Integrating SAML Applications with Okta

Tags

Okta, Open Source, SAML, SSO

 

• Login to Okta

• Click on Admin tab.

• Select Applications from dashboard.

• Click on Add Applications.

• Click on Create New App.

• Select SAML.2.0 and click Create.

• Give App name and click Next.

• Enter the URL of your Application and add Attribute Statements.

• Click Next.

• Select I’m an Okta customer adding an internal app.
• Check This is an internal app that we have created box and click Finish.

• Click on People.

• Click on Assign to People and assign it to the user.

• Now go to My Applications.

• Open the Application.
• Enter your Credentials .
• Now Okta Extension will pop to save credentials in Okta.
• Click Save Password.

Single Sign-On Using OKTA for Applications

 

Login to your Okta Account.

Click on Admin.

It will redirect to dashboard.

Click on Applications.

Click on Add Application.

Click Create New App.

Select SWA (Secure Web Authentication) and click Create.

Fill the Application details.

Click Finish.

Now Assign it by clicking Assign to People.

Select the Users whom you want to assign..

Click Save and Go Back.

Now go to My Applications.

Here you can see a message to install plugin.

Click Install Plugin.

Install Okta Secure Web Authentication Plug-in.

Now your Application is added successfully.

Give the Username and Password.

OKTA Connect any user to any application with primary and multi-factor authentication

Executive Summary: – Authentication is a crucial part of any application development. Whether you are developing an internal IT app for your employees – or building a portal for your partners – or exposing a set of APIs for developers building apps around your resources, Okta Platform can provide the right support for your projects.

Use Cases

Authentication

Multi-Factor Authentication

API Access Management

Integrate Corporate Applications with Okta

       Okta

• Securely store user profiles, manage passwords, and organize users into groups with Okta’s Universal Directory.

 

       ACTIVE DIRECTORY & LDAP

• Use your existing LDAP or Active Directory as your user profile master and password store. Deploy the Okta Agent to securely delegate authentication to AD or LDAP and sync user data to and from Okta.

 

       FEDERATED IDENTITY PROVIDER

• Connect to any federated identity provider. Okta manages all federation trust relationships, handles diverse SAML implementations, and stores user profile information.

 

       DATABASE

• Use an existing database as your user profile master.
  Deploy the Okta Agent to securely sync user data to and from Okta.

 

       SOCIAL IDENTITY PROVIDER

• Sync profile attributes and authenticate users from any social identity provider.

 

 

       Applications created in .NET   Java     JavaScript    PHP       Python are supported

 

       CREATE AUTHORIZATION POLICIES BASED ON:

 

• User profile
• Group membership
• Network zone
• Client
• User or administrator consent
• Complete standard-compliant support for OAuth 2.0
• Proven compatibility with 3rd party API management solutions

 

Note: – Instantly revoke or update user permissions based on user status and profile.

 

 

Technical Architecture

• Authentication – (OKTA Integration, OpenID or Any Corporate Directory, Application MFA Token)
• Hardware Authentication – (Server SSH-Key, Passphrase, MFA Token)
• Database Authentication – (MySQL Workbench access through SSH-Tunnel)

Below is a high-level architecture presentation on how to integrate enterprise applications with OpenID(IDP) and OKTA cloud along with multi-layer security and high availability(HA) features.

• End user – OKTA integration.

– Create new OKTA cloud account

– Addtion of a new internal or cloud applications with OKTA Cloud.

– Add corporate users & their access control

– Adding MFA token authentication layer

(The Okta Platform gives you the flexibility to deploy Okta’s built-in factors, or integrate with existing tokens (Yubikey). Native factors include SMS, and the Okta Verify app for iOS and Android. Integrations include Google Authenticator, RSA SecurID, Symantec VIP, and Duo Security.)

• Implement OpenID as IDP layer
• Implementation & Configuration of HAProxy (Load Balancer)
• NGINX (Reverse Proxy) Layer with High Availability(HA) option
• Application/Web Server (SSH-Key + Passphrase + Password-MFA Token) access security.
  • SSH-Tunnel to Application Server created in proxy/jumphost server
  • Private SSH-Key for the proxy /jump host
  • Add the details of the local(proxy server) and remote(application server) ports and add the tunnel details
  • Access the application server through the (Proxy server) using (SSH-Key + Passphrase + Password-MFA Token) combination.
• The database (MySQL- Percona) will setup an isolated DB network and can be accessed only through the “Standard TCP/IP over SSH-Tunnel” through through a whitelisted application/web server (Using MySQL Workbench or PhpMyAdmin Console)

 

Note:- Additional layer security for database servers is with SSH-KEY and a passphrase.

