Hi,
Currently we are using an UAA with postgresql. We also have an external system that holds user profile information such as user id, password and user attributes like names, mail, profile.
We would like to use this external system to authenticate Cloud Foundry users to avoid replicating thousands of records. The data relevant for Cloud Foundry such as organizations and mapping to users should remain in the postgre db.
The problem we have is that the external system does not currently support LDAP or SCIM. So we came up with some ideas to solve this:
- hack UAA code (AuthzAuthenticationManager.java) and add authentication with the external system
- pros: relatievely easy to do
- cons: requires fork of the UAA code
- implement LDAP adapter/proxy that connects the external system and UAA via LDAP
- pros: no forking
- cons: harder to implement; external system does not support all of the LDAP functionality (groups, search/filtering)
Is there another (recommended) way to plug external authentication in UAA?
Regards,
Hristo Iliev