root@geeklanka$_

1. Visit https://identity.cloud.wso2.com/2. Clcik on ‘Register’ to register your organization.3. Select a domain name for your organization.4. At step-3, you can select, either to validate the domain or not to. If you select to confirm the domain later - then you can do it after login in and clicking Account Management tab.5. At step-3, if [...]

With WSO2 Cloud Identity - you can provide your employees OpenIDs fall under your own domain name to be used with widely popular OpenID relying parties.1. Register your Organization - visit http://identity.cloud.wso2.com.2. Say, the domain I registered is example.com and a user there is prabath.3. By default - with ZERO configurations, all users are assigned [...]

@ Apache Asia Roadshow 2009 ~ Colombo ~ 03rd NovIdentity patterns and anit-patterns in real world web services

BlogPress is a nice free tool you can use to blog from your iPod/iPhone it self - if this appears on my blog - then it works

I came accross this nice app for iPhone / iPod Touch - which helps you connecting to Amazon Cloud- and it’s FREE.Only weekness was - the way it accepts credentials - one way it’s more convenient - but in other, you have to pass your credentias over the network in cleartext - and the [...]

Caffaine is the codename of the new, upgraded version of Google search engine.This explains how it performs against the old one.If you want to have an early look hear are the steps.

I was looking for an aplication or an add-on to iPod/Safari where I could post a link to DZone - from the corresponding web site it self.Failing to find one - I followed the following work-around - which worked perfectly for me - so, thought of sharng it for the benefit of others.1. Open up [...]

First we need to download the Chrome OS VMWare image from here.To run this - we need to have VMWare Workstation - a 7 days trial version availbale from here to download.Now - you need to wait hours and hours to get the trial version license key from VMWare. Instead of that use this - [...]

We started with http://RampartFAQ.COM few months back as an effort towards helping the open source community around axis2/rampart. This post summarises all the posts there, as of now.Basics1.What is Rampart?2.How to configure Rampart in Axis2?3.How to run Rampart samples with Apache Tomcat?4.How to enable SSL on Tomcat?5.How does the nonce and the timestamp get generated [...]

You can download an evaluation copy of Novell eDirectory from here.Then go through this blog post which explains - how to setup an LDAP based user store with Identity Server.You need to follow exact the same steps - except - you need to have the settings from the above image while installing Novell eDirectory - [...]

Web sites like CNN, Yahoo and many more with high traffic use a Content Delivery Network like Akamai - so end users have to spend less time waiting for the web page to load on their screens.Amazon CloudFront delivers the content using a global network of edge locations. Requests for your objects are automatically routed [...]

1. Sign up for S3 Go to http://aws.amazon.com/s3/ and sign up for an Amazon S3 account.Amazon S3 is storage on cloud.It provides a simple web services interface that can be used to store and retrieve any amount of data.Read more on S3 from http://aws.amazon.com/s3/faqs/2. Tools Once you created the storage on cloud - there are [...]

Hashing is a one way - irreversible algorithm which is used to store passwords in databases.So - nobody other than you know what your actual password is.When you create your password - your password will go through the hashing algorithm and the hashed password will be stored in the database.When you try to login - [...]

ESBs and SOAMost enterprises start with creating basic services and connecting them with an Enterprise Service Bus when first adopting SOA. This session will talk about the wider usage of an ESB in SOA infrastructure and the decoupling of communication layers. SOA Security As many businesses move ahead with SOA, security and identity management need [...]

“The dreams of a tamil girl in North tarnished by Prabhakaran’s war - now has become a reality - but she’s no more alive..”

Yumani explains here all what you need to know…

I’ll be doing the webinar, WSO2 SOA Summer School: Security in SOA on 2nd of July - next Thursday.As many businesses move ahead with SOA, security and identity management need to be made available as a service in the architecture in a consistent and reusable way across all applications. During this webinar I will focus [...]

Samisa will be doing a presentation on the $subject in few hours time.Serious business applications that demand high volumes of transactions are most often based on SOAs. Clustering technologies are critical for some of these deployments to help achieve load balancing and high availability. This session digs deep into the scaling techniques that can be [...]

This blog post explains how to do the intial setup with WSO2 ESB and the Identity Server to develop claim aware web services - please go through it first.There - we get the SAML Assertion to the proxy service.Here what we are going to do is - to extract SAML Assertions from the Security header [...]

