A friend at work identified a “feature” of SAML based Identity Federation systems. The weakness is likely possible in *any* SAML identity federation system. To explain, I’ll posit a Google Apps domain configured to use SSO with a company that uses Oracle’s Identity and Access Management products. In that product line, OIF is the federation […]
A user reported to me that his browser was reporting that one of the websites I maintain was sending out a revoked SSL certificate as it’s identity. I checked and found that, sure enough, the certificate authority (CA), which I also run, has put that cert on the CRL. It had been superseded when I’d […]
Quick and dirty: I find smbclient incredibly useful at the command line in Linux, but I can never remember how to put the command together. So I wrote a bash function to simplify it for me. After the function code, I’ll describe how to store your credentials safely so you don’t need to type them […]
Some hard won knowledge: Here’s what I did: I used openssl on my Linux workstation to create a new private key and a CSR. Then I bought a signed cert from DigiCert using that CSR. I rolled those into a JKS using keytool – no trouble. But then I learned that if I want to […]
A client brought me a Dell Inspiron 5150 and reported it wouldn’t boot. Other techs had looked at it and reported a hard-drive failure. I learned the drive was mechanically operable and that the NTFS file system had suffered a double MFT failure. The MFT is the Master File Table, which you can read about […]
We rebooted the computer on which we have OID, OVD installed. When it started up, we noticed the AdminServer wasn’t running. We have our system configured to start Nodemanager which should start the AdminServer. So when it didn’t, I went to the DOS prompt and used startWeblogic.cmd so I could easily see the output. Here’s […]
See, here’s the silver lining in the very dark cloud of sysadmin hell I lately find myself. I’ve learned that I never, EVER, want to have to dig my way through an Oracle product again. So, there’s that. Figuring out the SSL stuff between the nodemanager, admin servers and managed servers feels sort of like […]
I needed to buy a single SSL cert from Verisign that works for two hostnames and can be installed on nine servers. Wow. To do that, you buy a SAN (Subject Alternative Name) SSL Cert. I’m installing this cert on nine Windows 2008 R2 based Oracle Weblogic 10.3 managed servers (web servers). They’ll be behind […]
Yes, we all “hate” SELinux. But, as I tell my kids, “hate” probably really means this: prefer not to use it because it stops me doing things and since I don’t know how to manage it, I can’t do anything but turn it off entirely and feel dumb about it…. 🙂 However, it’s probably actually a […]
From an e-mail I wrote today to a colleauge confused about character encodings. We copied a bunch of files from an old HPUX web server to a new RHEL server running modern Apache. The files viewed from the new server have the dread black diamonds all over the place and he is trying to understand […]