This release includes UAA 3.8.0
IMPORTANT: Backward Incompatible Changes
With this release UAA defaults to enforcing signature validation on Incoming SAML Assertions. Please make sure any SAML Identity configured for UAA is sending only signed SAML assertions
login.saml.wantAssertionSigned: description: "Global property to request that external IDPs sign their SAML assertion before sending them to the UAA" default: true
Other Spec Changes
login.idpDiscoveryEnabled: description: "IDP Discovery should be set to true if you have configured more than one identity provider for UAA. The discovery relies on email domain being set for each additional provider. This property will also enable a list of selectable accounts that have signed in via the browser." default: false
Support for memberOf
uaa.ldap.groups.searchBase: description: "Search start point for a user group membership search, and sequential nested searches.. You can set this value to 'memberOf' when using Active Directory and skip group search but use the calculated memberOf field on the user records. No nested search will be performed." default: ""
Support LDAP STARTTLS
uaa.ldap.ssl.tls: description: "If using StartTLS, what mode to enable. Default is none, not enabled. Possible values are none, simple" default: none
Upload this release version to the Director:
$ bosh upload-release https://bosh.io/d/github.com/cloudfoundry/uaa-release?v=20 --sha1 3d7d72229d660b566444bd09548cc7727a18480d
Modify deployment manifest to use this release in addition to any other used releases:
releases: - name: uaa version: "20"
Finally add needed deployment jobs and specify values for required properties.
Optionally download sha1: 3d7d72229d660b566444bd09548cc7727a18480d release tarball locally:
# ...or download it directly using curl $ curl -L -J -O https://bosh.io/d/github.com/cloudfoundry/uaa-release?v=20 # or with wget... $ wget --content-disposition https://bosh.io/d/github.com/cloudfoundry/uaa-release?v=20