Konstantin Vlasenko

An engineer is someone who can make for a dollar what any fool could make for two. – Alan Kay

Configure WSO2 Identity Server as SAML2 SSO IDP

Originally posted on SOA Security:

WSO2 Identity Server is one of the powerful open source identity management solution. It can act as an SAML2 SSO IDP.  You can use Identity Server to integrate with different applications to achieve seamless user login in your enterprise. You can easily register your service provider applications using WSO2 Identity Server management console. Lets tryout SAML2 SSO sample that is shipped with WSO2 Identity Sever.

Setup SAML2 SSO Web Application.

Step 1. Check out the source from the repository location which contains the samples. You can find the latest sample from here

svn co https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/products/is/5.0.0/modules/samples/sso/

Step 2. Go to <HOME>/sso/SSOAgentSample directory

Step 3. Replace the exiting pom.xml file with this pom.xml file.  Because you can not build the sample with existing pom.xml file available in the WSO2 SVN until you build the whole platform.

Step 4. Build the project using Maven  3.0.X.

After successfully building the sample, A

View original 1,016 more words

Disable the option to check for server certificate revocation on Internet Explorer

We are doing an extensive acceptance testing against SharePoint Online by using PowerSlim (PowerShell).
Unfortunately sometimes our automated tests are blocked by popup below:
CheckCertificatRevocation
As we truly believe that our DNS is not spoiled an we know exactly what we are looking for (pre-created data) – this verification doesn’t make any sense for us.
So we decided to disable it. I was not able to find the solution how to do this trough Windows Registry. Below is how you can do this trough Internet Explorer:

  1. Open Internet Options
  2. Go to Advanced tab
  3. Scroll down to the Security section
  4. Clear check-box below:
    DisableCertificatRevocation
  5. Restart Internet Explorer

Split a project between the teams and not other way around!

Software development managers accustomed to moving people around the projects.
Instead they should be able to split a project between the teams and not other way around!
This implies that software development manager should be a software development practitioner.
There is a lot of similar ideas around this topic below by Pieter Hintjens

The Promise, Progress And Pain Of Collaboration Software

Originally posted on TechCrunch:

Editor’s note: Jason Green is a founder and general partner at Emergence Capital Partners. He was an early investor in Yammer and Success Factors, and he currently sits on the boards of ServiceMax, Replicon, Cotap, Lotame, Xad, Digital Airstrike, and Box (observer).

Truly effective enterprise collaboration applications represent one of the most promising opportunities for cloud computing. Over the last decade, several SaaS companies have emerged that improve workplace collaboration, including well-known companies like Box and Yammer, as well as newer companies such as QuipCotapHall and Slack.

Given my board roles with several of these companies, I am often asked about what is working and what is next. I want to share my thoughts on the promise and the progress in collaboration software while also touching on the areas of opportunity or the pain.

Emergence Capital Partners started with a thesis that software…

View original 528 more words

#SQL: Update xml field from value from other table

We are going to update Title field in XML below. Assume we have incorrect values there in our Library table. We will find the correct values by using Title field from AllBooks table.

<Book xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
 <Title>Incorrect Title</Title>
</Book>
UPDATE Library SET info.modify('replace value of (/Book/Title/text())[1] with sql:column("Title")')
FROM Library 
LEFT OUTER JOIN AllBooks ON Library.BookID=AllBooks .ID
WHERE info.value('data((/Book/Title)[1])','nvarchar(max)') like 'Incorrect Title%'

#PowerShell: Register AWS EC2 instances in Amazon Route53 (new way)

Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service.
Just in case – Amazon EC2
I use this script https://github.com/konstantinvlasenko/cloud/blob/master/Register-CNAME.ps1 to provide meaningful names for them.
Simple usage:

$config = @{ DomainName = 'mylab.com' }
$name = "www.$($config.DomainName)"
# get instances
$instance = (Get-EC2Instance $InstanceId).RunningInstance
# update R53
.\Register-CNAME.ps1 $config $name $instance.PublicIpAddress

Advanced usage (register in another account; registering A record):

$config = @{ DomainName = 'mylab.com'; AssumeRoles = @{ R53 = @{ ARN = 'arn:aws:iam::600021112340:role/Route53'; SessionName = 'Friends' } }; }
$name = "www.$($config.DomainName)"
# get instances
$instance = (Get-EC2Instance $InstanceId).RunningInstance
# update R53
.\Register-CNAME.ps1 $config $name $instance.PublicIpAddress 'A'

