Working with UAA on PCFDev

PCFDev is the single VM offering of Pivotal Cloud Foundry. It uses UAA, just like Cloud Foundry, so it’s worth understanding how to access the UAA server running on that machine in order to utilize it as an authorization server for your applications or to test it for various other scenarios.

PCFDev uses a single wildcard domain for apps and components running inside of its Cloud Foundry Deployment: * The PCFDev machine is configured for both http and https traffic. As a result, the UAA server is accessible at and

Next, you’ll need to obtain the UAA admin client secret in order to login using the uaac. These credentials are available in running VM. PCFDev uses Vagrant, so you simply need to navigate to the PCFDev directory using your terminal, and use vagrant ssh to log into the running machine. Once logged in, the admin client secret can be found in the file /var/vcap/jobs/uaa/config/uaa.yml. Basically though, the admin client secret is hard coded to admin-client-secret for this deployment.

With these pieces of information, you can login to UAA as the admin client, and create new UAA zones, and manage clients and users:

uaac target
//admin secret defined in /var/vcap/jobs/uaa/config/uaa.yml
uaac token client get admin # admin-client-secret
uaac contexts
uaac client add myappclient --scope openid,,scim.write --authorized_grant_types client_credentials --authorities oauth.login
uaac client update admin --authorities "uaa.admin clients.secret"

Further reading on using the UAAC to manage users and clients:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.