release: github.com/cloudfoundry/uaa-release / 23

Github source: 77f32e7f or master branch

This release includes UAA 3.9.2

IMPORTANT BACKWARDS INCOMPATIBLE CHANGES

Starting with this release UAA no longer provides default values for the SAML Service Provider Certificate and JWT Signing Key as a security best practice. These need to be generated explicitly per deployment of UAA and are required for proper start-up and functioning of UAA.

These are standard artifacts which can be generated using openssl. Please refer the topic here on how to generate a self signed cert.

login.saml.serviceProviderCertificate:
 description: "UAA SAML Service provider certificate. This is used for signing outgoing SAML Authentication Requests"
 example: |
   -----BEGIN CERTIFICATE-----
   -----END CERTIFICATE----

login.saml.serviceProviderKeyPassword:
  description: "Password to protect the service provider private key, blank if no password set."
  example: ""

login.saml.serviceProviderKey:
description: "Private key for the service provider certificate."
example: |
  -----BEGIN RSA PRIVATE KEY-----
  -----END RSA PRIVATE KEY-----

 login.saml.serviceProviderKeyPassword:
 description: "Password to protect the service provider private key."
 example: ""

Deprecated Format for JWT Signing Key

NOTE: Please continue to use this format for setting the signing and verification key in cf-release as it doesn’t support reading from the new format yet
uaa.jwt.signing_key:
description: "Deprecated. Use uaa.jwt.policy.keys. The key used to sign the JWT-based OAuth2 tokens"
uaa.jwt.verification_key:
description: "Deprecated. Use uaa.jwt.policy.keys. The key used to verify JWT-based OAuth2 tokens"

New Format for JWT Signing Keys(verification key needn’t be set as we derive it from the Private Key)

uaa.jwt.policy.keys:
 description: "Map of key IDs and signing keys, each defined with a property `signingKey`"
    example:
      key-1:
        signingKey: |
          -----BEGIN RSA PRIVATE KEY-----
          -----END RSA PRIVATE KEY-----

 uaa.jwt.policy.active_key_id:
 description: "The ID of the JWT signing key to be used when signing tokens."
 example: "key-1" 

Upload this release version to the Director:

$ bosh upload release https://bosh.io/d/github.com/cloudfoundry/uaa-release?v=23

Modify deployment manifest to use this release in addition to any other used releases:

releases:
- {name: uaa, version: "23"}

Finally add needed deployment jobs and specify values for required properties.

Optionally download sha1: ed0799f760850858499d6a975813215ca19c7579 release tarball locally:

# ...or download it directly using curl
$ curl -L -J -O https://bosh.io/d/github.com/cloudfoundry/uaa-release?v=23

# or with wget...
$ wget --content-disposition https://bosh.io/d/github.com/cloudfoundry/uaa-release?v=23