Dynamically Creating Java Keystores in OpenShift

Introduction

With a simple annotation to a service, you can dynamically create certificates in OpenShift.

Certificates created this way are in PEM (base64-encoded certificates) format and cannot be directly consumed by Java applications, which need certificates to be stored in Java KeyStores.

In this post, we are going to show a simple approach to enable Java applications to benefit from certificates dynamically created by OpenShift.

Continue reading “Dynamically Creating Java Keystores in OpenShift”

Share

Red Hat Developer Program introduces new topic on secure programming

A Ponemon Institute report showed that 71% of developers believed that security was not adequately addressed during the software development lifecycle. This figure is revealing as it demonstrates that developers view security as a development priority, yet you often feel unequipped to engage.

The relationship between security and developers has traditionally been like two teams competing at a tug-of-war. On one end, as developers, you are pulling to produce functional products as fast as possible. You don’t want to be told what to do and definitely do not want the security teams to get in the way of developing code. On the other end, security is pulling to ensure the product is as secure as possible.

Writing secure code should be at the top of your minds, especially given the number of application security breaches that find their way into the news. A critical first step is learning important secure coding principles and how they can be applied so you can code with security in mind.

The good news is that you have a great resource to help with secure programming! On the Red Hat Developer Program website, you will find numerous tools that can help you code with security in mind, such as:

Continue reading “Red Hat Developer Program introduces new topic on secure programming”

Share

OpenID Connect Identity Brokering with Red Hat Single Sign-On

Introduction

In this post, I will provide a walk through of how to set up Identity Brokering on an RH-SSO server.

Red Hat Single Sign-On (RH-SSO) provides Web single sign-on and identity federation based on SAML 2.0, OpenID Connect and OAuth 2.0 specifications.

For this tutorial, you will need:

  • An RH-SSO Instance.
  • A Web/Mobile Application with an OpenID Connect adapter.
  • An OpenID Connect Provider Server (Such as Keycloak) to be used as the 3rd Party Identity Provider.

Continue reading “OpenID Connect Identity Brokering with Red Hat Single Sign-On”

Share

Entropy in RHEL based cloud instances

According to Wikipedia, entropy is the randomness collected by an operating system or application for use in cryptography or other uses that require random data.

Entropy is often overlooked, misconfigured or forgotten and it can originate in sporadic errors whether it can be timeouts, refused connections, etc. Such errors are difficult to debug as the errors happen only when there is not enough entropy available.

This article tries to explain briefly how to check if this can be a problem in a RHEL system and how to fix it.

NOTE: This article is meant to provide some helpful hints about entropy. It is not meant to be exhaustive or definitive. There are hundreds of information sources on the Internet such as KCS articles; https://access.redhat.com/articles/221583 and https://access.redhat.com/solutions/19866 where this article is based. Check the bibliography section for more information.

Continue reading “Entropy in RHEL based cloud instances”

Share