The ramblings of a computer geek
So you created an Exchange Online User and Mailbox but you’re still in a hybrid configuration where you are managing Exchange mailboxes on-premise. What this means is that the on-premise Exchange Organisation has no idea that the user exists, it doesn’t appear in Exchange Admin Center and it also probably won’t appear in the GAL. … Read more
Let’s say you’re needing to examine the logs using Splunk to find invalid logins, but perhaps the way the logging works from your application, Splunk is not able to identify the IP Address automatically. This isn’t a problem, you can use a Regex. So let’s say you’re looking for the string “failed login for user … Read more
Splunk is a great tool for visualising alerts and events, I’ve been creating a dashboard to aggregate all the failed logon attempts from management interfaces of our network switches, firewalls, storage etc. so that if someone tries to brute force password attempt the interfaces we have some visibility. Obviously the queries you need to use … Read more
Let’s say you have a certificate bundle in PKCS12 format, where you have the Private Key, the Public Key (Certificate Signed by a CA) and the Chain, and you need to break it down into its individual files for use within an application or the like. You can achieve this with the following set of … Read more
The document provides an overview of how to setup and configure OKTA with a test Shibboleth sP (Service Provider) instance with a example site which is secured using OKTA. It can be used to explore how OKTA and Shibboleth sP interact with the SAML assertion exchange. The deployment is simple and provides the following: An … Read more
We needed to determine the “fingerprint” of a x509 certificate which was present within SAML2 XML Metadata as part of an update of the metadata during a swap from using Shibboleth IdP as our IdP with using OpenAthens IdP instead. You’ll need to have your own source Metadata from which you want to extract the … Read more
Although it may not be useful to most unless you are using the OpenAthens with Shibboleth IdP, I though running through some SAML request debugging which shows how you can take apart a SAML request, rewrite it and then re-encode it to assist in debugging or testing. The purpose of this was to test the … Read more
The Microsoft Exchange Poison Queue is a little known queue on an on-premise Microsoft Exchange Server, maybe I’ve been lucky, but I’ve only seen emails end up here once in my time using Exchange Server which goes back to Exchange 5.5. However this week, we observed some messages going into the Poison Queue which were … Read more
Sometimes you have some kit that is just old and isn’t supporting the recent (and secure) key algorithms, if you need to connect (with some consideration of the security implications) you can use something like the below. The “-v” means verbose, you can see when connecting what the end point is offering, then you can … Read more
Had an issue where we had a client that couldn’t access a particular site, in this case we wanted to determine what encryption ciphers a particular website was offering on its HTTPS server, SSLScan which is a Linux tool available on Ubuntu and other distributions can help, for example: