To log on to Cloud Foundry, using a custom identity provider, use the --origin option of the Cloud Foundry command-line interface (cf CLI).
The users exist:
-
Directly in your tenant of the SAP Cloud Identity Services.
-
In a corporate identity provider with SAP Cloud Identity Services working as a proxy.
-
Trust to your SAP Cloud Identity Services tenant must be configured with OIDC and not SAML.
-
Your corporate identity provider must support the password grant flow.
For more information, see Configure Trust with OpenID Connect Corporate Identity Provider in the documentation for SAP Cloud Identity Services.
-
We recommend this method of logging on if you want to use an automated script and can't open a browser during the logon process.
Set up a script with the following code:
cf api https://api.cf.<region>.hana.ondemand.com
cf login --origin <origin> -u <user> -p <password>
cf api https://api.cf.eu10.hana.ondemand.com cf login --origin sap.ids -u [email protected] -p mysecurepassword
-
Find the
<region>value, that applies to you in the section Regions. -
Find the
<origin>value for the user that you want to use in the cockpit.-
Navigate to the subaccount of your user.
-
Choose Cloud Foundry > Org Members.
-
Find the
<origin>value of your user in the table.
-