Reputation: 7281
Chaining federation of CloudFoundry UAA
I have two CloudFoundry UAA instances which have SAML and LDAP identity providers configured for them. Consumers can authenticate using a authorization_code or client_credentials grant and receive the JWT.
Now, I need to create another UAA instance which federates or chains into both of these UAAs. The reasoning is that I can use a single point-of-contact for my resource-server to authenticate into both chained UAA instances. It also gives me more control over my UAA instance, since the two child instances are usually owned by other parties.
The end-result I am looking for is that I should be able to authenticate with the SAML/LDAP IDPs in the child UAAs, using the auth endpoint of the parent UAA. Is there any way to achieve this federation?
Upvotes: 1
Views: 461
Answers (1)
Reputation: 386
Yes, you can achieve this by federating both the child UAAs with the Parent UAA UAA is both an OpenID Connect IDP and a Relying Party. By doing this, you will be adding the Child IDPs as external IDP to the Parent UAA and both the Child IDPs will trust the Parent UAA as a Relying Party
Please refer to the doc here on how add External IDPs via the API: http://docs.cloudfoundry.org/api/uaa/#oauth-oidc
Upvotes: 0
Related Questions
- Google cloud service account federated access to AWS service
- GCP Federation/Hybrid Identity options
- Client Credentials for Cloud Foundry UAA Server
- CloudFoundry UAA Multi instances
- unlock local Cloud Foundry user. uaac?
- CloudFoundry UAA with Oracle DB
- Crossing identity zones in Cloudfoundry UAA
- Integrating Cloudfoundry UAA with external identity provider
- cloudfoundry UAA as SAML IDP
- Cloudfoundry's cf login yields a "connection refused" error message