July 7, 2016

How to Run Java FXML on Ubuntu

Running Java FXML requires Java Web Start. If not installed you get this

To install Java Web Start on Ubuntu 16.04 LTS

How to Run Java FXML on Ubuntu

Running Java FXML requires Java Web Start. If not installed you get this

To install Java Web Start on Ubuntu 16.04 LTS

July 6, 2016

How to Install Java FX on Ubuntu

The default JRE on Ubuntu is OpenJDK, but it does not come bundled with Java FX, since Oracle has closed Java FX and do not allow it to be freely distributed. But there is an open option, namely OpenJFX.

To install OpenJFX on Ubuntu Ubuntu 16.04 LTS.

June 27, 2016

Federated Single Sign-on with Shibboleth

Shibboleth supports federated (i.e. multiple Identity Provider, IdP) Single Sign-on (SSO) with SAML 2.0.

Shibboleth 2 supports SAML 2.0 and WS-Federation Passive (ADFS), but NOT OAuth 2.0 and OpenID 2.

Reference:

  1. https://shibboleth.net/about/
  2. https://wiki.shibboleth.net/confluence/display/DEV/Supported+Protocols
  3. https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig
  4. https://wiki.shibboleth.net/confluence/display/SHIB2/SPReverseProxy

How to Handle SAML 2.0 HTTP Redirect Binding in AngularJS

"The default settings of the ui-router in AngularJS produces URLs like http://localhost/#/products/details/12345. Your Servlet gets a request for / and after a successful SAML authentication you are sent back to http://localhost/. The location hash #/products/details/12345 is lost during the authentication."

This is ok if you have a landing page, but not after session timeout.

"The solution was to enable the hmtl5mode in the $locationProvider and add a base tag to the HTML. When this feature is enabled, the URLs look like http://localhost/products/details/12345."

Reference: http://www.jasha.eu/blogposts/2015/10/saml-authentication-angularjs-spring-security.html

Also good links:

  1. https://www.mutuallyhuman.com/blog/2013/05/09/choosing-an-sso-strategy-saml-vs-oauth2/
  2. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/458610/Identity_Assurance_Hub_Service_Profile_v1.2a.pdf

June 26, 2016

How JBoss EAP 6 Recieves Client Certificate with CLIENT-CERT

When you configure you web application with client certificate authentication.

The jbossweb/catalina valve is receiving the client certificate by:
org.apache.catalina.authenticator.SSLAuthenticator#authenticate(Request, HttpServletResponse, LoginConfig)

org.apache.catalina.connector.Request#getCertificateChain()

org.apache.catalina.CERTIFICATES_ATTR

Reference from JBoss EAP 6.4 and http://maven.repository.redhat.com/techpreview/all/org/jboss/web/jbossweb/7.5.7.Final-redhat-1/jbossweb-7.5.7.Final-redhat-1-sources.jar.