Pivotal Knowledge Base


How to Change Service Plan of UAA Identity Zone for Branding Configuration


  • Pivotal Cloud Foundry versions 1.10 and above
  • UAA


These are steps for changing the branding for a service plan (a.k.a. UAA Identity Zone) related to the login page. This is useful when multi-tenant login pages require different branding. This provides guidance on how to use the APIs documented for UAA (https://docs.cloudfoundry.org/api/uaa/#identity-zones).


Follow the steps:

1. Obtain the UAA Admin Client Credentials for the ERT tile from Ops Manager.

2. Login to your domain via uaac

uaac target https://login.your-domain-here.com

uaac token client get admin

Enter client secret froms Ops Man

3. Use uaac to retrieve the information for the identity zone you wish to change.

    • uaac curl -k /identity-zones/your-zone-id > filename.txt
    • Delete the header info and leave the JSON blob
    • If you need help identifying the zone ID, you can list all identity-zones via uaac curl -k /identity-zones.

4. Update the branding policy section according to the API docs here:https://docs.cloudfoundry.org/api/uaa/version/4.6.0/index.html#updating-an-identity-zone. An example of the section is below. Note that all values are optional. You can also generate the base64 text of your PNG images using commands such as “base64 image.png”

 "branding": {
      "companyName": "Pivotal",
      "productLogo": "(base64 of png image here, will show up as image on login page)",
      "squareLogo": "(base64 of png image here, will show up as browser icon)",
      "footerLegalText": "©2017 Pivotal Software, Inc. All Rights Reserved.",
      "footerLinks": {
        "Privacy Policy": "https://run.pivotal.io/policies/privacy-policy/",
        "Terms of Service": "https://run.pivotal.io/policies/terms-of-service",
        "Up to three links, label here": "https://link-here"

5. Submit a uaac curl request to update the identity zone with your updated configurations.

    • uaac curl -k /identity-zones/your-zone-id -X PUT -H 'Content-Type: application/json' -d '{JSON HERE}'
    • You can compact the JSON to avoid issues with line spacing when using a command line, or pass in the file like uaac curl -k /identity-zones/your-zone-id -X PUT -H 'Content-Type: application/json' -d "$(cat filename.txt)"

6. Your logout redirect configurations should take effect immediately. Test your logout flow.



Powered by Zendesk