Archive

Archive for January, 2009

An IRC channel about IAM

January 15th, 2009 No comments

Few days ago, I thought it was a pity there is no place to discuss about IAM. Well, ok, there are some places like Sun IDM’s forums, the #opensso channel, etc. however all this place are related to a specific product. For example I don’t think the Sun IDM’s forum is a good place to ask question about pros and cons of Sun IDM vs Novell IDM 🙂 Well, you can, but there is a big chance that all answers leads you on Sun IDM ! 🙂

So, as you probably ever guessed, I create an IRC channel, so you can join us (there are already some very interesting people!) on the freenode network (irc.freenode.net), on the channel ##iam, note the double # is not a typo.

Hope to see you on the channel!

Categories: IAM, Social Tags:

*.asyd.net, quelques annĂ©es plus tard…

January 5th, 2009 No comments

BientĂ´t 6 ans que je possède le domaine asyd.net (merci encore Ă  ed), et je me permet un petit Ă©tat des lieux (plus Ă  titre personnel qu’autre chose) des diffĂ©rentes statistiques de mes diffĂ©rents sous domaines. En plus, cela me permet de me faire un peu de pub pour ceux qui ne les connaissent pas tous 🙂

Stats asyd.net

Stats asyd.net

  • http://asyd.net/ (1859), mon site personnel, avec surtout beaucoup de notes techniques, plus vraiment Ă  jour depuis un moment. Principaux eferrers zshwiki.org, postfix.org.
  • http://blog.asyd.net (755), blog ouvert dĂ©but 2008. Pour l’instant, je parle surtout d’IAM, de XWiki, et donc de groovy ! J’ai cependant bon espoir pour avoir de meilleures stats dans quelques semaines.
  • http://sysadmin.asyd.net/ (888), site avec quelques articles issus de la liste francophone sysadmin@asyd.net. Parmi ces articles, je me permet de rappeler celui très intĂ©ressant sur la gestion physiques des baies. Principal referrer, le site de Hudson (merci Olivier !).
  • http://cli.asyd.net/ (838), site francophone sur la ligne de commande (shells et dĂ©rivĂ©s). Principaux referrers, ubuntu-fr.org, linuxfr.org.

Pour ceux qui se posent la question, les chiffres donnés correspondent aux nombres totals de visiteur unique sur le moins de novembre et sont calculés par awstats, avec une instance dédié pour chaque sous domaine.

Categories: Social Tags:

OpenSSO and EJBCA: Use Case

January 1st, 2009 8 comments

EJBCA logo

EJBCA

Interest by OpenSSO (especially in the Access Manager part)? If yes, you should be interest by my VMWare image. The image was made to demonstrate an application protected by opensso. The application is divided in three parts, the first one is available for everyone (non authenticated users). The second part, the secure area, is available only for users authenticated in OpenSSO, and members of group employee. And finally, only users authenticated by certificates and member of group employee can access to the very secure area.

OpenSSO logo

OpenSSO

How to try this image?

  • Download the archive
  • Extract it
  • Open the vmx file using VMWare
  • You need to give >= 1024MB of memory for the image. Indeed, lot of services are required for the demonstration. (One Tomcat, one JBoss, one OpenDS, and one Glassfish).
  • Boot the image, some services may take few minutes to start, depends of your configuration
  • Login using root account, with password root
  • When you opened the VMX file from VMWare, it ask if your copy or moved the virtual image. If you choose copy, you need to execute the following commands to get network working:
# rm /etc/udev/rules.d/z25_persistent-net.rules
# modprobe -r pcnet32
# sleep 1
# modprobe pcnet32
# /etc/init.d/networking restart
  • Execute the command ifconfig eth and identity the IP address of the image
    Check IP address
  • On the host system (your desktop, NOT on the image) edit your /etc/hosts (or equivalent) file, add the following line:

172.16.19.136 opensso.local.asyd.net

  • Start your favorite browser,  hit http://opensso.local.asyd.net:8000/ and follow instructions. The first access to each application may take some few minutes, be patient!

As usual, any feedbacks are welcome.

Notes:

  • In order to access to the very secure area, after importing the certificate, you usually need to restart your browser. Indeed, most of browsers use a persistent HTTP/1.1 session with server, in this case, the HTTPS negociation is made only one time.
  • The glassfish’s console is http://opensso.local.asyd.net:4848/ not http://opensso.local.asyd.net:4848/opensso

Categories: PKI, Security, SSO Tags: ,