Home / user-15122

Ryan Fernandes's questions

Martin Hope
Ryan Fernandes
Asked: 2011-09-21 16:56:49 +0800 CST
  • 5

My Service Provider issues a SAML 2.0 AuthRequest with a NameIDPolicy tag like so:

<samlp:NameIDPolicy AllowCreate="true" 
       Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>

This causes ADFS 2.0 to correctly issue a SAML Response containing an encrypted NameID token created by a rule similar to the one found here

<NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">    
        MyeHAMeGLojBt7fcc2DQtntXXFka0kybkR42ZTitTUs=</NameID>

So far so good, however, my Service Provider doesn't seem to understand the encrypted NameID claim and is expecting it to be unencrypted while at the same time having the name-format as transient

As per this document, ADFS2.0 treats request for transient or persistent NameID formats as privacy scenarios (and hence the encryption)

So my question then would be: Is there any way to have ADFS 2.0 generate the NameID claim with Format=transient and an unencrypted NameID like so:

<NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">Joe</NameID>
adfs
Martin Hope
Ryan Fernandes
Asked: 2011-02-25 20:54:52 +0800 CST
  • 0

I've created a RAID0 configuration with two 1GB EBS volumes, mounted at /dev/md0 using mdadm and formatted with XFS Next, I copied some files over to fill the volume to around 30% of its capacity (of 2GB)

I then created snapshots of the volumes using ec2-consistent-snapshot and created volumes of the said snapshots but specified the volume size to be 2GB (effective doubling the capacity on each disk)

I then spun up a new instance, assembled the RAID0 configuration on /dev/md0 from the 2 volumes mentioned above and mount it to /vol

df -hT showed /vol as 2GB (as expected)

Now I ran sudo xfs_growfs -d /vol. The command completed normally but reported blocks changed from 523776 to 524160 (only!) and df -hT still showed /vol as 2GB (instead of the expected 4GB)

I rebooted, remounted, reassembled the RAID but it still reports the old size.

EDIT: trying to grow the RAID using mdadm --grow yields mdadm: raid0 array /dev/md0 cannot be reshaped

Is there any other way I can grow a RAID0 array?

amazon-ec2 raid mdadm amazon-ebs
Martin Hope
Ryan Fernandes
Asked: 2010-06-22 18:08:12 +0800 CST
  • 0

I've used cntlm to automatically add NTLM headers to https requests when ssh'ing to a particular host.

What I need to do now is to send all outbound internet traffic (80/443) from any program running on machine A through a proxy server running on machine B transparently.

Machine A and B are on different networks (over the internet)

Is this at all possible? If yes, I would appreciate a quick how-to..

proxy automation transparent-proxy
Martin Hope
Ryan Fernandes
Asked: 2010-05-18 00:47:51 +0800 CST
  • 4

Tomcat 6 (as a windows service) seems to have a 'Start Mode' with options of 'java, jvm or exe' which can be set via the Tomcat Monitor (system tray icon).

if I set this to 'java', I can see a forked 'java.exe' process for tomcat, if I chose either of the other two, I dont see a separate process.

Anyway, would like to know if anyone has any information about what these settings mean and which one would be most appropriate in production.

windows windows-service tomcat
Martin Hope
Ryan Fernandes
Asked: 2010-01-05 21:10:24 +0800 CST
  • 1

I need to test an application that uses an LDAP store to authenticate users.

We need to POC this app with multiple LDAP providers (OpenLDAP, Sun LDAP, Tivoli Directory Server, Microsoft AD etc).

Is it possible to just install MS Active Directory as a plain LDAP on my existing computer network (just like the other LDAP software from IBM, SUN, Open Source)? My existing corporate network is already running an AD so I dont want to mess up any thing

If yes, please direct me to a solution/resource that will help me achieve the above.

Regards.

active-directory
Martin Hope
Ryan Fernandes
Asked: 2009-10-15 20:02:57 +0800 CST
  • 2

Inventory:

  1. Multiple PCs [WinXp/2K] on LAN (192.168.10.x) [default gateway is 192.168.10.100]
  2. One DSL modem at 10.1.0.1
  3. One PC [Windows 2000 AS] (dual NIC with RRAS) with:
    a. 192.168.10.100 [connected to above LAN] and
    b. 10.1.0.2 [connected to DSL modem]

The gateway PC (point 3) can see the internet and the PCs on LAN (point 1) can ping the gateway PC. The gateway PC hosts a proxy server (squid).

Problem:
Just turning on RRAS on the PC (at point 3) doesn't work. I know I'm missing some steps here.. Can someone please help?

Edit: Long Story:
Some PCs on LAN (Point 1) need to have restricted access to the internet. Hence the Dual Nic PC (point 3)acting as a proxy (squid+squidguard). This works fine, all PCs on LAN can connect to the internet via the gateway proxy. However, some PCs on that LAN need to connect directly to the internet (they use citrix and other stuff that needs direct connectivity).

internet
Martin Hope
Ryan Fernandes
Asked: 2009-10-06 01:42:42 +0800 CST
  • 0

Scenario: Our employees are on on-site assignment with company X. Company X has placed them behind a squid proxy for any internet-related access.

There are a couple of applications that our employees need to access via citrix hosted in our organization. If they access it using a data-card (so that they are directly on the internet), they can connect and work perfectly.

Problem: However, when they try to access our citrix site, they end up with 

'Could not find Citrix Presentation Server' or 'The Citrix SSL Relay Name could not be resolved'

We managed to fix the second problem by opening up the 1494 port on squid and changing the .ica file by updating the following:

ProxyType=Auto  
ProxyUseFQDN=On

The Citrix support chaps said that unless the client machine cannot directly resolve and connect (in other words, has a 'route') to your citrix server, it ain't gonna work.

Has anyone out there got this working? If you done it by adding routes to the client machine, could you please tell me how to do it too? :)

Thanks.

proxy