Search

Samstag, 13. März 2021

Help Texas to recover from catastrophe!

 This is very big catastrophe in USA , they were hit pretty hard and  many people in Texas just trying to survive trough very , very bad environment!




Mittwoch, 3. März 2021

5: Final conclusion about running Gluu Server

 5: Final conclusion about running Gluu Server

The implementation of the security layer still in the "making" phase check this page later! Thanks!

This is is it final conclusion ;)


4: Integration with my Angular app

 4: Integration with my Angular app

Once before undergo actual implementation of Oauth2 some important preparation is needed:

I will go through following Github repos:

Even more reading of documentation:

Books reading: 

  1. Solving Identity Management In Modern Applications Demystifying OAuth 2.0, OpenID Connect, And SAML 2.0 by Yvonne Wilson , read the book review here
    Comment: this book pretty abstract , but it describes different OAuth 2 protocols, some of them simple and some of them are not, still this book doesn't provide how to do it in Angular?
  2. Securing the Perimeter Deploying Identity and Access Management with Free Open Source Software by Michael Schwartz , read the book review here
  3. OAuth 2.0 Identity and Access Management Patterns by Martin Spasovski read the book review here
  4. OAuth 2 in Action read the book review here
  5. Mastering OAuth 2.0  
  6. Oauth 2 Cookbook
Video course online:
  1. Getting Started with OAuth 2.0 at pluralsight
    Comment: well that was interesting , but too abstract, better then the experience with book
  2. OAuth2 & OpenID Core Best Practices For Implementers 2020 at udemy ,
    Comment
    to simple after all previous experience!
  3. Understanding Oauth2 With NodeJS at pluralsight ,
    Commentthat was interesting actual code examples in java script  , still hard to follow most software architecture not explained and depends on NodeJs e.g. Node Express implementation, but rather code details are explained, still not what i expected.
  4. OAuth 2.0 Deep Dive Volume 1 Comment: need to watch ;)

Only after so much reading and code review, I would have pretty good understanding about how to implement web  security in my Angular project, so stay tuned for more info!


So whats next?!


3: Admin stuff and set up for Gluu Server

3: Admin stuff and set up for Gluu Server

Are we there yet?

Looks pretty cool and it is time to read the docu: https://gluu.org/docs/gluu-server/admin-guide/oxtrust-ui/

Cool there lot’s options to configure , if you know what you need to configure touch them, otherwise don’t! I try to go through each of the configuration options and give brief comments about it.

Manage Authentication

In manage Captcha I setup following and I hope make sense


I am not sure why CAS Protocol is empty

One strange thing that Person Authentication Scripts is mentioned as Manage custom scripts in the official Gluu server guide:

Manage Registration

This is obvious enough, sure I wished from the UI perspective have differently named options, but well its cool enough for me.

Attributes

Read the following docu https://gluu.org/docs/gluu-server/admin-guide/attribute/

Import/Export Attribute LDIF

Interesting options where you can copy attributes from another gluu serve instance, but I don’t need it for my case.

Cache Refresh

This even complex , use it whenever you think it make sense to you, but seriously attaching Microsoft Active Directory is kind of overkill.

LogViewer Configuration

This is pretty obvious in my opinion additional logger is not require  , but well some people like to overcomplicate the stuff.

View Log File

This is pretty cool feature, when you for example don’t want to use ssh , you can use this page for looking into Gluu Server messages.

There lots of logs which you view, for me currently that’s not so critical , but some folks from devops love to look hours into logs, not me , I basicly prefer to react on event  (not working server, security issue, hardware failure) and that’s it.

Server Status:

Cool here you see basic info, which I like, because you are not overwhelmed by the data ;)

Certificates:

Read the Gluu online docu  https://gluu.org/docs/gluu-server/admin-guide/certificate/

What have Gluu Server next in “store” ?

In my case only OpenID and UMA was displayed, so for OpenID read the following

online docu 

Scopes:

This is pretty OpenID specific, i just say that even more time need to be spent on reading  scope claims 

Clients:

This obvious too, here you can specify additional client which would be
authorize to use the OpenId at Gluu Server

UMA: 

Read the online docu https://gluu.org/docs/gluu-server/admin-guide/uma/
My impression , another feature of Gluu Server which you can touch only  if you know what you doing.
Basically it’s a interface between different auth servers. I Wonder why its enabled by default? ;)

Users:

Well this feature is pretty important , because here you can see the list of users which allowed to use Gluu Server for authentication and authorization purposes!
Read online docu https://gluu.org/docs/gluu-server/user-management/local-user-management/

Groups:

Show the list of groups with different authorization purposes

Manage people:

Here finally you can add a Person

Import People:

Here you can import users from Excel, this is not applicable in my case, because I don’t plan to insert manually user , this rather administrative job , which I don’t like to attend to.

The last feature of Gluu Server is a Personal tab : basically here you would see your administrator personal data , you can change the values in this tab trough the user search in another tab, don’t forget to setup the right time zone 

So whats next?!


