Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Avoid necessity to configure SAML SP in UAA #2741

Open
torsten-sap opened this issue Feb 21, 2024 · 3 comments
Open

Avoid necessity to configure SAML SP in UAA #2741

torsten-sap opened this issue Feb 21, 2024 · 3 comments
Assignees

Comments

@torsten-sap
Copy link
Contributor

What version of UAA are you running?

76.30

How are you deploying the UAA?

  • using cf-deployment

What did you do?

Usage of UAA without the need of SAML.

What did you expect to see? What goal are you trying to achieve with the UAA?

No need to configure SAML SP (including private key + certificate etc.) in uaa.yml.

What did you see instead?

SAML SP configuration (private key + certificate etc.) is required in uaa.yml. Otherwise, UAA will not startup.

@cf-gitbot
Copy link

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/187088205

The labels on this github issue will be updated when the story is started.

@strehle
Copy link
Member

strehle commented Feb 22, 2024

Reproduce the issue:

  1. remove https://github.com/cloudfoundry/uaa/blob/develop/scripts/cargo/uaa.yml#L58-L99
  2. start uaa

Open /login

The IdentityZone should be usable even without SAML keys, but there is execption:

.....a.lang.NullPointerException: Cannot invoke "org.springframework.security.saml.key.KeyManager.getDefaultCredentialName()" because the return value of "org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder.getSamlSPKeyManager()" is null
at org.cloudfoundry.identity.uaa.provider.saml.ZoneAwareKeyManager.getDefaultCredentialName(ZoneAwareKeyManager.java:41) ~[cloudfoundry-identity-server-0.0.0.jar:?]
at org.springframework.security.saml.metadata.MetadataGenerator.getSigningKey(MetadataGenerator.java:802) ~[spring-security-saml2-core-1.0.10.RELEASE.jar:1.0.10.RELEASE]
at org.springframework.security.saml.metadata.MetadataGenerator.buildSPSSODescriptor(MetadataGenerator.java:323) ~[spring-security-saml2-core-1.0.10.RELEASE.jar:1.0.10.RELEASE]
at org.cloudfoundry.identity.uaa.provider.saml.ZoneAwareMetadataGenerator.buildSPSSODescriptor(ZoneAwareMetadataGenerator.java:101) ~[cloudfoundry-identity-server-0.0.0.jar:?]
at org.springframework.security.saml.metadata.MetadataGenerator.generateMetadata(MetadataGenerator.java:189) ~[spring-security-saml2-core-1.0.10.RELEASE.jar:1.0.10.RELEASE]

@hsinn0
Copy link
Contributor

hsinn0 commented Feb 26, 2024

We will plan to look into it to prioritize in next iteration planning session.

@strehle strehle self-assigned this Dec 5, 2024
@strehle strehle moved this from Inbox to Pending Review | Discussion in Foundational Infrastructure Working Group Dec 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: Pending Review | Discussion
Development

No branches or pull requests

4 participants