authentication
How to try out web application using multiple logins at once
I am developing a web application that uses JWT tokens to authenticate users which have different roles. In order to test the application I would need to switch between different user's accounts, ideally without switching browser. Is it possible to constrain session data to a tab so that I can login to my application as different users from different tabs using the same browser?
Taggings:
How to secure a Web application?
I wanted to implement an user authentication without changing the given web application.
The solution was to use the Open Source Identity and Access Management tool „Keycloak“ in combination with the “GateKeeper” proxy service, Docker and the Reverse Proxy „Traefik“ to authenticate user with the Gatekeeper against the Keycloak container.
Setting up a Linux Server to use LDAP for Samba, SSH
The main issue is that Samba and SSH do not use LDAP directly, instead you have to use the technologies NSS and PAM which will then access the LDAP system. So in order to set up two systems, about 5 systems have to be set up, which seems difficult and I was not able to find proper documentation about the whole process yet.
Taggings:
Using Ubuntu Linux to spoof MAC address
Since MAC address authentication is based on the MAC address we need to change the MAC address to an address that is not in the list of allowed MAC addresses of the WiFi access point.
Usually the MAC address is fixed in hardware but most operating systems allow you to change the address.
To change the MAC address in Ubuntu Linux follow these steps:
- use the command
ifconfig wlan0to look up your old IP address, write it down. - shut down WiFi
sudo su
ifconfig wlan0 down - change the MAC address
ifconfig wlan0 hw ether 00:11:22:33:44:55 - start WiFi
ifconfig wlan0 up
Test MAC authentifaction of a WiFi access point.
When a new WiFi access point is set up several security relevant configuration options have to be changed.
First password authentication through WPA/PSK is enabled.
Additionally MAC address authentication can be enabled to provide access only to certain machines which have thir MAC address entered in a list of known MAC addresses.
The goal is to test if this feature was correctly enabled.
WS-Security Username Token Authentication
- On the server-side you have to initialise your webservice.
- The intercepters can be configured by adding a HashMap with specific values to the WSS4JInInterceptor-instance. You also need, if you're using Apache CXF <=2.0, an SAAJInInterceptor-instance.
- To add the interceptors you have to determine the endpoint of the service.
- On the client-side you have to do the same steps but with out-interceptors (SAAJOutInterceptor as well as WSS4JOutInterceptor).
- On both sides you need PasswordHandlers which are callback-classes/methods to verify/set the login-credentials.
How can the creation of WCF or ASMX Web Services be simplified at high quality level?
<p> </p><p style="margin: 0.0px 0.0px 0.0px 0.0px; line-height: 20.0px; font: 12.0px Verdana; color: #494949;">Is there a way to increase the speed of overall web service development using .NET and preferrable WCF. This overall procedure should include the implementation, the testing, the support for documentation and the maintenance and feature extending in the future.</p> <p style="margin: 0.0px 0.0px 0.0px 0.0px; line-height: 20.0px; font: 12.0px Verdana; color: #494949; min-height: 15.0px;"> </p> <p style="margin: 0.0px 0.0px 0.0px 0.0px; line-height: 20.0px; font: 12.0px Verdana; color: #494949;">Automatic code generation (server & client) using patterns or strict conventions is preferred due to an easier communicatable result, because we use web services in way that they the user easily recognizes which parameters are requested and which are returned without searching through structures and procedures. The generation of tests should be possible at least on "Test shell" basis that can be completed. The generation should never remove own written code.</p><p style="margin: 0.0px 0.0px 0.0px 0.0px; line-height: 20.0px; font: 12.0px Verdana; color: #494949;"> </p><p style="margin: 0.0px 0.0px 0.0px 0.0px; line-height: 20.0px; font: 12.0px Verdana; color: #494949;">Additonally, the code generation should be possible for WCF and classical (ASMX) Web Services using the same input values. </p><p style="margin: 0.0px 0.0px 0.0px 0.0px; line-height: 20.0px; font: 12.0px Verdana; color: #494949;"> </p><p style="margin: 0.0px 0.0px 0.0px 0.0px; line-height: 20.0px; font: 12.0px Verdana; color: #494949;">Naturally, we do not want to use the configurability of web services. It must be able to create unsecured / open web services without authtentication, but it should also be possible to secure them. Several different binding variants are used in our system at the moment and we typically publish our services several times on different machines addressing different users. This should be easier to configure and use in the future. </p><p style="margin: 0.0px 0.0px 0.0px 0.0px; line-height: 20.0px; font: 12.0px Verdana; color: #494949;"> </p><p style="margin: 0.0px 0.0px 0.0px 0.0px; line-height: 20.0px; font: 12.0px Verdana; color: #494949;"> </p><p> </p>
Taggings:
Connecting an Authentication Server to a Drupal Content Management System
For my Ph.D. thesis I need a community portal, which supports students to share their experience about internet technologies. It turned out, that the content management system Drupal is a perfect fit to fullfill the given requirements. As usual for a content management system, Drupal also has its own user management function. This means, that students have to register before they may produce content on the portal. Although TechScreen is a software system on a prototype level, it is yet hosted on a server inside the TU computer network. Therefore it is expected to provide a login procedure, which makes use of the students TU credentials. So the big question is, how to connect the TechScreen system to the TU authentication server.
Taggings:
