You can find the source of this version on GitHub at cloudfoundry/uaa-release. It was created based on the commit
This release includes UAA 3.9.2
IMPORTANT BACKWARDS INCOMPATIBLE CHANGES
Starting with this release UAA no longer provides default values for the SAML Service Provider Certificate and JWT Signing Key as a security best practice. These need to be generated explicitly per deployment of UAA and are required for proper start-up and functioning of UAA.
These are standard artifacts which can be generated using openssl. Please refer the topic here on how to generate a self signed cert.
login.saml.serviceProviderCertificate: description: "UAA SAML Service provider certificate. This is used for signing outgoing SAML Authentication Requests" example: | -----BEGIN CERTIFICATE----- -----END CERTIFICATE---- login.saml.serviceProviderKeyPassword: description: "Password to protect the service provider private key, blank if no password set." example: "" login.saml.serviceProviderKey: description: "Private key for the service provider certificate." example: | -----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY----- login.saml.serviceProviderKeyPassword: description: "Password to protect the service provider private key." example: ""
Deprecated Format for JWT Signing Key
NOTE: Please continue to use this format for setting the signing and verification key in cf-release as it doesn’t support reading from the new format yet
uaa.jwt.signing_key: description: "Deprecated. Use uaa.jwt.policy.keys. The key used to sign the JWT-based OAuth2 tokens" uaa.jwt.verification_key: description: "Deprecated. Use uaa.jwt.policy.keys. The key used to verify JWT-based OAuth2 tokens"
New Format for JWT Signing Keys(verification key needn’t be set as we derive it from the Private Key)
uaa.jwt.policy.keys: description: "Map of key IDs and signing keys, each defined with a property `signingKey`" example: key-1: signingKey: | -----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY----- uaa.jwt.policy.active_key_id: description: "The ID of the JWT signing key to be used when signing tokens." example: "key-1"
You can reference this release in your deployment manifest from the
- name: "uaa" version: "23" url: "https://bosh.io/d/github.com/cloudfoundry/uaa-release?v=23" sha1: "ed0799f760850858499d6a975813215ca19c7579"
Or upload it to your director with the
bosh upload-release --sha1 ed0799f760850858499d6a975813215ca19c7579 \ https://bosh.io/d/github.com/cloudfoundry/uaa-release?v=23