Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid necessity to configure SAML SP in UAA #2741

Open
torsten-sap opened this issue Feb 21, 2024 · 3 comments
Open

Avoid necessity to configure SAML SP in UAA #2741

torsten-sap opened this issue Feb 21, 2024 · 3 comments
Labels
unscheduled

Comments

@torsten-sap
Copy link
Contributor

What version of UAA are you running?

76.30

How are you deploying the UAA?

  • using cf-deployment

What did you do?

Usage of UAA without the need of SAML.

What did you expect to see? What goal are you trying to achieve with the UAA?

No need to configure SAML SP (including private key + certificate etc.) in uaa.yml.

What did you see instead?

SAML SP configuration (private key + certificate etc.) is required in uaa.yml. Otherwise, UAA will not startup.
@cf-gitbot
Copy link

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/187088205

The labels on this github issue will be updated when the story is started.

@strehle
Copy link
Member

strehle commented Feb 22, 2024

Reproduce the issue:

  1. remove https://github.com/cloudfoundry/uaa/blob/develop/scripts/cargo/uaa.yml#L58-L99
  2. start uaa

Open /login

The IdentityZone should be usable even without SAML keys, but there is execption:

.....a.lang.NullPointerException: Cannot invoke "org.springframework.security.saml.key.KeyManager.getDefaultCredentialName()" because the return value of "org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder.getSamlSPKeyManager()" is null
at org.cloudfoundry.identity.uaa.provider.saml.ZoneAwareKeyManager.getDefaultCredentialName(ZoneAwareKeyManager.java:41) ~[cloudfoundry-identity-server-0.0.0.jar:?]
at org.springframework.security.saml.metadata.MetadataGenerator.getSigningKey(MetadataGenerator.java:802) ~[spring-security-saml2-core-1.0.10.RELEASE.jar:1.0.10.RELEASE]
at org.springframework.security.saml.metadata.MetadataGenerator.buildSPSSODescriptor(MetadataGenerator.java:323) ~[spring-security-saml2-core-1.0.10.RELEASE.jar:1.0.10.RELEASE]
at org.cloudfoundry.identity.uaa.provider.saml.ZoneAwareMetadataGenerator.buildSPSSODescriptor(ZoneAwareMetadataGenerator.java:101) ~[cloudfoundry-identity-server-0.0.0.jar:?]
at org.springframework.security.saml.metadata.MetadataGenerator.generateMetadata(MetadataGenerator.java:189) ~[spring-security-saml2-core-1.0.10.RELEASE.jar:1.0.10.RELEASE]

@hsinn0
Copy link
Contributor

hsinn0 commented Feb 26, 2024

We will plan to look into it to prioritize in next iteration planning session.

@strehle strehle mentioned this issue May 14, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
unscheduled
Projects
Foundational Infrastructure Working Group
Status: Inbox
Milestone
No milestone
Development

No branches or pull requests
4 participants
@cf-gitbot @strehle @torsten-sap @hsinn0