Enabling User Account and Authentication for VMware Tanzu

You can use User Account and Authentication (UAA) to authenticate the user with their Cloud Foundry user credential to access the application monitoring URL.

Prerequisites

Ensure that you have installed Cloud Foundry UAA Command Line Client (UAAC).

Procedure

  1. Set the UAA target URL by running the following command: 
    uaac target <UAA server path>
  2. To authenticate and obtain an access token for the admin client from the UAA server, run the following command: 
    uaac token owner get
    Enter the following details in the console:
    1. Client ID: Enter the client ID for UAA admin client. By default, the client ID is opsman.
    2. Client Secret: Enter the client secret for UAA. By default, the client secret is nullable.
    3. Username: Enter the VMware Tanzu Ops Manager user name.
    4. Password: Enter the VMware Tanzu Ops Manager password.
  3. Create a client for the monitoring application on the UAA server by running the following command: 
    uaac client add <client_ID> --secret <client_secret> --authorities <authorities> --scope <allowed_scope_for_client>  --autoapprove <auto_approve> --authorized_grant_types <grant_type_for_authorization_code> --redirect_uri <redirect_URL>
    Note: Ensure that the authorization grant type must be authorization_code.
    Note: Redirect URL must be in the following format, where <monitoring URL> is the URL for the monitoring application. 
    <monitoring URL>/*
  4. Create an user on UAA server by running the following command: 
    uaac user add <username> -p <user_secret> --emails <emailID>

    You can use these user credentials to log into the monitoring application.

    Note: You can also log into monitoring application using VMware Tanzu ops manager credentials.
  5. Create the VMware Tanzu user provided service (CUPS) by configuring the following Credential Parameter in the Configuration tab of the user provided service:
    Note: Ensure that the name of the service must bebwcemon_UAAClient.
    Fields Description
    client_id Enter the Client ID created in step 3.
    client_secret Enter the password of the Client ID created in step 3.
    url Ops manager UAA URL.
  6. Bind the created user defined service to the monitoring application.
    Note: Ensure that the bwcemon_UAAClient service is created and the value for the AUTHENTICATION_MODE environment variable is set to UAA in the manifest file.
  7. After the monitoring application is deployed on Cloud Foundry, access the monitoring URL.
  8. Enter the valid UAA user credentials and click SIGN IN to access the monitoring URL.
    You can log out from the monitoring UI by using the Log Out option available at the upper right corner of the monitoring UI.