Red Hat Logo

A Decade in the Open Organization

This article is written as opinion. The opinions expressed within are solely those of the author, and do not represent the views of Red Hat.


10 years ago, I started my first day at Red Hat by relocating geek toys and Despair posters to my new work-home. This was back in the days when floor-to-ceiling office walls were a thing. While the cubicles were closed, I was amazed at how the organization was open… and honestly was a little concerned. 

Continue reading “A Decade in the Open Organization”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

How Red Hat re-designed its Single Sign On (SSO) architecture, and why.

Red Hat, Inc. recently released the Red Hat SSO product, which is an enterprise application designed to provide federated authentication for web and mobile applications.

In the SAML world, RH SSO is known as an Identity Provider (IdP), meaning its role in life is to authenticate and authorize users for use in a federated identity management system. For example, it can be used to authenticate internal users against a corporate LDAP instance such that they can then access the corporate Google Docs domain.

Red Hat IT recently re-implemented our customer-facing authentication system, building the platform on Red Hat SSO. This system serves all Red Hat properties, including www.redhat.com and access.redhat.com — our previous IdP was a custom-built IdP using the JBoss EAP PicketLink framework.

While this worked for the original SAML use-case, our development teams were seeking an easier integration experience and support for OAuth and OpenID Connect protocols. Red Hat SSO comes out of the box with full SAML 2.0, OAuth 2.0 and OpenID Connect support.  Re-implementing the IdP from the ground-up gave us a chance to re-architect the solution, making the system much more performant and resilient.  While outages were never really acceptable in the past, our customers now expect 24/7 uptime.  This is especially true with Red Hat’s increased product suite, including hosted offerings such as OpenShift Online.

Continue reading “How Red Hat re-designed its Single Sign On (SSO) architecture, and why.”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

Account Management with JBoss BPM Suite

Red Hat’s IT department recently deployed JBoss BPM Suite to handle automated process workflow. JBoss BPM Suite is officially defined as:

An open source business process management suite that combines Business Process Management and Business Rules Management and enables business and IT users to create, manage, validate, and deploy Business Processes and Rules.

IT’s immediate use case is to replace our aging account management system, which is essentially a collection of perl and python scripts.  Some of these date back to the turn of the millennium. These scripts had the responsibility of handling all aspects of user life cycle management, including:

  • Pulling user data from the HRMS
  • Creating the user LDAP object
  • Creating the user group LDAP object
  • Creating application accounts (home directories, mailboxes, etc)
  • Updating LDAP objects with HRMS changes
  • Closing user accounts and removing LDAP objects upon termination
  • Syncing account information with third party systems (SaaS vendors, etc)

These legacy scripts would perform SQL queries directly against multiple data sources and call LDAP operations, application command line tools and make API calls. While this system worked well for many years, maintenance became an incredible burden. In essence, only one person knew the account automation system. New application integration requests would have to wait months for resources to free up. For applications allowing direct API integration, that meant some pour soul (me) would have to spend a fair amount of time just figuring out how this new application worked and what API calls were necessary. Moreover, when a vendor would suddenly change their API, that meant something was broken until there was time to fix it. The result was Service Desk team having to perform hundreds of manual operations in the mean time. Essentially, the maintainer could not scale with demand, let alone have the time to become an expert in every new application.

Continue reading “Account Management with JBoss BPM Suite”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

Summit Live Blog: Middleware security: Authentication, authorization, and auditing services

As you would expect, security is a key focus for Red Hat.  Secure by default is more than a goal, it is a guiding principle across all product lines.  Middleware is no exception and there are some amazing things going on in this space. Divya Mehra and Vikas Kumar of Red Hat walked us through some of the recent innovations, including the recently released Red Hat SSO, product built upon KeyCloak. Derek Walker of SWIFT also spoke about how the leading financial system message broker relies upon JBoss Fuse for secure messaging.

