clarified documentation and explained how to run gem against cloud fo…
andypiper authored
141
def3acb @dsyer Update README for uaac (new gem)
dsyer authored
142 The same command line example should work against a UAA running on
8c42987 Update README
Philip Kuryloski and Robert Gallagher authored
143 run.pivotal.io (except for the token decoding bit because you won't
def3acb @dsyer Update README for uaac (new gem)
dsyer authored
144 have the client secret). In this case, there is no need to run a local
145 uaa server, so simply ask the external login endpoint to tell you
146 about the system:
73e67fa @andypiper clarified documentation and explained how to run gem against cloud fo…
andypiper authored
147
8c42987 Update README
Philip Kuryloski and Robert Gallagher authored
148 $ curl -H "Accept: application/json" login.run.pivotal.io
73e67fa @andypiper clarified documentation and explained how to run gem against cloud fo…
andypiper authored
149 {
150 "prompts":{"username":["text","Username"],
151 "password":["password","Password"]
152 }
153 }
154
967dd81 @dsyer Fix README for uaac changes
dsyer authored
155 You can then try logging in with the UAA ruby gem. Make sure you have ruby 1.9, then
73e67fa @andypiper clarified documentation and explained how to run gem against cloud fo…
andypiper authored
156
967dd81 @dsyer Fix README for uaac changes
dsyer authored
157 $ gem install cf-uaac
8c42987 Update README
Philip Kuryloski and Robert Gallagher authored
158 $ uaac target uaa.run.pivotal.io
967dd81 @dsyer Fix README for uaac changes
dsyer authored
159 $ uaac token get [yourusername] [yourpassword]
73e67fa @andypiper clarified documentation and explained how to run gem against cloud fo…
andypiper authored
160
161 (or leave out the username / password to be prompted).
162
163 This authenticates and obtains an access token from the server using the OAuth2 implicit
8c42987 Update README
Philip Kuryloski and Robert Gallagher authored
164 grant, the same as used by a client like CF.
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
165
6bab6c9 @dsyer Put tomcat in a profile (tomcat)
dsyer authored
166 ## Integration tests
167
4f852d8 Update docs to reference gradle build
Philip Kuryloski and Rob Gallagher authored
168 You can run the integration tests with
6bab6c9 @dsyer Put tomcat in a profile (tomcat)
dsyer authored
169
4f852d8 Update docs to reference gradle build
Philip Kuryloski and Rob Gallagher authored
170 $ ./gradlew integrationTest
4ef5985 @fhanik Rephrase docs to use gradle
fhanik authored
171
fb10cbe @dsyer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
dsyer authored
172 will run the integration tests against a uaa server running in a local
4ef5985 @fhanik Rephrase docs to use gradle
fhanik authored
173 Apache Tomcat instance, so for example the service URL is set to `http://localhost:8080/uaa` (by
174 default).
fb10cbe @dsyer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
dsyer authored
175
4ef5985 @fhanik Rephrase docs to use gradle
fhanik authored
176 You can point the `CLOUD_FOUNDRY_CONFIG_PATH` to pick up a
177 `uaa.yml` where URLs can be changed
178 and (if appropriate) set the context root for running the
fb10cbe @dsyer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
dsyer authored
179 server (see below for more detail on that).
180
181 ### Custom YAML Configuration
182
07d4762 @dsyer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored
183 To modify the runtime parameters you can provide a `uaa.yml`, e.g.
e962246 @dsyer CFID-105: tweak tests and update README for BVT changes
dsyer authored
184
ab8e6d2 @fhanik Doc updates - correct mailing list, etc
fhanik authored
185 $ cat > /tmp/config/uaa.yml
e962246 @dsyer CFID-105: tweak tests and update README for BVT changes
dsyer authored
186 uaa:
187 host: uaa.appcloud21.dev.mozycloud
188 test:
189 username: dev@cloudfoundry.org # defaults to vcap_tester@vmware.com
190 password: changeme
191 email: dev@cloudfoundry.org
fb10cbe @dsyer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
dsyer authored
192
8c42987 Update README
Philip Kuryloski and Robert Gallagher authored
193 then from `uaa/uaa`
e962246 @dsyer CFID-105: tweak tests and update README for BVT changes
dsyer authored
194
ab8e6d2 @fhanik Doc updates - correct mailing list, etc
fhanik authored
195 $ CLOUD_FOUNDRY_CONFIG_PATH=/tmp/config ./gradlew test
07d4762 @dsyer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored
196
8c42987 Update README
Philip Kuryloski and Robert Gallagher authored
197 The webapp looks for a Yaml file in the following locations
198 (later entries override earlier ones) when it starts up.
