The ramblings of a computer geek
The document provides an overview of how to setup and configure OKTA with a test Shibboleth sP (Service Provider) instance with a example site which is secured using OKTA. It can be used to explore how OKTA and Shibboleth sP interact with the SAML assertion exchange. The deployment is simple and provides the following: An […]
More...
When using Route53 for DNS, you have the option of using a special AWS only type of record for the Apex or Root record of the domain (zone). Taking an example domain.com, you typically would have a website which has an A record called www.domain.com. But what if you want to have the apex of the domain […]
More...
Its recommended to manage your EC2 instances via SSM if/when you need console access rather than using SSH which can pose a security risk. Of course if you need to get or put files into the EC2 instance this can be a bit tricky, however if you have an S3 bucket available you can use […]
More...
BASH Prompt via SSM by Default To set the BASH as the default prompt when using SSM, within the AWS Console browse to: Then add the following: Then attempt to login via SSM, you should now find you are getting the BASH prompt. Fancy Colours Edit the .bashrc file within the user home directory and set as […]
More...
As a test we are using OpenSSL to perform some credentials testing using an Enterprise Application configured in Microsoft 365 to connect using IMAP(S) and SMTP via OpenSSL to validate how OAuth modern authentication works. Create Enterprise Application Firstly we create an Enterprise Application, we are going to be using Win64 OpenSSL v3.3.3 Light on […]
More...Sometimes SMTP servers what a particular EHLO/HELO argument for connecting clients, you can make Thunderbird do this by setting a new setting Settings->Config Editor, then add the following setting: mail.smtpserver.smtp1.hello_argument Specifying what you want Thunderbird to announce itself as.
More...If you want to use OpenSSL on Microsoft Windows, there are a number of packages provided that allow you to do this, in this example we’ll use Shinning Light Production’s OpenSSL MSI Package. Step 1 – Download and Install OpenSSL Download the installer from: https://slproweb.com/products/Win32OpenSSL.html, I used Win64 OpenSSL v3.3.3 Light, but there may be […]
More...A simple BASH script that you can run as a CRON job to check if a particular string is present in a file, and if not it sends you an email to say the file no longer has a particular string. And the email send just uses sendmail (assuming that is installed and configured). You […]
More...
We needed to determine the “fingerprint” of a x509 certificate which was present within SAML2 XML Metadata as part of an update of the metadata during a swap from using Shibboleth IdP as our IdP with using OpenAthens IdP instead. You’ll need to have your own source Metadata from which you want to extract the […]
More...Although it may not be useful to most unless you are using the OpenAthens with Shibboleth IdP, I though running through some SAML request debugging which shows how you can take apart a SAML request, rewrite it and then re-encode it to assist in debugging or testing. The purpose of this was to test the […]
More...