2: Actual installation of Gluu server

 2: Actual installation of Gluu server

Read this documentation and follow specified instructions in the documentation bellow (for each Linux distro your experience can be very different): 

So Gluu server installed what’s next?!

Then at this point you need to run after install setup describe here 

Run with command setup.py  -c
Reference youtube video: 
You will be ask about your hostname: don’t provide stuff like localhost or ip address, write something creative like:

tuxatwork.gluu.org or pinguineattack.gluu.org 

Please notice that it should be qualified domain name , if you plan to have in future own domain , well use this domain name!

THIS IS VERY IMPORTANT OR OTHERWISE IT WOULD NOT WORK AS YOU EXPECTED!
Make sure that your fully qualified domain name is listed in /etc/hosts

Here you can find good example

So this my last warning use proper hostname: like mainframe.gluu.org or mainframe.info.org Basically it should look like this ip-address yourhostname.gluu.org I would provide some further screens, because it’s hard to explain ;)

this is what you see when you run setup Python script for the first time (this would you see without parameter running setup without –c parameter!)

Then on the next screen you will see some boring info,

just type orga name which you represents, email , city name and etc. next screen you need to pick the services which you want to install, I choosen

Apache Server and the Admin GUI Gluu product services web page, there you would get information about each of
possible service ;) (this would you see without parameter running setup without –c parameter!):

Next finally you see following:

Or with running with parameter –c

This is somehow tricky, my best advise use this default,
because installing way to many services is not sane and before you install
them think about your production case in any case my best advice look up what those services doing
and if you find them useful only then install,
in my case of single page application I use default settings ;)

Don’t forget to setup a oxTrust password for your login: which should pretty complex
and not brute forceable and shouldn’t be easy “hackable”!

The following steps are optional, follow them
with caution:

Then you can pick the persistence which in the case of Gluu  Server is a Couchbase and set the password for the admin of couchbase!

If Couchbase is not installed, well then use following guide https://gluu.org/docs/cb/,
well that wasn’t really helpful!!

Use the official Couchdb guide

Don’t forget to check that you install community version of couchdb!

Try https://access.redhat.com/solutions/10154  and download package in chrooted environment

/opt/dist/couchbase/ rename  couchbase community to enterprise edition example like following:

mv couchbase-server-community-6.6.0-centos8.x86_64.rpm \ couchbase-server-enterprise-6.6.0-centos8.x86_64.rpm

Oh my good it’s so difficult to setup the couchbase, well in my case I start from this point i do all steps without couchdb!!!!!

After many times of failure with couchbase setup I finally   decided to give up on couchbase usage in such small test case!

Here you actually select what you prefer to store in OpenDJ , I decided to stay with default settings, but even if you unselected , as you can see on following  screenshot those properties would be save in the Couchbase (If of course you was able to connect to it).

The following steps are important, follow them
with caution:

This is what you see if you selected install couchbase!
(this what would you see without parameter -c):

Wasn’t so difficult afterwards?! ;) Nope it is DIFFICULT!!!!!
After that confirm your packages selection! (this what would you see without parameter -c):

Now, if all packages as presented display , then hit next , finally the Gluu server installation begins and hopefully nothing brakes!
If you trying to use couchbase you can experience following errors, the Gluu setup wasn’t able to resolve them, because couchbase have pretty complex configuration
setup, but overall for my case I don’t use couchbase.


Finally after like 6 installation “trials” I have completely and successfully installed the Gluu server.


Man that’s was a lot of work, but it  was worth it ,

don’t forget you creating your own identity access provider service  , which allows you to have complete independence
from the famous identity cloud providers!!
Check what runs on your box: netstat –tulnp

You will see active open ports on your Linux box, Gluu Server takes a few minutes so wait like 10 minutes before running this command.

1. Preparation for Gluu Server installation

 1. Preparation for Gluu Server installation

Read this guide for the installation: https://gluu.org/docs/gluu-server/4.2/installation-guide/

Now take the decision with a supported by Gluu Server Linux distribution, I decide to use CentOS 

Simple, because there 0 license fees and its binary compatible to RHEL installation packets.

Now before going further make sure that your machine or vm meets following criteria, I recommend to go above , because with minimum req you would be to install Gluu server , but probably wouldn't perform as you expect! 

So here are minimum requirements for the VM instance:

  • 4 GB RAM
  • 2 GB swap space
  • 2 CPU units
  • 40 GB disk space
  • So this basically how my test machine in Vmware look like:

    Initially I tried with minimal setup, but it didn’t worked as I expected

    and with this setup all worked out ;)

    And this how I partition my test machine and I use everywhere ext4 ;)

    • SWAP  8 GB
    • Boot    1 GB
    • /  Rest 51 GB

    All looks great!

    Open port 443 with following command:

    firewall-cmd --zone=public --add-port=443/tcp --permanent
    firewall-cmd --reload

    Installation of CentOS is complete! 

