I’ve been playing around with various integrations and decided to knock up a simple Twitter bunkup where you can login to a very simple Sinatra app using Twitter and send a tweet to say so. It’s very very simple as I wanted to concentrate on the Twitter integration rather than the app functionality. So how do you do it? First thing you need is a Sinatra app. I use rvm to manage dependencies so I like to create a .rvmrc file that loads the appropriate gemset whenever I cd into the directory:
The above will create a twitterauth directory, create a twitterauth gemset, install the required gems (note the high security on the twitter gem as it can do all sorts of things with your twitter account if you let it) and create an rvm .rvmrc file in the directory that will do the equivalent of rvm use 1.9.3@twitterauth every time you cd into it. The first time you cd in you’ll see gubbins about running the script for the first time and you have to choose to do so. After that it’s seamless and the gemset is loaded without any interaction.
At the moment, Matrix provisioning which is based on Apache ActiveMQ has been trundling along for some time with some basic reporting. So recently I sat down with some quality coffee and some new experience of MongoDB to come up with a way of easily finding out the status of accounts. The current setup for provisioning Blackboard using ActiveMQ is shown below:
So I have this interesting scenario to deal with. Users from a nightly ingest or real time via the Matrix Provisioning system need to be created in Blackboard and associated with specific roles depending on where they are located. It’s a run of the mill integration scenario so how did I deal with it? Here’s the big picture.
In this tutorial I show how to install the Internet2 Shibboleth IdP, link its authentication to LDAP, customise its login page and use custom certificates. I’ll be using SAML2 rather than Shibboleth as that’s the main use case these days and installing on unix (OS X in my case). For an overview of the relationship between Shibboleth and SAML you could do worse than read my contribution to the SCURL Walk In Access Report which tries to clear up the confusion that can arise when people talk about Shibboleth and SAML. It’s on page 30, Section 3.1 Security Assertion Markup Language of the PDF report. You’ll also register and test your new IdP with the TestShibb2 service and hopefully along the way keep your sense of humour while dealing with middleware configuration. What’s that about coffee break though? Surely it takes more than 15 minutes to install a Shibboleth IdP? Well, it took me about an hour the first time, what with having to search around for how to do the various things but after blowing it away and doing it again, it did take about 15-20 minutes. Enough time for a refreshing brew. So, let us begin…
I’ve made a SAML2 related release of the IdP to address a vulnerability discovered by Andreas Mayer (Adolf Würth GmbH & Co. KG), Vladislav Mladenov, Marcus Niemietz, and Joerg Schwenk from Horst Görtz Institute for IT Security (Ruhr-University Bochum). The release addresses the case where the Attribute Consumer Service URL and Binding are specified in the Request but are not checked against metadata. I’ve changed this so that WebBrowserSSOAuthHandler validates the requested ACS URL and Binding against the Service Provider’s metadata. Many thanks to Andreas and colleagues for the information.
The Guanxi IdP 2.2.6 release is available from GitHub.
In this tutorial I’ll show you how to start with a completely blank SD card, a card reader and an internet connection and end up sending email from your Raspberry Pi (RPi) using Ruby and GMail. The instructions for burning the RPi image to disk are for OS X but there are a ton of tutorials for doing it on Windows. See the References section at the end of the tutorial for instructions on how to burn on Windows.