Pivotal/UAA
From r00tedvw.com wiki
(Difference between revisions)
Line 1: | Line 1: | ||
[[Pivotal/UAA|UAA]] | [[Pivotal/UAA|UAA]] | ||
+ | UAA (User Account and Authentication) is used as the identity management service for Cloud Foundry. | ||
=UAAC CLI= | =UAAC CLI= | ||
==Installing Ruby on Mac OSX== | ==Installing Ruby on Mac OSX== | ||
Line 17: | Line 18: | ||
<nowiki>OPs Manager > PAS > Credentials > UAA > Admin Client Credentials</nowiki> | <nowiki>OPs Manager > PAS > Credentials > UAA > Admin Client Credentials</nowiki> | ||
With that information, we can use <code>uaac token client get admin -s ADMIN-CLIENT-SECRET | With that information, we can use <code>uaac token client get admin -s ADMIN-CLIENT-SECRET | ||
+ | =Creating admin user= | ||
+ | To create an admin user that can be used in CF, follow these steps: | ||
+ | <nowiki>Obtain an access token for the UAA server with admin credentials. | ||
+ | ~$ uaac user add admin2 -p password --emails [email protected] | ||
+ | ~$ uaac member add cloud_controller.admin admin2 | ||
+ | ~$ uaac member add uaa.admin admin2 | ||
+ | ~$ uaac member add scim.read admin2 | ||
+ | ~$ uaac member add scim.write admin2</nowiki> | ||
+ | Now you should be able to log in with the user | ||
+ | |||
=Quick Reference= | =Quick Reference= | ||
==uaac contexts== | ==uaac contexts== | ||
Displays the users and applications authorized by the UAA server, along with the permissions granted. | Displays the users and applications authorized by the UAA server, along with the permissions granted. | ||
<nowiki>~$ uaac contexts</nowiki> | <nowiki>~$ uaac contexts</nowiki> |
Revision as of 15:26, 3 August 2018
UAA UAA (User Account and Authentication) is used as the identity management service for Cloud Foundry.
Contents |
UAAC CLI
Installing Ruby on Mac OSX
Use Homebrew
~$ brew install rbenv ~$ eval "$(rbenv init -)" ~$ rbenv install 2.5.1
Install UAAC CLI
~$ sudo gem install cf-uaac
Connecting to UAA server
use the uaac target uaa.<system domain>
command to target the UAA server.
ie. ~$ uaac target uaa.run-16.haas-59.pez.pivotal.io
next, we need to authenticate and obtain an access token. Record the uaa:admin:client_secret from your deployment manifest (stored in ~/.uaac.yml
OR, if you are using a vcenter deployment, obtain it by:
OPs Manager > PAS > Credentials > UAA > Admin Client Credentials
With that information, we can use uaac token client get admin -s ADMIN-CLIENT-SECRET
Creating admin user
To create an admin user that can be used in CF, follow these steps:
Obtain an access token for the UAA server with admin credentials. ~$ uaac user add admin2 -p password --emails [email protected] ~$ uaac member add cloud_controller.admin admin2 ~$ uaac member add uaa.admin admin2 ~$ uaac member add scim.read admin2 ~$ uaac member add scim.write admin2
Now you should be able to log in with the user
Quick Reference
uaac contexts
Displays the users and applications authorized by the UAA server, along with the permissions granted.
~$ uaac contexts