Creating a UAA Service Instance

You can create multiple instances of the UAA service in your space.

About this task

As a best practice, first delete any older unused instances before creating a new one.

Procedure

  1. Sign into your Predix account at https://www.predix.io.
  2. Navigate to Catalog > Services, then click the User Account and Authentication tile.
  3. Click Subscribe on the required plan.
  4. Complete the fields on the New Service Instance page.
    FieldDescription
    OrgSelect your organization.
    SpaceSelect the space for your application.
    Service instance nameEnter a unique name for this UAA service instance.
    Service planSelect a plan.
    Admin client secretEnter a client secret (this is the admin password for this UAA instance). The client secret can be any alphanumeric string.
    Note: Record the client secret in a secure place for later use.
    Subdomain(Optional) Enter a subdomain you might need to use in addition to the domain created for UAA. You must not add special characters in the name of the subdomain. The value of sub-domain is case-insensitive.
  5. Click Create Service.

Results

Your UAA instance is created with the following specifications:

  • A client identifier (admin).
    Note: An admin client is required for bootstrap purposes. You can create additional clients to use with your application.
  • A client secret (that you specified while creating the service).

To retrieve additional details of your instance, you can bind an application to your instance.

Using the Command Line to Create a UAA Service Instance

Optional procedure for using the command line instead of the graphical user interface to create a UAA service instance.

About this task

You can create up to 10 instances of UAA service in your space. If you need additional instances, you must delete an older unused instance and create a new one.

Procedure

  1. Use the Cloud Foundry CLI to log into Cloud Foundry. 
    cf login -a <API_Endpoint>
    Note: If you are a GE employee, you must use the cf login --sso command to log into Cloud Foundry. After you enter your SSO, you will receive a one-time passcode URL. Copy this URL and paste it in a browser to retrieve your one-time passcode. Use this code with the cf command to complete the CF login process.

    Depending on your Predix.io registration, the value of <API_Endpoint> is one of the following:

    • Predix US-West

      https://api.system.aws-usw02-pr.ice.predix.io

    • Predix Europe

      https://api.system.aws-eu-central-1-pr.ice.predix.io

    For example,

    cf login -a https://api.system.aws-usw02-pr.ice.predix.io
  2. List the services in the Cloud Foundry marketplace by entering the following command.
    cf marketplace

    The UAA service, predix-uaa, is listed as one of the available services.

  3. Create a UAA instance by entering the following command. 
    cf create-service predix-uaa <plan> <my_uaa_instance> -c '{"adminClientSecret":"<my_secret>","subdomain":"<my_subdomain>"}'

    where:

    • cf stands for the CLI command, cloud foundry
    • cs stands for the CLI command create-service
    • <plan> is the plan associated with a service. For example, you can use the tiered plan for the predix-uaa service.
    • -c option is used to specify following additional parameters.
      • adminClientSecret specifies the client secret.
      • subdomain specifies a sub-domain you might need to use in addition to the domain created for UAA. This is an optional parameter. You must not add special characters in the name of the sub-domain. The value of sub-domain is case insensitive.
    Note: Cloud Foundry CLI syntax can differ between Windows and Linux operating systems. See the Cloud Foundry help for the appropriate syntax for your operating system. For example, to see help for the create service command, run cf cs.

Results

Your UAA instance is created with the following specification:

  • A client identifier (admin).

    Note: An admin client is created for bootstrap purposes. You can create additional clients to use with your application.

  • A client secret (that you specified while creating the service).

To retrieve additional details of your instance, you can bind an application to your instance.

Example

Create a predix-uaa service instance with client secret as admin and sub-domain as ge-digital:

cf cs predix-uaa tiered test-1 -c '{"adminClientSecret":"admin","subdomain":"ge-digital"}'

This is how it appears in VCAP SERVICES when using the cf env <app_name> command:

"VCAP_SERVICES": { 
"predix-uaa": [
   {
    "credentials": {
     "dashboardUrl": "https://uaa-dashboard.run.asv-pr.ice.predix.io/#/login/04187eb1-e0cf-4874-8218-9fb77a8b4ed9",
     "issuerId": "https://04187eb1-e0cf-4874-8218-9fb77a8b4ed9.predix-uaa.run.asv-pr.ice.predix.io/oauth/token",
     "subdomain": "04187eb1-e0cf-4874-8218-9fb77a8b4ed9",
     "uri": "https://04187eb1-e0cf-4874-8218-9fb77a8b4ed9.predix-uaa.run.asv-pr.ice.predix.io",
     "zone": {
      "http-header-name": "X-Identity-Zone-Id",
      "http-header-value": "04187eb1-e0cf-4874-8218-9fb77a8b4ed9"
     }
    },
    "label": "predix-uaa",
    "name": "testuaa",
    "plan": "Tiered",
    "provider": null,
    "syslog_drain_url": null,
    "tags": [],
    "volume_mounts": []
   }
  ],