Single Sign-On Using OKTA for Applications



Login to your Okta Account.

Click on Admin.


It will redirect to dashboard.

Click on Applications.


Click on Add Application.


Click Create New App.


Select SWA (Secure Web Authentication) and click Create.


Fill the Application details.


Click Finish.


Now Assign it by clicking Assign to People.


Select the Users whom you want to assign..


Click Save and Go Back.


Now go to My Applications.


Here you can see a message to install plugin.

Click Install Plugin.



Install Okta Secure Web Authentication Plug-in.


Now your Application is added successfully.


Give the Username and Password.


OKTA Connect any user to any application with primary and multi-factor authentication

Executive Summary: – Authentication is a crucial part of any application development. Whether you are developing an internal IT app for your employees – or building a portal for your partners – or exposing a set of APIs for developers building apps around your resources, Okta Platform can provide the right support for your projects.

Use Cases


Multi-Factor Authentication

API Access Management

Integrate Corporate Applications with Okta


  • Securely store user profiles, manage passwords, and organize users into groups with Okta’s Universal Directory.



  • Use your existing LDAP or Active Directory as your user profile master and password store. Deploy the Okta Agent to securely delegate authentication to AD or LDAP and sync user data to and from Okta.



  • Connect to any federated identity provider. Okta manages all federation trust relationships, handles diverse SAML implementations, and stores user profile information.



  • Use an existing database as your user profile master.
    Deploy the Okta Agent to securely sync user data to and from Okta.



  • Sync profile attributes and authenticate users from any social identity provider.



       Applications created in .NET   Java     JavaScript    PHP       Python are supported




  • User profile
  • Group membership
  • Network zone
  • Client
  • User or administrator consent
  • Complete standard-compliant support for OAuth 2.0
  • Proven compatibility with 3rd party API management solutions


Note: – Instantly revoke or update user permissions based on user status and profile.



Technical Architecture

  • Authentication – (OKTA Integration, OpenID or Any Corporate Directory, Application MFA Token)
  • Hardware Authentication – (Server SSH-Key, Passphrase, MFA Token)
  • Database Authentication – (MySQL Workbench access through SSH-Tunnel)

Below is a high-level architecture presentation on how to integrate enterprise applications with OpenID(IDP) and OKTA cloud along with multi-layer security and high availability(HA) features.

  • End user – OKTA integration.

– Create new OKTA cloud account

– Addtion of a new internal or cloud applications with OKTA Cloud.

– Add corporate users & their access control

– Adding MFA token authentication layer

(The Okta Platform gives you the flexibility to deploy Okta’s built-in factors, or integrate with existing tokens (Yubikey). Native factors include SMS, and the Okta Verify app for iOS and Android. Integrations include Google Authenticator, RSA SecurID, Symantec VIP, and Duo Security.)

  • Implement OpenID as IDP layer
  • Implementation & Configuration of HAProxy (Load Balancer)
  • NGINX (Reverse Proxy) Layer with High Availability(HA) option
  • Application/Web Server (SSH-Key + Passphrase + Password-MFA Token) access security.
    • SSH-Tunnel to Application Server created in proxy/jumphost server
    • Private SSH-Key for the proxy /jump host
    • Add the details of the local(proxy server) and remote(application server) ports and add the tunnel details
    • Access the application server through the (Proxy server) using (SSH-Key + Passphrase + Password-MFA Token) combination.
  • The database (MySQL- Percona) will setup an isolated DB network and can be accessed only through the “Standard TCP/IP over SSH-Tunnel” through through a whitelisted application/web server (Using MySQL Workbench or PhpMyAdmin Console)


Note:- Additional layer security for database servers is with SSH-KEY and a passphrase.

MySQL replication monitoring script


, ,

This short article explains how you can use a short script to check whether your MySQL master master replication is working or not and how to get the mail notification when it isn’t.
Needless to say the mail service should be enabled on the server to facilitate carrying out of this job.

MySQL login paths are used here for logging in for better safeguarding of usernames and password. To know more about this, check this MySQL documentation page on it.

# Checks MySQL Replication status. Sends user(s) a notification when the replication goes down. 
MasterHost="DB master server"
SlaveHost="DB slave Server"
emails="" #multiple emails space separated
Subject="Replication status - Down"
#Grab the lines for each and use Gawk to get the last part of the string(Yes/No)
SQLresponse=`mysql --login-path=local -e "show slave status \G" |grep -i "Slave_SQL_Running"|gawk '{print $2}'`
IOresponse=`mysql --login-path=local -e "show slave status \G" |grep -i "Slave_IO_Running"|gawk '{print $2}'`
    if [ "$SQLresponse" = "No" ]; then
    error="Replication on the slave MySQL server($SlaveHost) has stopped working. Slave_SQL_Running: No"
    if [ "$IOresponse" = "No" ]; then
    error="Replication on the slave MySQL server($SlaveHost) has stopped working. Slave_IO_Running: No"
    # If the replication is not working
    if [ $status = 1 ]; then
    for address in $emails; do
    echo -e $error | mail -s "$Subject" $address
    echo "Replication down, sent email to $address"

Setup a cron job to run this script every five or ten minutes to get the notification whenever the replication goes down.

