1

I have two CloudFoundry UAA instances which have SAML and LDAP identity providers configured for them. Consumers can authenticate using a authorization_code or client_credentials grant and receive the JWT.

Now, I need to create another UAA instance which federates or chains into both of these UAAs. The reasoning is that I can use a single point-of-contact for my resource-server to authenticate into both chained UAA instances. It also gives me more control over my UAA instance, since the two child instances are usually owned by other parties.

The end-result I am looking for is that I should be able to authenticate with the SAML/LDAP IDPs in the child UAAs, using the auth endpoint of the parent UAA. Is there any way to achieve this federation?

metacubed
  • 7,031
  • 6
  • 36
  • 65

1 Answers1

0

Yes, you can achieve this by federating both the child UAAs with the Parent UAA UAA is both an OpenID Connect IDP and a Relying Party. By doing this, you will be adding the Child IDPs as external IDP to the Parent UAA and both the Child IDPs will trust the Parent UAA as a Relying Party

Please refer to the doc here on how add External IDPs via the API: http://docs.cloudfoundry.org/api/uaa/#oauth-oidc

Sree Tummidi
  • 366
  • 3
  • 3