Skip to content


You can find the source of this version on GitHub at cloudfoundry/uaa-release. It was created based on the commit 9acdaedf.

Release Notes

This release includes UAA 3.8.0

IMPORTANT: Backward Incompatible Changes

With this release UAA defaults to enforcing signature validation on Incoming SAML Assertions. Please make sure any SAML Identity configured for UAA is sending only signed SAML assertions

description: "Global property to request that external IDPs sign their SAML assertion before sending them to the UAA"
default: true

Other Spec Changes

description: "IDP Discovery should be set to true if you have configured more than one identity provider for UAA. The discovery relies on email domain being set for each additional provider. This property will also enable a list of selectable accounts that have signed in via the browser."
default: false

Support for memberOf
description: "Search start point for a user group membership search, and sequential nested searches.. You can set this value to 'memberOf' when using Active Directory and skip group search but use the calculated memberOf field on the user records. No nested search will be performed."
default: ""
description: "If using StartTLS, what mode to enable. Default is none, not enabled. Possible values are none, simple"
default: none


You can reference this release in your deployment manifest from the releases section:

- name: "uaa"
  version: "20"
  url: ""
  sha1: "3d7d72229d660b566444bd09548cc7727a18480d"

Or upload it to your director with the upload-release command:

bosh upload-release --sha1 3d7d72229d660b566444bd09548cc7727a18480d \