fb10cbe @dsyer CFID-233,CFID-214: changes in SECOAUTH require updates to config, and…
dsyer authored
199
200 classpath:uaa.yml
201 file:${CLOUD_FOUNDRY_CONFIG_PATH}/uaa.yml
202 file:${UAA_CONFIG_FILE}
203 ${UAA_CONFIG_URL}
204
4ef5985 @fhanik Rephrase docs to use gradle
fhanik authored
205 ### Using Gradle to test with postgresql or mysql
07d4762 @dsyer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored
206
ab8e6d2 @fhanik Doc updates - correct mailing list, etc
fhanik authored
207 The default uaa unit tests (./gradlew test integrationTest) use hsqldb.
b7df865 @joeldsa Enable the mysql profile and fix unit tests to work with mysql
joeldsa authored
208
209 To run the unit tests using postgresql:
210
accc466 @fhanik Apply build profiles
fhanik authored
211 $ ./gradlew -Dspring.profiles.active=default,postgresql test integrationTest
b7df865 @joeldsa Enable the mysql profile and fix unit tests to work with mysql
joeldsa authored
212
ab8e6d2 @fhanik Doc updates - correct mailing list, etc
fhanik authored
213 Optionally, the Spring profile can be configured in the `uaa.yml` file
214
215 $ echo "spring_profiles: default,postgresql" > src/main/resources/uaa.yml
216
b7df865 @joeldsa Enable the mysql profile and fix unit tests to work with mysql
joeldsa authored
217 To run the unit tests using mysql:
218
accc466 @fhanik Apply build profiles
fhanik authored
219 $ ./gradlew -Dspring.profiles.active=default,mysql test integrationTest
4ef5985 @fhanik Rephrase docs to use gradle
fhanik authored
220
b7df865 @joeldsa Enable the mysql profile and fix unit tests to work with mysql
joeldsa authored
221
4ef5985 @fhanik Rephrase docs to use gradle
fhanik authored
222 The database configuration for the common and scim modules is defaulted in
ab8e6d2 @fhanik Doc updates - correct mailing list, etc
fhanik authored
223 the [Spring XML configuration files](https://github.com/cloudfoundry/uaa/blob/master/common/src/main/resources/spring/env.xml).
224 You can change them by configuring them in `uaa.yml`
225
226 The defaults are
227
228 PostgreSQL: User: root Password: changeme Database: uaa Host: localhost Port: 5432
229 MySQL: User: root Password: changeme Database: uaa Host: localhost Port: 3306
b7df865 @joeldsa Enable the mysql profile and fix unit tests to work with mysql
joeldsa authored
230
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
231 ## Inventory
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
232
60e128a @dsyer Add postgres support and and check with PLATFORM=postgresql
dsyer authored
233 There are actually several projects here, the main `uaa` server application and some samples:
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
234
917374e @dsyer CFID-228: extract common JAR (now requires Maven 3 for tomcat)
dsyer authored
235 0. `common` is a module containing a JAR with all the business logic. It is used in
236 the webapps below.
237
ab8e6d2 @fhanik Doc updates - correct mailing list, etc
fhanik authored
238 1. `uaa` is the actual UAA server - compiles as a WAR file for easy deployment
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
239
8c42987 Update README
Philip Kuryloski and Robert Gallagher authored
240 2. `api` (sample) is an OAuth2 resource service which returns a mock list of deployed apps
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
241
8c42987 Update README
Philip Kuryloski and Robert Gallagher authored
242 3. `app` (sample) is a user application that uses both of the above
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
243
8c42987 Update README
Philip Kuryloski and Robert Gallagher authored
244 4. `scim` [SCIM](http://www.simplecloud.info/) user management module used by UAA
126fd01 @dsyer CFID-265: tidy client config and add docs
dsyer authored
245
accc466 @fhanik Apply build profiles
fhanik authored
246 5. `login` This module represents the UI of the UAA. It is the code that was merged in from the former login-server project.
247
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
248 In CloudFoundry terms
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
249
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
250 * `uaa` provides an authentication service plus authorized delegation for
251 back-end services and apps (by issuing OAuth2 access tokens).
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
252
f6a4503 @joeldsa Remove legacy application examples from the README
joeldsa authored
253 * `api` is a service that provides resources that other applications may
254 wish to access on behalf of the resource owner (the end user).
255
256 * `app` is a webapp that needs single sign on and access to the `api`
257 service on behalf of users.
