UAA 1.7.2 Release - Chained Authentication

fhanik released this 25 Jun 01:02

· 7629 commits to master since this release

3ce2a53

Move all LDAP Authentication to UAA
1c400c2

Make the UAA multi tenant
Two columns have been added to the UAA.users table

origin - the source of the users
external_id - if the user has a unique ID in the other repository, like LDAP DN

This means that the user_id should be used as the identifier for a user, not the username
1a63add

Implement correct SCIM filtering according to the spec
http://www.simplecloud.info/specs/draft-scim-api-01.html#query-resources
af4860a
Backwards compatibility for filters surrounded with single quotes "userName eq 'marissa'" have been retained

Support for LDAP groups
LDAP Groups can be mapped to scopes as

group name is the scope name
group DN maps to a scope(group_id) in the external_group mapping

Nested LDAP groups are supported
e534512

Stories Completed
Bugs
Remove test classes from src/main/java
SCIM Filter should be backwards compatible, support single quote
Change password link should only be available if the user origin=UAA
Username should not be case sensitive
Fix pagination of the SCIM user endpoint
Proper SCIM parsing to support single quotes

Features
Keystone authentication support
LDAP Authentication in CF is part of the UAA job
Move external authentication is part of the UAA instead of Login server
Support multi tenancy for users

Assets 2