Pivotal Knowledge Base

Follow

How to Change Service Plan of UAA Identity Zone for Branding Configuration

Environment

Pivotal Cloud Foundry 1.10 and up

UAA

Purpose

These are steps for changing the branding for a service plan (a.k.a. UAA Identity Zone) related to the login page. This is useful when multi-tenant login pages require different branding. This provides guidance on how to use the APIs documented for UAA (https://docs.cloudfoundry.org/api/uaa/#identity-zones).

Resolution

Follow the steps:

1. Obtain the UAA Admin Client Credentials for the ERT tile from Ops Manager.

2. Login to your domain via uaac

uaac target https://login.your-domain-here.com

uaac token client get admin

Enter client secret froms Ops Man

3. Use uaac to retrieve the information for the identity zone you wish to change.

  • uaac curl -k /identity-zones/your-zone-id > filename.txt 
  • Delete the header info and leave the JSON blob
  • If you need help identifying the zone ID, you can list all identity-zones via uaac curl -k /identity-zones. Alternatively, you can find the ID by looking in the URL when editing your plan: https://p-identity.your-domain-here.com/dashboard/edit_plan/(id-here, e.g. debb54d4-cd9a-4e6e-b016-56781a4a6edb)

4. Update the branding policy section according to the API docs here: https://docs.cloudfoundry.org/api/uaa/version/4.6.0/index.html#updating-an-identity-zone. An example of the section is below. Note that all values are optional. You can also generate the base64 text of your PNG images using commands such as “base64 image.png”.

 "branding": {
      "companyName": "Pivotal",
      "productLogo": "(base64 of png image here, will show up as image on login page)",
      "squareLogo": "(base64 of png image here, will show up as browser icon)",
      "footerLegalText": "©2017 Pivotal Software, Inc. All Rights Reserved.",
      "footerLinks": {
        "Privacy Policy": "https://run.pivotal.io/policies/privacy-policy/",
        "Terms of Service": "https://run.pivotal.io/policies/terms-of-service",
        "Up to three links, label here": "https://link-here"
      }
    },

5. Submit a uaac curl request to update the identity zone with your updated configurations. 

  • uaac curl -k /identity-zones/your-zone-id -X PUT -H 'Content-Type: application/json' -d '{JSON HERE}'
  • You can compact the JSON to avoid issues with line spacing when using a command line, or pass in the file like uaac curl -k /identity-zones/your-zone-id -X PUT -H 'Content-Type: application/json' -d "$(cat filename.txt)"

6. Your logout redirect configurations should take effect immediately. Test your logout flow.

Comments

Powered by Zendesk