MySQL replication monitoring script

Tags

Database, MySql, Replication

This short article explains how you can use a short script to check whether your MySQL master master replication is working or not and how to get the mail notification when it isn’t.
Needless to say the mail service should be enabled on the server to facilitate carrying out of this job.

MySQL login paths are used here for logging in for better safeguarding of usernames and password. To know more about this, check this MySQL documentation page on it.

 #!/bin/bash
# Checks MySQL Replication status. Sends user(s) a notification when the replication goes down. 
status=0
MasterHost="DB master server"
SlaveHost="DB slave Server"
emails="Test@gmail.com demo@gmail.com" #multiple emails space separated
Subject="Replication status - Down"
#Grab the lines for each and use Gawk to get the last part of the string(Yes/No)
SQLresponse=`mysql --login-path=local -e "show slave status \G" |grep -i "Slave_SQL_Running"|gawk '{print $2}'`
IOresponse=`mysql --login-path=local -e "show slave status \G" |grep -i "Slave_IO_Running"|gawk '{print $2}'`
    if [ "$SQLresponse" = "No" ]; then
    error="Replication on the slave MySQL server($SlaveHost) has stopped working. Slave_SQL_Running: No"
    status=1
    fi
    if [ "$IOresponse" = "No" ]; then
    error="Replication on the slave MySQL server($SlaveHost) has stopped working. Slave_IO_Running: No"
    status=1
    fi
    # If the replication is not working
    if [ $status = 1 ]; then
    for address in $emails; do
    echo -e $error | mail -s "$Subject" $address
    echo "Replication down, sent email to $address"
    done
    fi

Setup a cron job to run this script every five or ten minutes to get the notification whenever the replication goes down.

The wait is over. We are proud to announce the launch of OMegha™ Public Cloud straight from our labs

Tags

Cloud Architect, Cloud Engineers, DevOps, IaaS, Omegha Public Cloud, PaaS, Public Cloud, SaaS, Workshop

IT industry most of the time stays in a bubble of buzzwords and one such buzzword of recent times is “CLOUD”. You will find people using this “CLOUD” in every conversation they strike. Now, just ask them what is a “CLOUD” and what do you do with “CLOUD” and the response would another set of buzzwords “OPEX”, “CAPEX”, “AWS”, “IaaS”, “PaaS” & “SaaS” and of course “COST SAVING” and “SECURITY”.

Now, this is the chance for all wanna-be cloud engineers, cloud technologists/architects and IT DevOps managers and Operations team members to understand what a real “CLOUD” looks-like and what is good and bad about it and how to utilize only good things by adopting the so called “CLOUD”

InfraStack-Labs is conducting a one day workshop on Dec 10th 2016 

 

 

Watch this space for registrations.

More Info :- https://infrastack-labs.com/news-and-events

Odoo : How To Migrate the PostgreSQL Database To A New Server

Tags

Database, How-To, Linux, Odoo, Postgresql, psql, Ubuntu

Setup

Application Server   -  Odoo Server
Database Server      -  Postgresql Server

In Database server

Install postgresql

#  sudo apt-get update
# sudo apt-get install postgresql postgresql-contrib postgresql-client

Create odoo user

# createuser --superuser odoo

Create database

# createdb omegha-odoo

Now login to psql

# psql

Change the ownership of database to odoo user.

postgres-# ALTER DATABASE "omegha-odoo" OWNER TO odoo;

Edit the following configuration files

/etc/postgresql/9.3/main/pg_hba.conf

# -----------------------------
# PostgreSQL Client Authentication Configuration File
# ===================================================

# IPv4 local connections:
host    all     all        trust

/etc/postgresql/9.3/main/postgresql.conf

# -----------------------------
# PostgreSQL configuration file
# -----------------------------

listen_addresses = '*'

Restart postgresql service

# service postgresql restart

In Application Server

 Edit the following configuration file

/etc/odoo/openerp-server.conf

[options]
db_host = <ip-address of the database server>
db_name = omegha-odoo
db_password = 
db_port = 5432
db_user = odoo

# service odoo restart

Installing Odoo 8 in Ubuntu

Odoo (formerly known as OpenERP ) is a suite of open core enterprise management applications. Targeting companies of all sizes, the application suite includes billing, accounting, manufacturing, purchasing, warehouse management, and project management.

