June 27, 2016

Federated Single Sign-on with Shibboleth

Shibboleth supports federated (i.e. multiple Identity Provider, IdP) Single Sign-on (SSO) with SAML 2.0.

Shibboleth 2 supports SAML 2.0 and WS-Federation Passive (ADFS), but NOT OAuth 2.0 and OpenID 2.

Reference:

  1. https://shibboleth.net/about/
  2. https://wiki.shibboleth.net/confluence/display/DEV/Supported+Protocols
  3. https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig
  4. https://wiki.shibboleth.net/confluence/display/SHIB2/SPReverseProxy

How to Handle SAML 2.0 HTTP Redirect Binding in AngularJS

"The default settings of the ui-router in AngularJS produces URLs like http://localhost/#/products/details/12345. Your Servlet gets a request for / and after a successful SAML authentication you are sent back to http://localhost/. The location hash #/products/details/12345 is lost during the authentication."

This is ok if you have a landing page, but not after session timeout.

"The solution was to enable the hmtl5mode in the $locationProvider and add a base tag to the HTML. When this feature is enabled, the URLs look like http://localhost/products/details/12345."

Reference: http://www.jasha.eu/blogposts/2015/10/saml-authentication-angularjs-spring-security.html

Also good links:

  1. https://www.mutuallyhuman.com/blog/2013/05/09/choosing-an-sso-strategy-saml-vs-oauth2/
  2. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/458610/Identity_Assurance_Hub_Service_Profile_v1.2a.pdf

June 26, 2016

How JBoss EAP 6 Recieves Client Certificate with CLIENT-CERT

When you configure you web application with client certificate authentication.

The jbossweb/catalina valve is receiving the client certificate by:

org.apache.catalina.authenticator.SSLAuthenticator#authenticate(Request, HttpServletResponse, LoginConfig)

org.apache.catalina.connector.Request#getCertificateChain()

org.apache.catalina.CERTIFICATES_ATTR

Reference from JBoss EAP 6.4 and http://maven.repository.redhat.com/techpreview/all/org/jboss/web/jbossweb/7.5.7.Final-redhat-1/jbossweb-7.5.7.Final-redhat-1-sources.jar.

SAML Security

https://www.owasp.org/index.php/SAML_Security_Cheat_Sheet

http://docs.oasis-open.org/security/saml/v2.0/saml-sec-consider-2.0-os.pdf

Google Chrome not Starting in Ubuntu 16.04 LTS

  1. Open you file browser ("Files" in the launcher).
  2. Then go up to "edit" in the top of screen menu bar and select preferences.
  3. Then tick "Show hidden and backup files".
  4. Go back to your file browser and scroll down to ".local" and open the folder.
  5. Then open "share" folder.
  6. Open "applications" folder.
  7. Select every folder with chrome in it's name and trash (empty trash).
  8. Open the launcher and Chromium Web Browser.

From http://askubuntu.com/questions/488823/google-chrome-not-starting.

June 21, 2016

How to Center a Window in Swing

How to Install Look And Feel in Swing

  1. Programmatically
  2. System Property
  3. Globally
  4. Add the following line to the $JAVA_HOME/lib/swing.properties:

For details see https://docs.oracle.com/javase/tutorial/uiswing/lookandfeel/nimbus.html.