Asanka will be doing a training on the $subject in few hours time.This session will provide in-depth knowledge on how to implement an SOA solution using the basic elements in an SOA infrastructure. There will be several enterprise SOA patterns mapped to real world and hypothetical business requirements. Implementation details will be practically explained using [...]

This blog post explains how to write policies in XACML for WSO2 Identity Server.A given policy has an identifier, a rule combining algorithm, a description, a target and a set of rules.<Policy PolicyId=”urn:sample:xacml:2.0:samplepolicy”  RuleCombiningAlgId=”urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable”  xmlns=”urn:oasis:names:tc:xacml:2.0:policy:schema:os”>  <Description>Sample XACML Authorization Policy.</Description>  <Target>…</Target>  <Rule>…</Rule></Policy>Since, a given Policy may contain multiple Rules, each of which may evaluate to different access control decisions, XACML needs [...]

Going by an example is the easiest way to explain.<Request xmlns=”urn:oasis:names:tc:xacml:2.0:context:schema:os” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance”><Subject>  <Attribute AttributeId=”urn:oasis:names:tc:xacml:1.0:subject:subject-id” DataType=”http://www.w3.org/2001/XMLSchema#string”>    <AttributeValue>admin</AttributeValue>  </Attribute>  <Attribute AttributeId=”group” DataType=”http://www.w3.org/2001/XMLSchema#string”>    <AttributeValue>admin</AttributeValue>  </Attribute></Subject><Resource>  <Attribute AttributeId=”urn:oasis:names:tc:xacml:1.0:resource:resource-id” DataType=”http://www.w3.org/2001/XMLSchema#string”>    <AttributeValue>http://localhost:8280/services/echo/echoString</AttributeValue>  </Attribute></Resource><Action>  <Attribute AttributeId=”urn:oasis:names:tc:xacml:1.0:action:action-id” DataType=”http://www.w3.org/2001/XMLSchema#string”>    <AttributeValue>read</AttributeValue>  </Attribute></Action><Environment/></Request>Let’s started with breaking it down.<Subject>Represents the entity making the access request.Can contain multiple <Attribute> elements.A given Subject is identified by the attributes contained.Each <Attribute> has two attributes. AttributeId and the DataType.AttributeId can be a one [...]

Before reading this, you need to go through my previous blog post on ‘WSO2 Identity Server + Claim aware proxy services with ESB’ - available here.Once you get the above running - all the client requests to attributes are satisfied through Identity Server’s defaut implementation.What if you need to filter attributes being sent?What if you [...]

Let me first briefly explain the the use case.1. A proxy service created in WSO2 ESB requires a security token issued by the WSO2 Identity Server for authentication.2.At the same time, the security policy in the proxy service, specifies - it requires a given set of claim values with the security token.<sp:RequestSecurityTokenTemplate xmlns:t=”http://schemas.xmlsoap.org/ws/2005/02/trust”><t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType><t:KeyType>http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType><t:KeySize>256</t:KeySize><t:Claims Dialect=”http://wso2.org/claims” xmlns:ic=”http://schemas.xmlsoap.org/ws/2005/05/identity”><ic:ClaimType [...]

Here, we’ll be discussing all the steps required to deploy WSO2 Identity Server over an LDAP user store.First we need to setup an LDAP server.You may download Apache Directory Studio from here and set it up.This explains all what you need to set it up.Log in to Identity Server as an admin and go to [...]

First we need to download Apache Directory Studio from here and install.Start - Apache Directory Studio.File –> New and select Apache DS ServerWindow –> Show Views –> Other… select ServersRight click on the ‘wso2identity’ server on the ‘Servers’ view and select ‘Open Configuration’. Note that default port being set to 10389.Window –> Show Views –>Connections [...]

Yumani has written a nice blog post on the subject. Available here…

This post explains how we can access a proxy service deployed in WSO2 ESB with a security token issued by the Identity Server 2.0.This is the use case;1. User authenticates to the Identity Server 2.02. User gets a Security Token from the Identity Server 2.0 - which is signed by the Identity Server’s private key [...]

With the latest WSO2 ESB - you can add fine-grained authorization with XACML, to proxy services - with the Entitlement mediator.First you need to configure the WSO2 Identity Server 2.0 as the XACML engine and this explains how to do it.Now, let’s see how we can configure Entitlement mediator in the WSO2 ESB.First, we are [...]