Installing Odoo

Step  1 – Adding apt repository

Open your system terminal window and execute the following commands as root.

The user need to add repository to install required packages for Odoo.  Use the following commands for adding Odoo apt repositories.

# wget -O - https://nightly.odoo.com/odoo.key | apt-key add -# echo "deb http://nightly.odoo.com/8.0/nightly/deb/ ./" >> /etc/apt/sources.list

Step 2 – Installing Odoo

 Now update the apt repository and install Odoo.

 # apt-get update && apt-get install odoo

Step 3 – Cloning Odoo files

Clone the Odoo files on your server.

# git clone https://github.com/odoo/odoo.git

Step 4 – Restart the Service

Now restart the Odoo service.

# sudo service odoo restart

Resetting the webERP password for admin user

webERP will have a default user admin with password ‘weberp’. If one has changed the default password and then later forgot it, the easiest way to login again is by resetting the admin password.

To reset the admin password, we’ll have to create a .php file named passwordreset.php in the webERP folder.

$ cd /var/www/html/webERP
$ sudo vi passwordreset.php

Add the content

<?php
include('config.php');
$db = mysqli_connect($Host, $DBUser, $DBPassword, 'put-company_name-here',  $DBPort);
$Result = mysqli_query($db, "UPDATE www_users SET password='".password_hash('weberp',PASSWORD_DEFAULT)."' WHERE userid='admin'");
?>

Save the content.

PS: You’ll have to put the webERP company name here in this .php file.

Go to web browser. Run this .php file.

For eg: Put ‘server-ip-address’/webERP/passwordreset.php in the url field

After running this, password for the user ‘Admin’ will have changed to ‘weberp’.

Login using these credentials, we can go to Main Menu> setup> users maintenance to change the password we want to use.

 

How to Install phpMyAdmin on Ubuntu 14.04

Tags

Linux, MySql, Omegha Public Cloud, phpMyAdmin, SaaS

Prerequisites for installing phpMyAdmin

• PHP 5
• Apache 2
• MySQL

 

• Take your system terminal window and run the following command to install LAMP stack on your system

• Lamp stack comes bundled with all three components (Apache, MySQL, PHP)

# sudo apt-get install lamp-server       

• During the installation process, you should see a pop up window asking to set root the password for MySQL.

• Now Install phpMyAdmin

 # apt-get -y install phpmyadmin

• During installation process, you will see a pop up window asking a  few simple questions regarding the basic configuration of phpMyAdmin.

• At the first screen, select apache2 by using the space bar, then hit enter to continue.

• At the second screen, which asks “configure the database for phpmyadmin with dbconfig-common?”, selectYes, then hit enter to continue.

• At the third screen enter your MySQL password, then hitenter to continue.

• And finally at the fourth screen set the password you’ll use to log into phpmyadmin, hitenter to continue, and confirm your password.

• Now configure Apache

 # vi /etc/apache2/apache2.conf

• Add the following lines in bottom of file

   # phpMyAdmin Configuration 
    Include /etc/phpmyadmin/apache.conf

• Restart the apache service

   # service apache2 restart

        

 

webERP login error : Solved

Tags

Database, ERP, MySql, webERP

ERROR:  “Too many failed login attempts. You will have to see an authorised person to obtain access to the system”

This is an error that sometime pops up in webERP when you’ve entered the wrong user details a few times wrongly. This is a self protecting attribute of webERP which will ensure that the user in place will be blocked from entering again until an authorised person grants user the access to the system.

If you think you’re unfairly treated and have access to the MySQL database of the application there’s a away to get around this problem.

Login to MySQL database and select the webERP database you’re using.

 mysql > use weberp ;

Open the www_users table in the database which contains all the details about the users created in the databases

mysql > desc www_users ;



mysql > select * from www_users ;

This will give the list of of users in the database and their attributes.

Here the value in ‘Blocked’ field of the user who’s having difficulties logging in will be 1.

By changing the binary value to 0, one can change the status of this user. To do that

mysql > update www_users set Blocked = 0 where userid = 'user_here';

Try logging in with the correct password again, and this time it’ll be working without any issues.