UAA CAB Updates for January 2015

[Sree]

Hi All,

We were unable to provide UAA updates at this week's CAB meeting. This email provides a summary of the things that the Identity team has been working on.

SAML Enhancements and Fixes

We closed important gaps with our Active Directory Federation Services and Azure AD integration. Both Azure and ADFS enforce a URL based SAML Service Provider Entity ID. UAA now supports this and is configurable via login.yml

 Important SAML fixes include:

1. Local EntityID of Type URL throws an exception when performing SAML based authentication
   
2. SSO URL without port throws a port -1 error
   
3. SAML: Authorization error on favicon.ico
   
4. SAML login breaks if SSO has been logged in for more than 2 hours
   

UAA & Multi-tenancy

As you all know that we have undertaken the major effort of adding multi-tenancy support to UAA. This feature will allow UAA adopters to segregate their users store , identity providers and applications secured by UAA.  Some typical business cases which may require segregation include : Employee vs Consumer Apps , Dev vs. Production Environment Apps

The team is continuing to make great progress. We have competed adding multi tenancy to the SCIM end points and OAuth Client Management end points.  We introduced a new end point to manage Identity Providers which is a multi-tenant end point as well.  This end point will provide management of SAML & LDAP providers in the database.

Integration of Merged Login Server/ UAA to cf-release

We are currently in the process of testing the upgrade of cf-release from separate Login Server and UAA to the merged version. This will be merged soon to cf-release

Thanks,

Sree Tummidi

Sr. Product Manager

Identity - Pivotal Cloud Foundry