Enabling User Account and Authentication for VMware Tanzu
You can use User Account and Authentication (UAA) to authenticate the user with their Cloud Foundry user credentials to access the application monitoring URL.
Before you begin Ensure that Cloud Foundry UAA Command Line Client (UAAC) is installed.
- Procedure
- Set the UAA target URL by running the following command:
uaac target <UAA server path>
- To authenticate and obtain an access token for the admin client from the UAA server, run the following command:
uaac token owner get
Enter the following details in the console:- Client ID: Enter the client ID for the UAA admin client. By default, the client ID is opsman.
- Client Secret: Enter the client secret for UAA. By default, the client secret is nullable.
- Username: Enter the VMware Tanzu Ops Manager username.
- Password: Enter the VMware Tanzu Ops Manager password.
- Create a client for the monitoring application on the UAA server by running the following command:
uaac client add <client_ID> --secret <client_secret> --authorities <authorities> --scope <allowed_scope_for_client> --autoapprove <auto_approve> --authorized_grant_types <grant_type_for_authorization_code> --redirect_uri <redirect_URL>
Note: Ensure that the authorization grant type is authorization_code.Note: Redirect URL must be in the following format, where <monitoring URL> is the URL for the monitoring application.<monitoring URL>/*
- Create a user on the UAA server by running the following command:
uaac user add <username> -p <user_secret> --emails <emailID>
You can use these user credentials to log in to the monitoring application.
Note: You can also log into the monitoring application using VMware Tanzu Ops Manager credentials. - Create the VMware Tanzu user-provided service (CUPS) by configuring the following
Credential Parameter in the
Configuration tab of the user-provided service:
Note: Ensure that the name of the service is bwcemon_UAAClient.
Fields Description client_id Enter the client ID created in step 3. client_secret Enter the password of the client ID created in step 3. url Ops manager UAA URL. - Bind the created user-defined service to the monitoring application.
Note: Ensure that the bwcemon_UAAClient service is created and the value for the AUTHENTICATION_MODE environment variable is set to UAA in the manifest file.
- After the monitoring application is deployed on Cloud Foundry, access the monitoring URL.
- Enter the valid UAA user credentials and click
SIGN IN to access the monitoring URL.
You can log out from the monitoring UI by using the Log Out option available at the upper right corner of the monitoring UI.