#SharePoint 2013 #PowerShell: How to get user permissions report

function Get-SPPermissionsReport($web, $recursive)
{
  $web | Get-SPUser | % { New-Object PSObject -Property @{
    UserLogin = $_.UserLogin
    'Roles given explicitly' = $_.Roles
    'Roles given via groups' = $_.Groups | %{$_.Roles}
    Groups = $_.Groups
    Url = $web.Url
    }
  }
  if($recursive) { $web.Webs | % { Get-SPPermissionsReport $_ $recursive } }
}
$web = Get-SPWeb http://yoursharepoint/sites/department
Get-SPPermissionsReport $web $true | Sort-Object UserLogin | Out-GridView

Then you can apply an additional filter by user or url right in the GridView.
You can add an additional matching criteria in the GridView: e.g. match by Role/Group name

Apply GeoTrust certificate to AWS ELB

Here is the tool which I used to verify correctness of my AWS ELB SSL configuration.

AWS ELB

  • Certificate Name – put here whatever you want
  • Private Key – copy and past content of server.key file
  • Public Key Certificate – copy and paste content of your_site_name_ee.cer file

This will be enough to pass validation by the tool. But you will get one warning. Because GeoTrust  is quite new player on the market. Old browser doesn’t have information about GeoTrust. So GeoTrust provides intermediate certificates. You need to set Certificate Chain field if you care about old browsers.

  • Certificate Chain – copy and paste content of GeoTrust Extended Validation SSL CA – G2.txt and then copy and paste content of GeoTrust Primary Certification Authority.txt

 

Backup you on-prem/local #PostgreSQL database to cloud #AWS #RDS snapshot

backup for $0.026 + $0.125 per GB-month

Total costs of the backup operation: $0.026 + $0.125 per GB-month

Script below will do the following steps:

  1. create PostgresSQL AWS RDS t1.micro instance
  2. wait till instance started by using aws rds describe-db-instances
  3. get AWS RDS instance address
  4. copy database
  5. create AWS RDS instance snapshot and terminate instance by using aws rds delete-db-instance
  6. send notification by using AWS SNS service

Prerequisites:

#!/bin/bash
SNSTOPIC=arn:aws:sns:us-east-1:000000000000:MYTOPIC
RDSINSTANCE=MYBACKUP
_now=$(date +"%d%m%Y")
BACKUPNAME="$RDSINSTANCE$_now"
DATABASE=MYDB
DBADMIN=admin
export PGPASSWORD=MYPASSWORD

# create RDS instance
aws rds create-db-instance --db-instance-identifier $RDSINSTANCE --allocated-storage 5 --db-instance-class db.t1.micro --no-multi-az --engine postgres --master-username $DBADMIN --master-user-password $PGPASSWORD --db-name $DATABASE --backup-retention-period 0

# wait till instance started
while [ `aws rds describe-db-instances --db-instance-identifier $RDSINSTANCE | python -c 'import json,sys;obj=json.load(sys.stdin);print obj["DBInstances"][0]["DBInstanceStatus"]'` != "available" ]; do sleep 10; done

# get instance address
AWSHOST=`aws rds describe-db-instances --db-instance-identifier $RDSINSTANCE | python -c 'import json,sys;obj=json.load(sys.stdin);print obj["DBInstances"][0]["Endpoint"]["Address"]'`

# copy database
pg_dump -U postgres dbname=$DATABASE | psql --host=$AWSHOST --username=$DBADMIN --dbname=$DATABASE

# terminate instance and create snapshot
aws rds delete-db-instance --db-instance-identifier $RDSINSTANCE --final-db-snapshot-identifier $BACKUPNAME

# send notification
aws sns publish --topic-arn $SNSTOPIC --subject 'AWS RDS BACKUP' --message 'Done'

Doctrine 1.x log all queries

To log all queries we need to use Event Listeners

class QueryDebuggerListener extends Doctrine_EventListener
{
    public function preStmtExecute(Doctrine_Event $event)
    {
        $q = $event->getQuery();
        $params = $event->getParams();

        while (sizeof($params) > 0) {
            $param = array_shift($params); 

            if (!is_numeric($param)) {
                $param = sprintf("'%s'", $param);
            }   

            $q = substr_replace($q, $param, strpos($q, '?'), 1); 
        }   
        error_log($q);
    }
}
$queryDbg = new QueryDebuggerListener();
$dbh = new PDO($dsn, $user, $password);
$conn = Doctrine_Manager::connection($dbh);
$conn->addListener($queryDbg);
Follow

Get every new post delivered to your Inbox.