The wait is over. We are proud to announce the launch of OMegha™ Public Cloud straight from our labs


, , , , , , , ,

IT industry most of the time stays in a bubble of buzzwords and one such buzzword of recent times is “CLOUD”. You will find people using this “CLOUD” in every conversation they strike. Now, just ask them what is a “CLOUD” and what do you do with “CLOUD” and the response would another set of buzzwords “OPEX”, “CAPEX”, “AWS”, “IaaS”, “PaaS” & “SaaS” and of course “COST SAVING” and “SECURITY”.

Now, this is the chance for all wanna-be cloud engineers, cloud technologists/architects and IT DevOps managers and Operations team members to understand what a real “CLOUD” looks-like and what is good and bad about it and how to utilize only good things by adopting the so called “CLOUD”

InfraStack-Labs is conducting a one day workshop on Dec 10th 2016 



Watch this space for registrations.

More Info :-

Odoo : How To Migrate the PostgreSQL Database To A New Server


, , , , , ,


Application Server   -  Odoo Server
Database Server      -  Postgresql Server

In Database server

Install postgresql

#  sudo apt-get update
# sudo apt-get install postgresql postgresql-contrib postgresql-client

Create odoo user

# createuser --superuser odoo

Create database

# createdb omegha-odoo

Now login to psql

# psql

Change the ownership of database to odoo user.

postgres-# ALTER DATABASE "omegha-odoo" OWNER TO odoo;

Edit the following configuration files


# -----------------------------
# PostgreSQL Client Authentication Configuration File
# ===================================================

# IPv4 local connections:
host    all     all        trust


# -----------------------------
# PostgreSQL configuration file
# -----------------------------

listen_addresses = '*'

Restart postgresql service

# service postgresql restart

In Application Server

 Edit the following configuration file


db_host = <ip-address of the database server>
db_name = omegha-odoo
db_password = 
db_port = 5432
db_user = odoo

# service odoo restart

Installing Odoo 8 in Ubuntu


Odoo (formerly known as OpenERP ) is a suite of open core enterprise management applications. Targeting companies of all sizes, the application suite includes billing, accounting, manufacturing, purchasing, warehouse management, and project management.

Installing Odoo

Step  1 – Adding apt repository

Open your system terminal window and execute the following commands as root.

The user need to add repository to install required packages for Odoo.  Use the following commands for adding Odoo apt repositories.

# wget -O - | apt-key add -# echo "deb ./" >> /etc/apt/sources.list

Step 2 – Installing Odoo

 Now update the apt repository and install Odoo.

 # apt-get update && apt-get install odoo

Step 3 – Cloning Odoo files

Clone the Odoo files on your server.

# git clone

Step 4 – Restart the Service

Now restart the Odoo service.

# sudo service odoo restart

Resetting the webERP password for admin user

webERP will have a default user admin with password ‘weberp’. If one has changed the default password and then later forgot it, the easiest way to login again is by resetting the admin password.

To reset the admin password, we’ll have to create a .php file named passwordreset.php in the webERP folder.

$ cd /var/www/html/webERP
$ sudo vi passwordreset.php

Add the content

$db = mysqli_connect($Host, $DBUser, $DBPassword, 'put-company_name-here',  $DBPort);
$Result = mysqli_query($db, "UPDATE www_users SET password='".password_hash('weberp',PASSWORD_DEFAULT)."' WHERE userid='admin'");

Save the content.

PS: You’ll have to put the webERP company name here in this .php file.

Go to web browser. Run this .php file.

For eg: Put ‘server-ip-address’/webERP/passwordreset.php in the url field

After running this, password for the user ‘Admin’ will have changed to ‘weberp’.

Login using these credentials, we can go to Main Menu> setup> users maintenance to change the password we want to use.


How to Install phpMyAdmin on Ubuntu 14.04


, , , ,

Prerequisites for installing phpMyAdmin

  • PHP 5
  • Apache 2
  • MySQL


  • Take your system terminal window and run the following command to install LAMP stack on your system
  • Lamp stack comes bundled with all three components (Apache, MySQL, PHP)
# sudo apt-get install lamp-server       
  • During the installation process, you should see a pop up window asking to set root the password for MySQL.
  • Now Install phpMyAdmin
 # apt-get -y install phpmyadmin
  • During installation process, you will see a pop up window asking a  few simple questions regarding the basic configuration of phpMyAdmin.
  • At the first screen, select apache2 by using the space bar, then hit enter to continue.


