How to Integrate an Application with Cloud Foundry using OAuth2

by November 5, 2012

This article explains how to use Cloud Foundry APIs from a user
application using the built in identity management solution in
the User Account and Authentication Service (UAA). The UAA
acts (amongst other things) as an OAuth 2.0 Authorization Server,
granting access tokens to Client applications for them to use when
accessing Resource Servers in the platform, such as the Cloud
Controller. This article describes the responsibilities of a Client
application and the mechanics of setting one up. It uses a simple
example Client application (available on
github), and recasts it into
various forms to help developers with different language and tool
preferences to get to grips with the topic (Ruby, Java, Grails).

How to Integrate an Application with Cloud Foundry using OAuth2

by November 5, 2012

This article explains how to use Cloud Foundry APIs from a user application using the built in identity management solution in the User Account and Authentication Service (UAA). The UAA acts (amongst other things) as an OAuth 2.0 Authorization Server, granting access tokens to Client applications for them to use when accessing Resource Servers in the platform, such as the Cloud Controller. This article describes the responsibilities of a Client application and the mechanics of setting one up. It uses a simple example Client application (available on github), and recasts it into various forms to help developers with different language and tool preferences to get to grips with the topic (Ruby, Java, Grails).

Securing RESTful Web Services with OAuth2

by October 9, 2012

As an active committer on Spring Security OAuth and the Cloud Foundry UAA, one of the questions I get asked the most is: “When and why would I use OAuth2?”
The answer, as often with such questions, is “it depends.” However, I must admit, there are some features of OAuth2 that make it compelling in a wide variety of situations, especially in systems composed of many lightweight web services. This article guides you through updating a system to be secured with OAuth2 and the decision points for choosing to build such a system.
There is a strong trend at the moment towards distributed systems with lightweight architectures based on plain text web services (usually JSON).

High Level Features of the UAA

by July 24, 2012

The User Account and Authentication Service (UAA) in Cloud Foundry is responsible for securing the platform services and providing a single sign on for web applications. A previous article introduced the UAA and placed it in the context of the platform, and here we go into a bit more detail and describe the features of the UAA individually:

Centralized Identity Management
Single Sign On
Delegating Access to Services
User Account Management
Client Application Registration
Other UAA Resources

Centralized Identity Management
Applications that want to act on behalf of a User, for instance to view or push apps to the users Cloud Foundry account, need to authenticate the User against the platform.

Introducing the UAA and Security for Cloud Foundry

by July 23, 2012

Cloud Foundry is a distributed system with many components front and back end. If you are familiar with the Cloud Foundry architecture you have probably noticed that the Cloud Controller exposes its functionality via lightweight HTTP APIs. The internal components also use the same approach to communicate with each other. Up until recently this was done using a custom authentication mechanism which had some drawbacks. This blog post will walk you through the changes that we are making in this area.
We created a new component to handle all external user-facing security concerns named the User Account and Authentication Service or UAA for short. It has been live in cloudfoundry.