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
258
92647e4 @dsyer Upgrade to Spring 3.1
dsyer authored
259 ## UAA Server
260
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
261 The authentication service is `uaa`. It's a plain Spring MVC webapp.
262 Deploy as normal in Tomcat or your container of choice, or execute
4ef5985 @fhanik Rephrase docs to use gradle
fhanik authored
263 `./gradlew run` to run it directly from `uaa` directory in the source
264 tree. When running with gradle it listens on port 8080 and the URL is
265 `http://localhost:8080/uaa`
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
266
afc88bb @dsyer CFID-257: Tidy README and API docs and add extra instructions for ins…
dsyer authored
267 The UAA Server supports the APIs defined in the UAA-APIs document. To summarise:
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
268
ab8e6d2 @fhanik Doc updates - correct mailing list, etc
fhanik authored
269 1. The OAuth2 /oauth/authorize and /oauth/token endpoints
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
270
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
271 2. A /login_info endpoint to allow querying for required login prompts
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
272
3c3c502 @tekul Update README and scripts to illustrate the implicit flow login/token…
tekul authored
273 3. A /check_token endpoint, to allow resource servers to obtain information about
274 an access token submitted by an OAuth2 client.
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
275
ab8e6d2 @fhanik Doc updates - correct mailing list, etc
fhanik authored
276 4. A /token_key endpoint, to allow resource servers to obtain the verification key to verify token signatures
277
278 5. SCIM user provisioning endpoint
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
279
ab8e6d2 @fhanik Doc updates - correct mailing list, etc
fhanik authored
280 6. OpenID connect endpoints to support authentication /userinfo. Partial OpenID support.
e578bc0 @dsyer CFID-36: tidy up and add some docs
dsyer authored
281
282 Authentication can be performed by command line clients by submitting
accc466 @fhanik Apply build profiles
fhanik authored
283 credentials directly to the `/oauth/authorize` endpoint (as described in
e578bc0 @dsyer CFID-36: tidy up and add some docs
dsyer authored
284 UAA-API doc). There is an `ImplicitAccessTokenProvider` in Spring
92647e4 @dsyer Upgrade to Spring 3.1
dsyer authored
285 Security OAuth that can do the heavy lifting if your client is Java.
286
ab8e6d2 @fhanik Doc updates - correct mailing list, etc
fhanik authored
287 By default `uaa` will launch with a context root `/uaa`.
92647e4 @dsyer Upgrade to Spring 3.1
dsyer authored
288
8c42987 Update README
Philip Kuryloski and Robert Gallagher authored
289 ### Use Cases
290
291 1. Authenticate
292
293 GET /login
294
295 A basic form login interface.
296
297 2. Approve OAuth2 token grant
298
299 GET /oauth/authorize?client_id=app&response_type=code...
300
301 Standard OAuth2 Authorization Endpoint.
302
303 3. Obtain access token
304
305 POST /oauth/token
306
307 Standard OAuth2 Authorization Endpoint.
308
ff268de @dsyer CFID-96: remove private profile and initialise empty database with ad…
dsyer authored
309 ### Configuration
310
ab8e6d2 @fhanik Doc updates - correct mailing list, etc
fhanik authored
311 There are two configuration files, `uaa.yml` and `login.yml`, in the application which provides defaults to the
312 placeholders in the Spring XML.
313 Wherever you see `${placeholder.name}` in the XML there is an opportunity to override
ff268de @dsyer CFID-96: remove private profile and initialise empty database with ad…
dsyer authored
314 it either by providing a System property (`-D` to JVM) with the same
ab8e6d2 @fhanik Doc updates - correct mailing list, etc
fhanik authored
315 name, or a custom `uaa.yml` or `login.yml` (as described above).
316
317 The `uaa.yml` and `login.yml` get merged during startup into one configuration.
ff268de @dsyer CFID-96: remove private profile and initialise empty database with ad…
dsyer authored
318
07d4762 @dsyer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored
319 All passwords and client secrets in the config files are plain text,
320 but they will be inserted into the UAA database encrypted with BCrypt.
ff268de @dsyer CFID-96: remove private profile and initialise empty database with ad…
dsyer authored
321
ab8e6d2 @fhanik Doc updates - correct mailing list, etc
fhanik authored
322 In the future, you will be able to provide passwords in bcrypt format to avoid having to specify clear text passwords.
323
92647e4 @dsyer Upgrade to Spring 3.1
dsyer authored
324 ### User Account Data
325
07d4762 @dsyer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored
326 The default is to use an in-memory RDBMS user store that is
327 pre-populated with a single test users: `marissa` has password
328 `koala`.