  • At the second screen, which asks “configure the database for phpmyadmin with dbconfig-common?”, selectYes, then hit enter to continue.


  • At the third screen enter your MySQL password, then hitenter to continue.


  • And finally at the fourth screen set the password you’ll use to log into phpmyadmin, hitenter to continue, and confirm your password.


  • Now configure Apache
 # vi /etc/apache2/apache2.conf
  • Add the following lines in bottom of file
   # phpMyAdmin Configuration 
    Include /etc/phpmyadmin/apache.conf
  • Restart the apache service
   # service apache2 restart



webERP login error : Solved


, , ,

ERROR:  “Too many failed login attempts. You will have to see an authorised person to obtain access to the system”

This is an error that sometime pops up in webERP when you’ve entered the wrong user details a few times wrongly. This is a self protecting attribute of webERP which will ensure that the user in place will be blocked from entering again until an authorised person grants user the access to the system.

If you think you’re unfairly treated and have access to the MySQL database of the application there’s a away to get around this problem.

Login to MySQL database and select the webERP database you’re using.

 mysql > use weberp ;

Open the www_users table in the database which contains all the details about the users created in the databases

mysql > desc www_users ;


mysql > select * from www_users ;

This will give the list of of users in the database and their attributes.

Here the value in ‘Blocked’ field of the user who’s having difficulties logging in will be 1.

By changing the binary value to 0, one can change the status of this user. To do that

mysql > update www_users set Blocked = 0 where userid = 'user_here';

Try logging in with the correct password again, and this time it’ll be working without any issues.

Migrating a MySQL Database To Another Server


, , , , ,

Running a web application and database in two different servers in the same datacentre is a good way to scale the environment to handle more traffic and add more uniformity. For this there needs to be a database server (MySQL server installed) that can handle all database functions of the web application server.

To carry out this we need to

  1. a) Migrate existing database in the web server to new database server
  2. b) Reconfigure the web application to connect to new database

Migrating Existing Database To Database Server

For this the database server needs to have MySQL database server running in it.To know how to install MySQL server click here

By default the MySQL database is configured to listen to the localhost ( only. To configure this database server to listen all public addresses that can connect to it, open MySQL configuration for editing:

 $ sudo vi /etc/mysql/my.cnf

Edit the line file:

 bind-address       =

Replace with asterisk

 bind-address       = *

If you’re configuring the database server for only this web-application server, it’s more secure to give the IP address as bind-address. In that case

 bind-address       = 'web-server-IP'

To apply the changes, save the configuration file and restart the MySQL service.

 $ sudo service mysql restart


Export Backup of Original MySQL Database

We need to export a backup of original MySQL database in the web-server, which will be used to migrate to the new database. Before taking the backup of the data, stop the web-application server to prevent attempted updates to the existing database during the migration process.

For this you need to create a data snapshot. There are different methods to create the database snapshot, depending on the size of the database and the location of the files.

  1. a) Create a snapshot using mysqldump
  2. b) By copying the data files directly.

Before that flush all the tables and block write statements by executing

mysql > flush tables with read lock;
mysql > SET GLOBAL read only = ON ;

To create data snapshot we’re going to use mysqldump

 $ sudo mysqldump -uroot -p web-database > backup.sql

Here web- database being the original MySQL database in the web-server you want to migrate to database server

Copy tkup database file to the database server using scp:

 $ sudo scp backup.sql user@database-server:/tmp

Import Original Database Into Database Server

To import the original MySQL web-server database into database server

On Database server,

 mysql -u root -p < /tmp/backup.sql

All of the original MySQL database data and users are copied over to the database server. For Web-server to access the database server, the database server needs to have users that have the same privileges as the original ones in web-server.

You will have to create new users with a “host” value that matches the web-server’s IP address.

For this, create a new user with the same name as in the web-server but change its host to the IP address of the web-server. Password should remain the same.

CREATE USER 'inouser'@'web-server-IP’ IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON 'web-database'.* TO 'inouser'@'web-server-IP';

The new database server is now migrated and configured. To connect to the database server, the web application configuration file needs to be updated. The configuration files reside in different locations for different applications. For inoERP application, the configuration file is seen in /var/www/html/inoERP-master/inoerp/includes/basics/settings as file.

Open inoERP configuration:

$ sudo vi /var/www/html/inoERP-master/inoerp/includes/basics/settings/

Look for the following lines:

define("DB_SERVER", "localhost");

Replace localhost with the IP address of the database server.

define('DB_HOST', ‘Database-server-IP-address’);

There’s no need to change the user or password as they were recreated in the database server.

The database migration is complete and the application now should be able to use the MySQL database running in a different server (Database server).

To verify that, access the application using the web browser.