Set up CAS and integrate it with Active directory for SSO - Part 1

In your organization you might have several applications that have their own authentication stores. And that means, for 10 different applications in the organization you would have 10 different set of credentials for each person. Pretty complicated for the poor employee. No to mention the plight of IS guys and CIO.

Most of you would have Active Directory in your organization that is being used for authentication by employees. You can  make all the applications inside the organization talk to AD for authentication. That would certainly reduce the overhead to a great extent.

2 problems with this approach:

1. You might not want to expose your AD to applications running outside your organization.
2. This mechanism does provide same user ID and password to all applications but it still does not provide single sign on. Employee will have to log on to each application that s/he wants to access.

CAS can help solve this. CAS is an authentication system that your applications can delegate authentication to. CAS in turn can help you be very flexible with authentication stores that it can use and can provide single-sign-on.

In this post I will help you guys set up a CAS server running on ubuntu server and integrate it with an Active Directory server running on Windows 2008 R2.

To set up a quick PoC environment you can set it up on AWS EC2 instances.

Following are assumed before we start. You have:

1. Basic familiarity with Linux
2. Basic familiarity with Windows and LDAP/Active Directory
3. Basic familiarity with Java
4. Basic familiarity with Maven
5. Basic familiarity with Tomcat

Request flow diagram

Above diagram shows the happy flow for a single authentication request. Any subsequent requests for Application by the client will not go to CAS server as long as the client has a valid ticket.

Also any other applications that are part of the same infrastructure will honor the CAS ticket and client need not get authenticated.

If you have more than 1 authentication store they can all be behind CAS server and can authenticate clients. Active Directory store in the diagram above can be replaced by any other store without impacting the clients or applications.

In the next part I will give the steps necessary to set up the infrastructure with a CAS server that will authenticate your clients against an Active Directory.

Install Oracle Java on linux using ppa

Use the below commands to install oracle java on linux mint and you are good to go.

sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update
sudo apt-get install oracle-java8-installer

How to access your EC2 linux instance filesystem over ssh using nemo on linux mint using private key?

I assume that following are available:

1. You have a working EC2 linux instance setup
2. You are running linux mint (Actually I use mint)
3. You have access to your private EC2 key (.pem file)

Steps

1. Place your .pem file in ~/.ssh folder and rename it to id_rsa
2. Run following command ssh-add ~/.ssh/id_rsa (This will load the key in ssh-agent)
3. Use the command in sftp://@ in the address bar of nemo.

This will show all the folders on the remote machine. You can choose to add it to favorites...

Cheers!!!

Wordpress on AWS for company intranet

A while ago I was asked by my CIO, if we can replace our existing custom built intranet with something better that is available off the shelf.

I initially thought of showing off Drupal/Joomla/Wordpress and give a comparison along with the recommended platform. I thought of setting up the infrastructure on one of the test machines that I had which was running linux. Unfortunately it did not have apache, php and other required packages. Installation of these packages using apt-get was a challenge due to restrictive information security policies that would not allow download of files from the repositories. Also the organizational proxy  did not play well with linux making it a nightmare to get anything done (CNTLM did work for a while). Overcoming these would have been a bureaucratic ordeal.

After some thought I decided to use AWS. Picked up a pre-built bitnami AMI from AWS marketplace and set it up on a spot EC2 micro instance.

It took a couple of days for one of our guys to put the content from our existing intranet on wordpress and find a good looking theme.

The demo to CIO went very well  and we got the implementation green signal for Wordpress.

Since AWS EC2 instance was running on my personal account I got a bill of 3.82 USD later on for this exercise. A small price to pay for a successful demo with little effort and avoid organizational bureaucracy.

I have started loving the power of cloud and AWS.

Disable dual graphics for better battery life on mint linux

My acer timeline x 4820TG laptop has 2 graphics cards. An onboard intel card (less powerful but battery friendly) and AMD radeon 5650 (Powerful but battery hungry). This is basically called hybrid graphics. More information can be found at https://wiki.archlinux.org/index.php/hybrid_graphics


Both the graphics cards were used to be on, and eating battery life. Also the fan would make a lot of noise.

Everything was fine when I used to run Windows 7 with the AMD drivers. Since last 2 years I have been using mint linux and it has been a cause of trouble for me since then. I finally decided to take a dig at it solve the issue.

After a couple of searches found the solution...

Use the following commands....

To list the switchable devices
-------------------------------------------------
sudo chown prabhat /sys/kernel/debug
cat /sys/kernel/debug/vgaswitcheroo/switch


To switch off discrete (Radeon) graphics card
------------------------------------------------------------

sudo chown prabhat /sys/kernel/debug/
sudo chown prabhat /sys/kernel/debug/vgaswitcheroo/switch
echo OFF > /sys/kernel/debug/vgaswitcheroo/switch


To switch on discrete graphics card
--------------------------------------------------------------

sudo chown prabhat /sys/kernel/debug/
sudo chown prabhat /sys/kernel/debug/vgaswitcheroo/switch
sudo echo ON > /sys/kernel/debug/vgaswitcheroo/switch


To switch off discrete graphics card at system startup
-----------------------------------------------------------------------------------------

sudo gedit /etc/rc.local

Add following before exit 0

chown prabhat /sys/kernel/debug/vgaswitcheroo/switch
echo OFF > /sys/kernel/debug/vgaswitcheroo/switch

*Replace prabhat with your username.

You should not need these if your kernel is >3.12 (Mine is 3.11) as the driver automatically manages the power of radeon gpu.

In search of an HTML5 IDE

In my pursuit to find a decent development environment for HTML I tried gedit, sublime text, redcar, komodo edit and netbeans.

I was trying to find an eclipse plugin but could not find one for HTML5 and javascript though I rememeber seeing a javascript developer edition of eclipse in helios.
After playing a couple of days with various editors I settled on Netbeans. Its much lighter than eclipse.

Netbeans 7.4 is fantastic in terms of code auto completion. It also provides excellent inline documentation when you are writing code and gives browser compatibility of html tags and css styles.

It provides you facility to include various javascript libraries for development when you are creating a new project.

It also provides you options to build the right starting library for your HTML5 app. You can choose between bootstrap, HTML5 boilerplate and Modernizr

So far it has been working pretty well for me.