Siddhartha De

Recent Posts

Configuring NGINX for OAuth/OpenID Connect SSO with Keycloak/Red Hat SSO

Configuring NGINX for OAuth/OpenID Connect SSO with Keycloak/Red Hat SSO

In this article I cover configuring NGINX for OAuth-based Single Sign-On (SSO) using Keycloak/Red Hat SSO. This allows the use of OpenID Connect (OIDC) for federated identity. This configuration is helpful when NGINX is acting as a reverse-proxy server for a backend application server, for example, Tomcat or JBoss, where the authentication is to be performed by the web server.

In this setup, Keycloak will act as an authorization server in OAuth-based SSO and NGINX will be the relaying party.  We will be using lua-resty-openidc, which is a library for NGINX implementing the OpenID Connect relying party (RP) and/or the OAuth 2.0 resource server (RS) functionality.

Continue reading “Configuring NGINX for OAuth/OpenID Connect SSO with Keycloak/Red Hat SSO”

Share
Elytron: A New Security Framework in WildFly/JBoss EAP

Elytron: A New Security Framework in WildFly/JBoss EAP

Elytron is a new security framework that ships with WildFly version 10 and Red Hat JBoss Enterprise Application Platform (EAP) 7.1. This project is a complete replacement of PicketBox and JAAS. Elytron is a single security framework that will be usable for securing management access to the server and for securing applications deployed in WildFly. You can still use the legacy security framework, which is PicketBox, but it is a deprecated module; hence, there is no guarantee that PicketBox will be included in future releases of WildFly. In this article, we will explore the components of Elytron and how to configure them in Wildfly.

The Elytron project covers the following: 

  • SSL/TLS
  • Secure credential storage
  • Authentication
  • Authorization

In this article, we are going to explore using SSL/TLS in WildFly with Elytron.

Continue reading “Elytron: A New Security Framework in WildFly/JBoss EAP”

Share
Enabling SAML-based SSO with Remote EJB through Picketlink

Enabling SAML-based SSO with Remote EJB through Picketlink

Lets suppose that you have a remote Enterprise JavaBeans (EJB) application where the EJB client is a service pack (SP) application in a Security Assertion Markup Language (SAML) architecture. You would like your remote EJB to be authenticated using same assertion which was used for SP.

Before proceeding with this tutorial, you should have a basic understanding of EJB and Picketlink.

Continue reading “Enabling SAML-based SSO with Remote EJB through Picketlink”

Share
SSL Testing Tool

SSL Testing Tool

If you have a large number of servers, which are configured with SSL/TLS and you are out of track on their certificate validity, now all of sudden you are worried if some of the certificates are expired.

Or if I think in some other scenario where you are required to understand underlying SSL/TLS configuration of your servers e.g. CipherSuits, Protocols, etc.

Yes, in the traditional way, you can get all the information of your SSL/TLS configuration by login into an individual server and check the certificates but it is very difficult if your environment size is very high.

To overcome this problem, I have to build a tool, which will give you all required details.

Continue reading “SSL Testing Tool”

Share
Integrating WebSphere MQ with JBoss Enterprise Application Server

Integrating WebSphere MQ with JBoss Enterprise Application Server

Once I worked on a project where in the existing environment I needed to configure the JBoss Enterprise Application Server to communicate with WebSphere MQ where the WebSphere MQ was supposed to be communicating with Mainframe system using cluster queue of WebSphere.  Initially I was blind, as I was not able to understand how I could configure JBoss to communicate with MQ. But after some research, I came to learn that it is possible to integrate JBoss with WebSphere MQ and an application deployed in JBoss can directly put the message in WebSphere MQ.

If you’re very familiar with JBoss and it’s architecture, you can complete this task by creating new subsystem and corresponding extension. Before you start configuring JBoss, you need to install the adaptor of WebSphere MQ in JBoss. One can find the JBoss adaptor from WebSphere MQ library, the file name is wmq.jmsra.rar.

Here are the steps for configuring an application to put the message in WebSphere MQ via JBoss Enterprise Application Server.

Continue reading “Integrating WebSphere MQ with JBoss Enterprise Application Server”

Share

Using the operating system to authenticate users on Red Hat JBoss Enterprise Application Platform (EAP) ?

Recently, I was searching for a solution to configure the security domain of Red Hat JBoss Enterprise Application Platform with the local operating system based user registry so that the application could directly authenticate its users with local operating system users. I understood that it would be difficult to implement a generic solution, as authentication mechanisms are strikingly different between Windows and Unix/Linux.

After checking several blogs and forums, I decided to implement this using JPAM for Unix/Linux and Waffle for Windows.

Editor’s note: JBoss Enterprise Application Platform is available at no cost for developers who sign up for the Red Hat Developer program (100% free.)

Continue reading “Using the operating system to authenticate users on Red Hat JBoss Enterprise Application Platform (EAP) ?”

Share