[cf-dev] Integration of UAA with Kerberos #uaa #kerberos

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

[cf-dev] Integration of UAA with Kerberos #uaa #kerberos

Enrique Cano
Hi

Has anyone got any experience integrating UAA with Kerberos? Basically, we are trying to obtain a bearer token from UAA by somehow providing a Kerberos ticket instead of client or user credentials.

Thanks in advance

Enrique
_._,_._,_

Links:

You receive all messages sent to this group.

View/Reply Online (#8613) | [hidden email] | [hidden email] | Mute This Topic | New Topic
Mute #uaa | Mute #kerberos
Your Subscription | [hidden email] | Unsubscribe [[hidden email]]

_._,_._,_
Reply | Threaded
Open this post in threaded view
|

Re: [cf-dev] Integration of UAA with Kerberos #uaa #kerberos

Chao Wang

Hi Enrique,

UAA does not support Kerberos today, however, it supports OAuth/OIDC/SAML/LDAP.  

Thanks,

Chao

_._,_._,_

Links:

You receive all messages sent to this group.

View/Reply Online (#8614) | [hidden email] | [hidden email] | Mute This Topic | New Topic
Mute #uaa | Mute #kerberos
Your Subscription | [hidden email] | Unsubscribe [[hidden email]]

_._,_._,_
Reply | Threaded
Open this post in threaded view
|

Re: [cf-dev] Integration of UAA with Kerberos #uaa #kerberos

Camilo Aguilar
FWIW, I'm using UAA to federate authentication against a SAML provider that is already integrated with Kerberos. If that’s not possible for you, there is also 

On Mon, May 20, 2019 at 11:51 AM Chao Wang <[hidden email]> wrote:

Hi Enrique,

UAA does not support Kerberos today, however, it supports OAuth/OIDC/SAML/LDAP.  

Thanks,

Chao

--
Camilo Aguilar
Software Engineer


_._,_._,_

Links:

You receive all messages sent to this group.

View/Reply Online (#8615) | [hidden email] | [hidden email] | Mute This Topic | New Topic
Mute #uaa | Mute #kerberos
Your Subscription | [hidden email] | Unsubscribe [[hidden email]]

_._,_._,_
Reply | Threaded
Open this post in threaded view
|

Re: [cf-dev] Integration of UAA with Kerberos #uaa #kerberos

gberche
We had discussions at Orange on how kerberos could help with browser less, password less experience with cf cli. IFAIK this would however indeed imply 1st class kerberos support in both cf cli and uaa.

That would be interesting to hear if there would be interests in the community.

Guillaume.

Le lun. 20 mai 2019 21:41, Camilo Aguilar <[hidden email]> a écrit :
FWIW, I'm using UAA to federate authentication against a SAML provider that is already integrated with Kerberos. If that’s not possible for you, there is also 

On Mon, May 20, 2019 at 11:51 AM Chao Wang <[hidden email]> wrote:

Hi Enrique,

UAA does not support Kerberos today, however, it supports OAuth/OIDC/SAML/LDAP.  

Thanks,

Chao

--
Camilo Aguilar
Software Engineer


_._,_._,_

Links:

You receive all messages sent to this group.

View/Reply Online (#8618) | [hidden email] | [hidden email] | Mute This Topic | New Topic
Mute #uaa | Mute #kerberos
Your Subscription | [hidden email] | Unsubscribe [[hidden email]]

_._,_._,_
Reply | Threaded
Open this post in threaded view
|

Re: [cf-dev] Integration of UAA with Kerberos #uaa #kerberos

Enrique Cano
In reply to this post by Camilo Aguilar
Thanks, Camilo, that's very interesting and helpful. So, it's possible to do it, we just need to have a SAML provider integrated with Kerberos, and then we can integrate UAA with that SAML provider, is that correct? What SAML provider did you use?

Many thanks

Enrique
_._,_._,_

Links:

You receive all messages sent to this group.

View/Reply Online (#8622) | [hidden email] | [hidden email] | Mute This Topic | New Topic
Mute #uaa | Mute #kerberos
Your Subscription | [hidden email] | Unsubscribe [[hidden email]]

_._,_._,_
Reply | Threaded
Open this post in threaded view
|

Re: [cf-dev] Integration of UAA with Kerberos #uaa #kerberos

Camilo Aguilar
If you don’t have a SAML provider already in place, I would rather use Keycloak.

The SAML provider we used was our customer’s Active Directory Federated Services. We used UAA to not have to integrate our apps with SAML and Kerberos, which was our customer’s authentication and authorization solution. 

On Wed, May 29, 2019 at 10:55 AM Enrique Cano <[hidden email]> wrote:
Thanks, Camilo, that's very interesting and helpful. So, it's possible to do it, we just need to have a SAML provider integrated with Kerberos, and then we can integrate UAA with that SAML provider, is that correct? What SAML provider did you use?

Many thanks

Enrique

--
Camilo Aguilar
Software Engineer


_._,_._,_

Links:

You receive all messages sent to this group.

View/Reply Online (#8623) | [hidden email] | [hidden email] | Mute This Topic | New Topic
Mute #uaa | Mute #kerberos
Your Subscription | [hidden email] | Unsubscribe [[hidden email]]

_._,_._,_