DocsEdge StackSSO with User Account and Authentication Service (UAA)
SSO with User Account and Authentication Service (UAA)
IMPORTANT: Ambassador Edge Stack requires the IdP to return a JWT signed by the RS256 algorithm (asymmetric key). Cloud Foundry's UAA defaults to symmetric key encryption which Ambassador Edge Stack cannot read.
When configuring UAA, you will need to provide your own asymmetric key in a file called
uaa.yml
. For example:Create an OIDC Client:
Note: Change the value of
{AMBASSADOR_URL}
with the IP or DNS of your Ambassador Edge Stack load balancer.
Configure Filter and FilterPolicy
Configure your OAuth Filter
and FilterPolicy
with the following:
Use the clientID (ambassador
) and secret (CLIENT_SECRET
) from Step 2 to configure the OAuth Filter
.
Note: The authorizationURL
and audience
are the same for UAA configuration.
Note: The scope
field was set when creating the client in
Step 2. You can add any scope values you would like when creating the
client.