Cloud Foundry Summit Europe 2017

Cloud Foundry UAA has been continually expanding its horizons to secure not just the core CF platform but also Apps and APIs running on and off the platform. In this talk we will start off with a brief overview of UAA in the CF ecosystem followed by feature highlights including:

OpenID Connect Enhancements:
Multiple enhancements around OpenID Connect have been introduced for UAA as an Identity Provider and Relying Party including support for discovery profile, custom user claims in id_token and /userinfo , account chooser, authentication method reference and much more.

Keys and Secrets Rotation:
At last year’s CF Summit Justin Smith introduced his vision for Cloud Native Security with three R’s(https://www.youtube.com/watch?v=NUXpz0Dni50). Now UAA supports canary style rotation of signing keys and OAuth clients secrets and will soon add support for rotation of SAML Keys.

Opaque Tokens:
UAA since its inception has supported JSON Web Tokens which has the advantage of offline validation. However with the the addition of stateful opaque tokens UAA now supports on-demand token revocation.

In addition to this we will also provide a sneak peek of the UAA roadmap with features like Multi-Factor Authentication, additional token exchange flows and fine grained authorization support.