Skip to main content

Posts

How to extract and import certificate from a SAML SP metadata file to a Keystore

Extract certificate from the SAML service provider metadata file as follows, <X509Data> <X509Certificate> MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UE CAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxv Y2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQsw CQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UE AwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTou sMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5 HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQID AQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44i QlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJR O4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo= </X509Certificate> </X509Data> Copy extracted certificate to
Recent posts

JAAS Introduction

What is JAAS? The Java Authentication and Authorization Service (JAAS) is a integrated package comes with Java 2 SDK. Basically JAAS is designed to achieve two things, Authentication - determine who is executing the code Authorization - ensure user/code has access control right to perform an action  JAAS for Authentication JAAS modules related to authentication are connected in a pluggable manner. So it promotes the reuse of underline authentication technology with different applications. Following are the key classes we use in authentication process. LoginContext This is the start point of the authentication process. This class contains 3 methods as, login()  - authenticate user logout() - logout user getSubject() - get authenticated user When we initiate a LoginContext, we provide required configurations to handle authentication. So we can change underlying authentication technology from the configuration without updating the application logic. Config

Sample Service Client for Copy Resources in WSO2 G-REG 5.1.0

This is a sample service client implementation for WSO2 Governance Registry 5.1.0 which traverse through a registry resource tree and copy all resources to a desired location. Also it can ignore specified paths in a resources tree while copying. Source and binary can be found in this location . Follow the instructions mentioned in the README.md file to run the client. You can modify following properties in the ' resources/ client.properties ' file to change the behaviour of this service client Property Name Description GREG.URL Services endpoint of the G-REG server URL (ex: https://localhost:9443/services/) GREG.USERNAME User name (This user must have read/write access to the registry) GREG.PASSWORD Password FROM.PATH Source location (ex: /_system/config) TO.PATH Destination (ex: /_system/config/dev) ESCAPE.PATHS Paths to skip while copying. Add paths here in a comma separated manner AXIS2.REPO Required to create axis2 configuration context AXIS2.CONF Axis2

Get source IP address in the medaiation flow of WSO2 ESB

If ESB directly receiving a request message from the source, you can use following properties to extract source IP related info, <log level="custom"> <property xmlns:ns=" http://org.apache. synapse/xsd " name="REMOTE_ADDR" expression="$axis2:REMOTE_ ADDR"></property> <property xmlns:ns=" http://org.apache. synapse/xsd " name=" REMOTE_HOST " expression="$axis2:REMOTE_ HOST"></property> </log> If you have a proxy server or load balancer in the middle, You can use following property to extract IP address of the request source, <log level="custom"> <property xmlns:ns=" http://org.apache. synapse/xsd " name=" X-Forwarded-For " expression=" $trp:X-Forwarded-For" "></property> </log>

Login to Workday using the WSO2 Identity Server

Prerequisites Use following keytool command to extract public certificate from the wso2is-5.1.0/repository/resources/security/wso2carbon.jks file. (pw: wso2carbon) keytool -export -alias wso2carbon -file key.crt -keystore wso2carbon.jks Important : In production environment you must not use the default wso2carbon.jks which comes with the WSO2 Identity Server Use following command to print the extracted public certificate, openssl x509 -text -inform DER -in key.crt Ex: -----BEGIN CERTIFICATE----- MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJV UzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoM BFdTTzIxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAy MTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwN TW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UEAwwJbG9jYWxob3N0 MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTousMzO M4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpb