Skip to content

uaa/23

You can find the source of this version on GitHub at cloudfoundry/uaa-release. It was created based on the commit 77f32e7f.

Release Notes

This release includes UAA 3.9.2

IMPORTANT BACKWARDS INCOMPATIBLE CHANGES

Starting with this release UAA no longer provides default values for the SAML Service Provider Certificate and JWT Signing Key as a security best practice. These need to be generated explicitly per deployment of UAA and are required for proper start-up and functioning of UAA.

These are standard artifacts which can be generated using openssl. Please refer the topic here on how to generate a self signed cert.

login.saml.serviceProviderCertificate:
 description: "UAA SAML Service provider certificate. This is used for signing outgoing SAML Authentication Requests"
 example: |
   -----BEGIN CERTIFICATE-----
   -----END CERTIFICATE----

login.saml.serviceProviderKeyPassword:
  description: "Password to protect the service provider private key, blank if no password set."
  example: ""

login.saml.serviceProviderKey:
description: "Private key for the service provider certificate."
example: |
  -----BEGIN RSA PRIVATE KEY-----
  -----END RSA PRIVATE KEY-----

 login.saml.serviceProviderKeyPassword:
 description: "Password to protect the service provider private key."
 example: ""

Deprecated Format for JWT Signing Key

NOTE: Please continue to use this format for setting the signing and verification key in cf-release as it doesn’t support reading from the new format yet
uaa.jwt.signing_key:
description: "Deprecated. Use uaa.jwt.policy.keys. The key used to sign the JWT-based OAuth2 tokens"
uaa.jwt.verification_key:
description: "Deprecated. Use uaa.jwt.policy.keys. The key used to verify JWT-based OAuth2 tokens"

New Format for JWT Signing Keys(verification key needn’t be set as we derive it from the Private Key)

uaa.jwt.policy.keys:
 description: "Map of key IDs and signing keys, each defined with a property `signingKey`"
    example:
      key-1:
        signingKey: |
          -----BEGIN RSA PRIVATE KEY-----
          -----END RSA PRIVATE KEY-----

 uaa.jwt.policy.active_key_id:
 description: "The ID of the JWT signing key to be used when signing tokens."
 example: "key-1"

Usage

You can reference this release in your deployment manifest from the releases section:

- name: "uaa"
  version: "23"
  url: "https://bosh.io/d/github.com/cloudfoundry/uaa-release?v=23"
  sha1: "ed0799f760850858499d6a975813215ca19c7579"

Or upload it to your director with the upload-release command:

bosh upload-release --sha1 ed0799f760850858499d6a975813215ca19c7579 \
  "https://bosh.io/d/github.com/cloudfoundry/uaa-release?v=23"

Jobs

Packages