Pivotal Knowledge Base


How to use UAAC to curl Ops Manager API


Pivotal Cloud Foundry® (PCF) versions 1.6.x, 1.7.x, 1.8.x, 1.9.x, 1.10.x, 1.11.x, and 1.12.x


This article will explain how to use User Account and Authentication(UAA) CLI (UAAC) to make a request and retrieve the access token.


To make this change, follow these steps.

1. Install the User Account and Authentication (UAA) Command Line Interface (UAAC) or SSH to the Ops Manager VM which starting in Ops Manager 1.7 ships with the UAAC tool already installed.
$ gem install cf-uaac

2. Make sure UAAC is installed. Run
$ which uaac.
This should give you the location where UAAC is installed.

3.Target your Ops Manager UAA and provide the path to your root CA certificate. Run
$ uaac target https://YOUR-OPSMAN-FQDN/uaa/ --ca-cert YOUR-ROOT-CA.crt
Target: https://YOUR-OPSMAN-FQDN/uaa/

4. Get your token with
$ uaac token owner get

Client ID:  opsman
Client secret:
User name:  admin
Password:  *********
Successfully fetched token via owner password grant.
Target: https://om.deschutes.mini.pez.pivotal.io/uaa
Context: admin, from client opsman

Use the user name and password you used above to log into the Ops Manager web interface for User name and Password. Click "Enter" for Client secret.

5. Run the following command to display the users and applications authorized by the UAA server, and the permissions granted to each user and application.

$ uaac context
skip_ssl_validation: true
ca_cert: /Users/pivotal/.ssh/YOUR-ROOT-CA.crt
user_id: 75acfdfa-9449-4497-a093-ce40ded250ac
client_id: opsman
token_type: bearer
expires_in: 43199
scope: clients.read opsman.user uaa.admin scim.read opsman.admin clients.write scim.write
jti: 8419c793d377429aa40eea07fb6e7686


  • Avatar
    Matt Gunter

    Swagata -Does this work with 1.11 and what would the curl command look like?

Powered by Zendesk