LATEST VERSION: 1.3 - CHANGELOG
Single Sign-On v1.3

Single Sign-On Overview

This topic provides an overview of the Single Sign-On service for Pivotal Cloud Foundry (PCF).

The Single Sign-On service is an all-in-one solution for securing access to applications and APIs on PCF. The Single Sign-On service provides support for native authentication, federated single sign-on, and authorization. Operators can configure native authentication and federated single sign-on, for example SAML, to verify the identities of application users. After authentication, the Single Sign-On service uses OAuth 2.0 to secure resources or APIs.

Single Sign-On

The Single Sign-On service allows users to log in through a single sign-on service and access other applications that are hosted or protected by the service. This improves security and productivity since users do not have to log in to individual applications.

Developers are responsible for selecting the authentication method for application users. They can select native authentication provided by the UAA or external identity providers.

OAuth 2.0 Authorization

After authentication, the Single Sign-On service uses OAuth 2.0 for authorization. OAuth 2.0 is an authorization framework that delegates access to applications to access resources on behalf of a resource owner.

Developers define resources required by an application bound to a Single Sign-On (SSO) service instance and administrators grant resource permissions. See the Configure Applications topic for more details.

Product Snapshot

Current Single Sign-On for PCF Details

  • Version: 1.3.0
  • Release Date: 2016-12-20
  • Compatible Ops Manager Version(s): 1.9 or later
  • Compatible Elastic Runtime Version(s): 1.9 or later
  • AWS support? Yes
  • Google Cloud Platform? Yes
  • OpenStack support? Yes
  • vSphere support? Yes

Upgrading to the Latest Version

Consider the following compatibility information before upgrading Single Sign-On for PCF.

Elastic Runtime Version Supported Upgrades from SSO Versions
From To
1.6.x 1.0.1–1.0.23 1.0.24
1.7.x 1.0.1–1.0.24 1.1.3
1.1.0–1.1.2
1.8.x 1.1.0–1.1.3 1.2.3
1.2.0–1.2.2
1.9.x 1.2.0–1.2.3 1.3.0
Note: The Single Sign-On service tile operates in lockstep with Elastic Runtime.
  • The SSO v1.1.x tiles are compatible with PCF v1.7.x
  • The SSO v1.2.x tiles are compatible with PCF v1.8.x and later
  • The SSO v1.3.x tiles are compatible with PCF v1.9.x and later

Single Sign-On for PCF

Active Directory Federation Services (AD FS) Integration Guide

Azure Active Directory Integration Guide

CA Single Sign-On Integration Guide

Okta Integration Guide

PingFederate Integration Guide

PingOne Cloud Integration Guide

Additional Information

Create a pull request or raise an issue on the source for this page in GitHub