Client IP based session validation in OpenAM

In Single Sign On (SSO), the cookie itself is the sole mode of validation for most systems.

With OpenAM, one can assign extra attributes to the session other than the cookie. Validation based on client IP addresses can be done as well. What this means is that, when the IP address changes of an user, the user has to login to OpenAM (or Relying Party/Service Provider )  again, since his session is no longer valid for the IP.

So this is how one would do this:

Go : Configuration -> Server & Sites -> Default server settings

 Then to advanced:

OpenAM database connectivity with MySql

This post comes after a long time. I had been really stuck with my project in creating a Single Sign On implementation. I was working with an amazing piece of software, OpenAM, formerly OpenSSO, currently maintained by the Forgerock community. 

My setup: I used Tomcat with Mysql and OpenAM 11.0.0 running on Centos

So first things first, install mysql-connector-java for your operating system and you should get a jar file. Here is what I got on my box:

# rpm -ql mysql-connector-java | grep jar
/usr/share/java/mysql-connector-java-5.1.17.jar
/usr/share/java/mysql-connector-java.jar

Now copy this to your tomcat installation directory. At "$CATALINA_HOME/lib" and restart tomcat.

Setup gitlab with OpenAM (OpenID Connect)

OpenAM, formerly OpenSSO, is an amazing piece of offering for providing Identity Management capabilities in an organisation. So this is what I wanted to do, integrate OpenAM with Gitlab.

Like in my previous post on integrating with an OpenID provider (which is different from OpenID Connect) we follow similar steps. We are going to use OpenAM as an Openid Connect provider.

OpenID Connect protocol, finalized on 26th February, 2014 is a not a very new protocol and has existed for a long time.[1] It is OpenID protocol encapsulated in OAuth2 protocol.

Gitlab configuration:

Setup gitlab openid authentication with simpleid

Gitlab is a wonderful new tool that allows one to host projects just like we do on github. The basic difference is that github has public projects as it's default setting and gitlab has private!

What I was about to do was to integrate OpenID authentication mechanism so I needed a OpenID server for that. I used a fairly simple OpenID server, SimpleID. The name says it all!

Gitlab version 6.3.0 does not support openID authentication out of the box. Here are the necessary hacks required to get it running. I got it running on a centos 6.3 box.

Logstash undocumented

So I was playing around with logstash for a few days and it frustrated me that their documentation was awful. These guys really need to get someone to write more of the usability of the utility. For those who are not aware of this awesome tool, logstash, please do check out it's homepage. It is used for analysis of log files (in servers in most cases). So what is does is essentially 3 steps:

1. Collects logs by monitoring files or sockets, executing commands, etc. It has a host of input plugins, check out the docs page for a very sparse view.
2. Apply filters on the inputs, modify the way the input looks like eventually.
3. Output filters, dump the data to a socket, webapp, queues, etc. 

Logstash is generally used in cases of elastic search (e.g. kibana) that shows up neat graphs and searching can done in this data as well.

So in my particular case what I was trying to do was send data across to graphite, which just shows the data in a neat graph.

Tikona WiMAX Internet Connection Problem

It's been over a month I have been stuck with an odd problem that prevented me from getting online from my Linux boxes. Pretty frustrating. I was stuck with XAMPP and realized how buggy the DevC++ System  was. Okay, let me get to the point.

So apparently Tikona WiMAX changed it's system as it would not acknowledge any DHCP requests made by lines that Advertise 100 Mbps connections. It kept fooling me for so long!

So, one fine day, I found @yagoo on #ubuntu. He pointed me out my system was using Half-Duplex connection.. after a brief diagnosis on my WinXP. He then told me about the mii-tool.

Intel Graphics Card Linux Drivers

Looks like the future is perfect for Intel 845, Intel 855 and Intel 910 graphics chip-sets on Linux.

On my Mint 10 (aka Ubuntu 10.10 Maverick Meerkat)... I was finally able to get all my resolutions and Graphics Acceleration after ages.


Okay, so initially the Framebuffer device (fbdev) was the default graphics device on Ubuntu 10.10 (aka Mint 10) and thus the intel driver is not loaded. In order to force loading the intel driver create the file

/etc/X11/xorg.conf

To create this file you must be root... here's how you could do it:

Voice Notification System

Want to make the computer remind you the time every hour, so you don't lose track?

Here's a simple voice (I've chosen a female US speaker for this ;-) notification system that will remind every hour the time.

Pre-requisites:

festival

To install festival:

sudo apt-get install festival