OAuth2 Intro

Posted on May 15, 2012 in OAuth

OAuth is an open protocol that allows users to share their data to a third part application without exposing the user’s password.

“Many luxury cars come with a valet key. It is a special key you give the parking attendant and unlike your regular key, will only allow the car to be driven a short distance while blocking access to the trunk and the on board cell phone. Regardless of the restrictions the valet key imposes, the idea is very clever. You give someone limited access to your car with a special key, while using another key to unlock everything else.”

Read More

Installing node.js in CentOS 6

Posted on Apr 22, 2012 in LINUX

wget http://nodejs.tchol.org/repocfg/el/nodejs-stable-release.noarch.rpm
yum localinstall --nogpgcheck nodejs-stable-release.noarch.rpm
yum install nodejs-compat-symlinks npm
rm nodejs-stable-release.noarch.rpm
Read More

SiteMinder – Login Time as a Responce header

Posted on Jan 10, 2012 in SiteMinder

You can create a response header using the %SM_USERLASTLOGINTIME variable.



This attribute holds the time, using GMT, that the user last logged in and was authenticated. This response attribute is only available for an OnAuthAccept authentication event. This attribute has value only when both of the following conditions are true:


Password Services is enabled.

The user has logged in through SiteMinder at least once.

Read More

OpenToken – Introduction

Posted on Nov 22, 2011 in OpenToken (OTK)

OpenToken (OTK) is a format to pass user information between applications over HTTP.  The exchange can happen over cookies, query parameter or posts.  A common use case is in conjunction with PING Federate when you are trying to federate to an external vendor where there is no out of the box adapter for your SSO solution and you don’t want to create an adapter for PING federate.

Read More

SiteMinder – SMSESSION format

Posted on Nov 10, 2011 in SiteMinder

When Siteminder Generates SMSESSION cookie it will first be encrypted using RC4 encryption.  After encrypting the cookie it is URL encoded.

Read More

Kerberos – Presentation

Posted on Oct 19, 2011 in Kerberos, Simplified Sign On (SSO)

Kerberos is a secure method for authenticating a request for a service in a computer network.

Read More

Query an LDIF

Posted on Sep 10, 2011 in LDAP

run an LDAP query against an LDIF

Save the script below as ldif.query.pl you can run the script as follows

./ldif.query.pl <LDIF> “<query>”

for Example, if searching an LDIF named prod.ldif for an objectclass named eduperson, you would run the following

./ldif.query.pl prod.ldif “(objectclass=eduperson)”

Read More