92647e4 @dsyer Upgrade to Spring 3.1
dsyer authored
329
ab8e6d2 @fhanik Doc updates - correct mailing list, etc
fhanik authored
330 To use Postgresql for user data, activate the Spring profile `postgresql`.
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
331
07d4762 @dsyer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored
332 The active profiles can be configured in `uaa.yml` using
333
4ef5985 @fhanik Rephrase docs to use gradle
fhanik authored
334 spring_profiles: postgresql,default
07d4762 @dsyer CFID-41, CFID-214: again don't make any assumptions about the database
dsyer authored
335
ab8e6d2 @fhanik Doc updates - correct mailing list, etc
fhanik authored
336 Or specify PostgreSQL on the command line:
8c2d455 @tekul Added spring profile usage info to readme
tekul authored
337
ab8e6d2 @fhanik Doc updates - correct mailing list, etc
fhanik authored
338 $ ./gradlew -Dspring.profiles.active=default,postgresql run
339
4ef5985 @fhanik Rephrase docs to use gradle
fhanik authored
340 ## The API Sample Application
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
341
4ef5985 @fhanik Rephrase docs to use gradle
fhanik authored
342 Two sample applications are included with the UAA. The `/api` and `/app`
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
343
4ef5985 @fhanik Rephrase docs to use gradle
fhanik authored
344 Run it using `./gradlew run` from the `uaa` root directory
345 All three apps, `/uaa`, `/api` and `/app` get deployed
346 simultaneously.
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
347
4ef5985 @fhanik Rephrase docs to use gradle
fhanik authored
348 ## The App Sample Application
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
349
39b9174 @tekul Minor edit to README.md (review test)
tekul authored
350 This is a user interface app (primarily aimed at browsers) that uses
e578bc0 @dsyer CFID-36: tidy up and add some docs
dsyer authored
351 OpenId Connect for authentication (i.e. SSO) and OAuth2 for access
352 grants. It authenticates with the Auth service, and then accesses
4ef5985 @fhanik Rephrase docs to use gradle
fhanik authored
353 resources in the API service. Run it with `./gradlew run` from the
354 `uaa` root directory.
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
355
126fd01 @dsyer CFID-265: tidy client config and add docs
dsyer authored
356 The application can operate in multiple different profiles according
357 to the location (and presence) of the UAA server and the Login
358 application. By default it will look for a UAA on
359 `localhost:8080/uaa`, but you can change this by setting an
360 environment variable (or System property) called `UAA_PROFILE`. In
4ef5985 @fhanik Rephrase docs to use gradle
fhanik authored
361 the application source code (`samples/app/src/main/resources`) you will find
126fd01 @dsyer CFID-265: tidy client config and add docs
dsyer authored
362 multiple properties files pre-configured with different likely
363 locations for those servers. They are all in the form
364 `application-<UAA_PROFILE>.properties` and the naming convention
365 adopted is that the `UAA_PROFILE` is `local` for the localhost
366 deployment, `vcap` for a `vcap.me` deployment, `staging` for a staging
367 deployment (inside VMware VPN), etc. The profile names are double
368 barrelled (e.g. `local-vcap` when the login server is in a different
369 location than the UAA server).
370
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
371 ### Use Cases
372
ab32020 @dsyer Update README
dsyer authored
373 1. See all apps
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
374
39b9174 @tekul Minor edit to README.md (review test)
tekul authored
375 GET /app/apps
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
376
126fd01 @dsyer CFID-265: tidy client config and add docs
dsyer authored
377 browser is redirected through a series of authentication and
378 access grant steps (which could be slimmed down to implicit steps
8c42987 Update README
Philip Kuryloski and Robert Gallagher authored
379 not requiring user at some point), and then the list of apps is shown.
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
380
ab32020 @dsyer Update README
dsyer authored
381 2. See the currently logged in user details, a bag of attributes
650b10c @dsyer Initial draft - uaa with hard-coded user database
dsyer authored
382 grabbed from the open id provider
383
ab32020 @dsyer Update README
dsyer authored
384 GET /app
126fd01 @dsyer CFID-265: tidy client config and add docs
dsyer authored
385
6250f8a @dsyer Add contributor guidelines to README
dsyer authored
386 # Contributing to the UAA
387
388 Here are some ways for you to get involved in the community:
389
390 * Get involved with the Cloud Foundry community on the mailing lists.
391 Please help out on the
ab8e6d2 @fhanik Doc updates - correct mailing list, etc
fhanik authored
392 [mailing list](https://lists.cloudfoundry.org)
6250f8a @dsyer Add contributor guidelines to README
dsyer authored
393 by responding to questions and joining the debate.
394 * Create [github](https://github.com/cloudfoundry/uaa/issues) tickets for bugs and new features and comment and
395 vote on the ones that you are interested in.
396 * Github is for social coding: if you want to write code, we encourage
397 contributions through pull requests from
23d329d @krishna-mk Update README.md
krishna-mk authored
398 [forks of this repository](https://github.com/cloudfoundry/uaa). If you
6250f8a @dsyer Add contributor guidelines to README
dsyer authored
399 want to contribute code this way, please reference an existing issue
400 if there is one as well covering the specific issue you are
401 addressing. Always submit pull requests to the "develop" branch.
402 * Watch for upcoming articles on Cloud Foundry by
403 [subscribing](http://blog.cloudfoundry.org) to the cloudfoundry.org
35d32c6 @lcddave Clarify variations for push to CF steps
lcddave authored
404 blog
Something went wrong with that request. Please try again.