Name: identity-sample-apps
Owner: Pivotal Cloud Foundry
Description: null
Created: 2015-05-08 20:45:30.0
Updated: 2018-05-11 18:06:50.0
Pushed: 2018-05-01 22:19:14.0
Homepage: null
Size: 17394
Language: Java
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
This repo holds separate sample applications for each one of the four OAuth 2.0 grant types supported by the Pivotal Single Sign-On Service. The GRANT_TYPE environment variable is already set to the relevant value mentioned below for each sample application. Each grant type maps to an Application Type as seen in the Pivotal Single Sign-On Service Dashboard.
The latest version of this repository supports Spring Boot 1.5.5+, Spring Security OAuth 2.2.0+ and SSO connector 2.1.1+. The last version to support Spring Boot 1.3 is tagged at spring-boot/1.3.
Application Type | Grant Type ————- | ————- Web App | authorization_code Native Mobile App | password Service-to-Service App | client_credentials Single Page JavaScript App | implicit
Set the correct CF API target in the CF CLI and login as a Space Developer into the required Org and Space
cf api api.<your-domain>
Go to your application directory and push the app.
./gradlew build
cf push
NOTE: Your application is expected to crash on start-up until it is bound to the Single Sign-on Service using the instructions in the next section.
NOTE: If the PCF Routers are set up on Public IPs, you will need to update the internal_proxies variable in application.yml to your routers public IP.
Follow the steps here to bind your application to the service instance.
Restart your application after binding the service using Apps Manager or CF CLI.
As an alternative to Steps 1 and 2 above, you can also quickly deploy the authcode and resource server sample applications using application bootstrapping with the steps below. You can read more about these topics in the following sections.
First, make sure you created a Service Plan for your Org as well as a Service Instance named sample-instance
for your Space, and login via CF CLI as a Space Developer into the required Org and Space.
Replace manifest.yml
with manifest.yml.quick-start
for the authcode and resource-server projects and update the RESOURCE_URL
and AUTH_SERVER
values in the manifest with your plan and domain values.
Build (./gradlew build
) and push (cf push
) both the authcode and resource-server projects to your Space where you are logged in as a Space Developer.
The sample application and resource server be available immediately bound to the SSO Service on start-up. You can then test the applications by creating test users with the todo.read
and todo.write
scopes for your plan using the steps here.
Beginning in SSO 1.4.0, you can use the following values your application's manifest to bootstrap client configurations for your applications automatically when binding or rebinding your application to the service instance. These values will be automatically populated to the client configurations for your application through CF environment variables.
NOTE: These configurations are only applied at the initial service binding time. Subsequent cf push
of the application will NOT update the configurations. You will either need to manually update the configurations via the SSO dashboard or unbind and rebind the service instance.
When you specify your own scopes and authorities, consider including openid for scopes on auth code, implicit, and password grant type applications, and uaa.resource for client credentials grant type applications, as these will not be provided if they are not specified.
The table below provides a description and the default values. Further details and examples are provided in the sample application manifests.
| Property Name | Description | Default | | ————- | ————- | ————- | | name | Name of the application | (N/A - Required Value) | | GRANT_TYPE | Allowed grant type for the application through the SSO service - only one grant type per application is supported by SSO | authorization_code | | SSO_IDENTITY_PROVIDERS | Allowed identity providers for the app through the SSO service plan. This is a comma-separated list of identity provider origin keys. The origin keys are derived from the identity provider name using the following rules:
example.com Provider
, the corresponding origin key is example-com-provider
. | uaa |
| SSO_REDIRECT_URIS | Comma separated whitelist of redirection URIs allowed for the application - Each value must start with http:// or https:// | (Will always include the application route) |
| SSO_SCOPES | Comma separated list of scopes that belong to the application and are registered as client scopes with the SSO service. This value is ignored for client credential grant type applications. | openid |
| SSO_AUTO_APPROVED_SCOPES | Comma separated list of scopes that the application is automatically authorized when acting on behalf of users through SSO service | To remove any variables set through bootstrapping, you must use cf unset-env <APP_NAME> <PROPERTY_NAME>
and rebind the application.