IMG_6237

Security is one of the most important topics in computing today, it can be separated into three key pillars and further mapped into middleware features:

  • Confidentiality
    • Authentication
    • Authorization
  • Integrity
    • Audit logging
    • non-repudiation
  • Availability
    • Clustering
    • Guaranteed Delivery

In short, Red Hat JBoss Middleware is secure and open source throughout the entire product line, giving customers increased assurances, such as:

  • Known, fully open source components
    • built securely from source
  • Proactive security notifications and fixes
  • Standards-based
    • OpenJDK
    • SAML 2.0, Kerberos, OpenID Connect
    • TLS, WS-security

Red Hat SSO is the newest member of this product line, providing a brand new server for complete identity management federation:

  • SAML 2.0
  • OpenID Connect
  • OAuth 2.0

It also comes with client adapters, allowing customers to easily integrate their applications with Red Hat SSO or other standard-compliant identity provider.

Red Hat SSO server is a complete, stand-alone product and is Red Hat’s solution for web-based federation.  It can interface with Red Hat Identity Management (IdM) for integration with internal corporate identity management.  It can also work with Active Directory and plain LDAP.  There is native OpenStack and OpenShift integration with Red Hat SSO coming down the line as well.

Continue reading “Summit Live Blog: Middleware security: Authentication, authorization, and auditing services”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 


DevNation is now part of Red Hat Summit.  See www.redhat.com/Summit.  Red Hat Summit is for developers!


Download and learn more about Red Hat JBoss Fuse, an innovative modular, cloud-ready architecture, powerful management and automation, and world class developer productivity. It is Java™ EE 7 certified and features powerful, enterprise-grade features such as high availability clustering, distributed caching, messaging, transactions, and a full web services stack.

DevNation Live Blog: Meet the assertable Chaos Monkeys for your Docker system

The production system has been targeted by troublesome random failures over a long period of time, and countless hours of debugging has yielded no valuable results. We’re close to throwing in the towel. An army of Chaos Monkeys has been deployed in an attempt to force the issue, but no solution is in sight. We need to take back control. It’s time to meet the assertable Chaos Monkey, Arquillian Cube Q. Arquilian Cube Q is an extension that gives you full control over a production-like system right from the comfort of your IDE. In this session, we’ll explore some of the things you can do when you have control over the whole system. We’ll validate scalability and connectivity, assert the failure state, enforce service responses, and more.

Asl

Continue reading DevNation Live Blog: Meet the assertable Chaos Monkeys for your Docker system

DevNation Live Blog: Agile is a four-letter word

“Based on a wide variety of surveys taken over recent years, many companies are transitioning to something that looks more like Agile than the processes they were using in previous years. However, that transition doesn’t necessarily mean implementations have been done respectfully of the Agile Manifesto and the principles behind it. In large part, industry trends seem to indicate that the sloganization of the word has done a significant disservice to the ideas that were originally founded in 2001. To add even more pain, most people seem to be entirely unaware of the core basis of Agile which is the idea to embrace change but inspect and adapt to that change. Are we lost as an industry? Is there anyway we can recover from this problem? In this session, attendees can expect to engage in a conversation about the rise of the Agile community, the negative and positive impact it has had on the industry, and how you individually can help your organizations and teams lower the risk of encountering the negative problems, and speed your way towards the positives. Topics will include:

DevNation Live Blog: Cryptography: What every application developer needs to know

Cryptography is something that technical folks either get excited over or completely tune out.  There does not seem to be much of a middle ground.  That said, cryptography is such an essential component of modern life that without it, the Internet and many, many companies would crumble.

Continue reading DevNation Live Blog: Cryptography: What every application developer needs to know

DevNation Live Blog: You’ve got microservices… Let’s secure them

KeyCloak is the upstream project for the newly released Red Hat Single Sign On (SSO) product.  The project and product goes well beyond a traditional SAML Identity Provider, supporting federation protocols such as OAuth 2.0 and OpenID Connect.  While it is built upon JBoss EAP 7, both KeyCloak and RH-SSO are designed to be standalone systems for providing website authentication and authorization services.  In fact, Red Hat believes in RH-SSO so much, that we just switched the authentication system for the high traffic Red Hat properties to use this new product (more on this tomorrow).

Continue reading DevNation Live Blog: You’ve got microservices… Let’s secure them