    What’s next?!

    Back to main article

    0: Introduction to Gluu Server and reasons behind running own IAM Service

    0: Introduction to Gluu Server and reasons behind running own IAM Service

    Good introduction about Gluu projects: 


    Gluu Server using following licensed lib’s : look up following page: 

    https://gluu.org/docs/gluu-server/4.2/

    Many developers depend on external cloud based identity provider’s service’s and most times those services work without any problem, but if you ask me in 2021 would you alone count on those services, I say No!

    There many reasons to run own identity management service and one of them, which my main personal reason is that I am responsible businessman which deeply cares about data protection and integrity of the users which would use my platform.


    Furthermore, the external identity management service providers won’t  allow my company to audit the authentication and authorization services which my company must verify.

    It’s simple fact, sure many individuals and companies are believing what those companies telling, but we at Orlovsky Consulting GbR know how many USA and EU companies operating and without external validation of their implemented security , there always would be a health and reasonable doubt that what they doing is wrong.

    As product owner and full stack developer for project Job manager 2020 I take security very serious, because I want to guarantee the best possible experience during the usage of my platform, so here we go this is basic introduction and lets start with real work!.

     Whats Next?!

    Back to main article

    Integration with Gluu Server for authentication and authorization in Angular app!

    Integration with Gluu Server for
    authentication and authorization
    in Angular app!

    Today i start my “own road” to running own opensource Gluu IAM Server (Identity access management provider service) for my company opensource project:

    Job Manager 2020 Angular Version!

    My plan to read some books about OAuth2 security protocol and spent lots of time configuring the Gluu Server and run locally for tests and then later in cloud or in hybrid environment. (Depends on future scale and complexity of  this project)

    I think this would be very interesting , because not only i would use best practices in web security , but i gather experience with running of Gluu server, which in my opinion the best option for IAM opensource solution.

    Websecurity is a big topic and Oauth consist of man different important details which as web developer should not ignore.

    Here you can read about different phases of
    my experience working with
    Gluu Server and Oath2 security protocol.

    0: Introduction to Gluu Server and reasons behind running own IAM Service

    1: Preparation for Gluu Server installation

    2: Actual installation of Gluu Server

    3: Admin stuff and set up for Gluu Server

    4: Integration with my Angular app

    5: Final conclusion about running Gluu Server

    About Job Manager 2020 Angular version!

    So you want to know more about this project ?


    This is a opensource platform would revolutionize the way how job seekers manage they data , about where and when the applied at the different companies.

    Typical case would be that user generates email with all needed data to apply at particular company and if user allowed to be contacted by other companies, companies can and probably actively see contact with such job seeker.

    Sure i have in mind the IT professional, but such platform can be enriched with other feature like different job profile.

    So what is the most valuable feature in this platform?

    Jobseeker would get a opportunity to stand out from the people who too looking for the job , but don't use such platform.
    Finally companies don't need to spend to much time on seeking people via different platforms , because they would  contact a job seeker via such platform and i plan in future to integrate with other big job openings platform's so that there would be more options. 

    Job seekers organize theirs data in very structured way and companies don't spent time on puting the openings in many different platforms and just contact such users via opensource platform.

    Are you investor , or not sure what i mean, not a problem !
    Contact my company and we would be able to help you further!




    Montag, 1. März 2021

    Newsletter of Orlovsky Consulting GbR Ausgabe 2021 Monat: März

    Agilität: Offen tun und hierarchisch denken:  https://rb.gy/70pahq

    Kommentar:  Interessante Beobachtung, anscheinend es gibt noch viele Unternehmen , welche nach Wasserfall arbeiten oder arbeiten würden.

    Azure Sphere OS Built on a Compact   https://rb.gy/3wg3wn

    Kommentar: Microsoft hat sehr interessantes Linux für den eigenen Cloud gebaut , wow!

    Die Zukunft ist beweglich: Quo Vadis, Agilität?:
      https://rb.gy/72b63d

    Kommentar: Sehr interessante Beobachtung über die Veränderungen in den grossen Projekten, es ist definitiv geht alles die Richtung von Agil wie sonst. 

    Manager sehen hybrides Arbeiten als Modell der Zukunft: https://rb.gy/p1pp2m

    Kommentar: Klar durch Corona hat einiges geändert und es wird nicht besser, wobei dieser Artikel sehr positive Zukunftsperspektive kennzeichnet

    Buch Review Business Analysis und Requirements Engineering: click here for the review on books review

    Kommentar: : Ich habe sehr interessantes Buch gelesen, es geht um meine Lieblingsthema Projektanforderungsanalyse und wie man diese am besten durchführen kann.

    Test nonstop:  https://rb.gy/hfd0hz

    Kommentar:  Imbus hat hier Interessante Schulungen rund um die Softwarequalität und beschreibt wie man die Tests organisiert und durchführt.

    Blog-Archiv

    Blog readers favorites