Useful uaac commands

Uaac Login

To perform any operations in Uaac, you will have to login and get an admin token.

Record the uaa:admin:client_secret from your deployment manifest From the jump host, $ uaac target https://uaa.grc-apps.svc.ice.ge.com $ uaac token client get admin -s Reset User passwords

$ uaac user get [email protected] # make sure the user exists in the system $ uaac password set [email protected] -p chang3m3 Know the permissions that the User has

$ uaac contexts | grep [email protected] $ uaac users | grep [email protected] Add new permissions to a user

$ uaac member add scim.read [email protected] #Needed if orgmanagers and space managers are unable to list users $ uaac member add scim.write [email protected] Genrate a random password

$ openssl rand -base64 10

List all existing clients

$ uaac clients

Create a client Id for OAuth2

Figure out the scopes needed and the authorized_grant_types from the client before creation. Once you have required permission set, run the following. Generate a random password using above command.

$ uaac client add example_client --authorities "scim.read,cloud_controller.read" --scope "scim.read,cloud_controller.read" --authorized_grant_types "client_credentials" -s chang3m3 Get the permissions of a client

$ uaac client get example_client

Modify the scope for a client (Add/Remove existing permissions)

$ uaac client update example_client --authorities "scim.read,cloud_controller.read,password.write” --scope "scim.read,cloud_controller.read,password.write” Reset password for a client

$ uaac secret set example_client -s xyzbkjsfsldjfsdlfjls

Useful links for UAAC

Useful explanation of all parameters and variables of UAAC api

https://github.com/cloudfoundry/uaa/blob/master/docs/UAA-APIs.rst#oauth2-token-validation-service-post-check-token https://github.com/cloudfoundry/uaa/blob/master/docs/UAA-Security.md#oauth-client-applications http://docs.cloudfoundry.org/adminguide/uaa-user-management.html#changing-passwords