cloud-foundryfederated-identitycloudfoundry-uaa

CloudFoundry UAA Multi instances


What’s the recommended setup across CloudFoundry foundations for UAA? When clients can get routed between the foundations how are clients ensured they don't get re-authenticate? More specifically: If an access/id token is generated in one foundation can it be used in the other foundation?


Solution

  • If you want to ensure that clients do not have to re-authenticate across multiple UAAs, you will have to ensure that the JWT signing key is the same in each foundation. You probably also want to make sure that the issuer field (properties.uaa.issuer in the BOSH deployment) is the same, though I'm less sure that that's required.