Concourse Authentication to PCF with SAML


We haven’t upgraded to 4.X yet. The barrier is that in Concourse 3.X, we were using UAA authentication which presented the CF login page (i.e. https://login.<sysdomain>/login). This allowed us to use our SAML-based authentication to authenticate to our enterprise directories.

Basically, all developers in PCF (CF) have identities in UAA with origin: <external SAML Provider>.

When we are presented the login screen after clicking the ‘login with UAA’ in concourse, they click a link below the form that performs the enterprise SSO (we are actually using PING Identity).

In Concourse 4.X, it appears that concourse is attempting to authenticate the user directly against UAA without allowing the user to use our SAML SSO provider.

Am I missing something or is concourse effectively broken for us?