Our Thoughts and Posts

Top steps to get started with Hudson, the opensource build management tool

December 13, 2013 | Posted in tools | By

Installation procedure for Hudson, the open source Source code build management tool

To use Hudson you need:

  • An accessible source code repository, e.g. subversion, with your code checked in.
  • A working build script, e.g. ant script, checked into the respository
  • A webapplication server, e.g. Tomcat, to run Hudson

Steps to configure Hudson:

  • 1.To use Hudson you need to setup Apache Ant as a build tool.
     
    2.Download the “hudson.war” file and put the it into your Tomcat “webapps” directory. If you start Tomcat your Hudson installation should be available under “http://localhost:8080/hudson/”.
     
    3.Open the hudson url then click  on “Manage Hudson” -> “Configure System” and configure the JDK and ant path.
     
    4.Setup the email notification settings like smtp server ,port ,admin email address.
     
    5.To deploy wars using hudson install Hudson deploy plugin also subversion release manager plugin to build specific svn revision. 
     
    Setting up hudson job:
  • 1.Select “New Job” -> “Freestyle Job”.
     
    2.Select “subversion” and give your project svn url also enter svn credentials.
     
    3. If you want to schedule a job you can schedule it using Build Triggers .In that you can use Poll SCM or build periodically option and set the time to run a job. If you want to create a build manually use build now option.
     
    4.Then in Build section select invoke ant option. It will use project build.xml file and execute the targets defined in build.xml.
     
    5.In Post-build Actions you can select the option you want  like email notification etc. If your project build.xml contains the target to create a war and you want to deploy it into the tomcat then select Deploy war/ear to a container and provide all the details like tomcat url ,tomcat credentials, war file path respective to workspace. 
     
    6. Then save this job. It will run according to specified schedule or you can run it manually when want to run.
     
    Build specific svn revision 
     
    1.If you want to create a build of specific svn revision first install subversion release manager plugin in hudson.
     
    2.In configuration select  build is parameterized option ->String parameter and provide name: {REVISION}, value:@rev_no  
     
    3.In Source Code Management->Subversion Release and at the end of repository url add {REVISION} 
     
    4.Save the configuration and then build .
     
     
     
     

Read More →

GWT programming – How to avoid the cache.html files from getting cached in client browser?

December 13, 2013 | Posted in tools, Uncategorized | By

How to prevent ‘nocache.js’ or cache.html from getting cached in Browser when we build Google Web toolkit applications ?
This need arises when you are releasing a newer version of an existing application to existing users. Any user who has visited the GWT application before hand would have cached the previous version files and in all likelihood won’t see the new version changes.
GWT (Google web toolkit ) applications do not work properly in some browsers unless the user refresh the page cache forcefully. If a browser has an older version of this js file or more critical cache.html file cached in the client browser, the application will not be able to properly communicate with server code or render the newer version and most of the time behaves erratically and remains unpredicatable.
Solution for this is to make sure that the older version files specially ‘nocache.js’  & cache.html are not cached by the browser.
 The string in the filename i.e. nocache.js does allow to configure your server to send HTTP header information to the browser to stop it from caching.
To achieve this  In your Java application you have to create a Filter to dispatch the necessary HTTP header information and you can skip the file from getting cached in browser.
Following is the simple Http Filter code:

public class CacheControllerFilter implements Filter{
 
private Logger logger = Logger.getLogger(CacheControllerFilter.class.getSimpleName());
public void destroy() {
}
 
public void init(FilterConfig config) throws ServletException {
}
 
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain){
logger.log(Level.INFO, “[CahcheControllerFilter] in doFilter() method…”);
try {
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
String requestURI = httpServletRequest.getRequestURI();
if (requestURI.contains(“.nocache.”)) {
Date currentDate = new Date();
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
httpServletResponse.setDateHeader(“Date”, currentDate.getTime());
// one day old
httpServletResponse.setDateHeader(“Expires”, currentDate.getTime() – 86400000L);
httpServletResponse.setHeader(“Pragma”, “no-cache”);
httpServletResponse.setHeader(“Cache-control”, “no-cache, no-store, must-revalidate”);
}
filterChain.doFilter(request, response);
} catch (Exception ex) {
logger.log(Level.INFO, “[CahcheControllerFilter] Exception in doFilter() method…”,ex);
}
}
 
Headers to be set:
Expires:             Specifies time when the document may change or when its information will become invalid. It shows that it is unlikely the document will change before that time.
Cache-control: Specifies any special treatment a caching system should give to this document. The most common values are no-cache (to indicate this document should not be cached), no-store (to indicate this document should not be cached or even stored by a proxy server, usually due to its sensitive contents), and max-age= seconds (to indicate how long before the document should be considered stale).
 
Pragma:   equivalent of Cache-control, with no-cache as its only possible value.
 
Basically this filter checks whether the http request URI contains the string ”.nocache.”, if it contains then it sets the header to tell the browser to not cache the file, and if it does not then set the Header as it is. Add the extra steps if you want to set header for other files such as cache.html
And  you have to put mapping of this filter in your web.xml file:
<filter>
<filter-name>cacheControlFilter</filter-name>
<filter-class>com.example.server.service.CacheControllerFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>cacheControlFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

 

Read More →

How to configure in-memory caching using C3P0 and ehCache in Hibernate

December 13, 2013 | Posted in tools | By

Detailed steps to configure simple in-memory cache using C3P0 and ehCache in Hibernate ORM library

We need to configure in memory caching in hibernate using C3P0 and ehCache so often that we thought writing a simple post about it would help our new team members and java developers out there alike. So here are the detailed steps to configure caching in hibernate with C3P0 and ehCache below.

Following are the configurations for c3p0 connection pool:

These go in your hibernate.cfg.xml file,
 <property name=”connection.provider_class”>org.hibernate.connection.C3P0ConnectionProvider</property>
<property name=”hibernate.connection.autoReconnect”>true</property>
<property name=”hibernate.c3p0.acquire_increment”>3</property>
<property name=”hibernate.c3p0.idle_test_period”>5</property>
<property name=”hibernate.c3p0.max_size”>50</property>
<property name=”hibernate.c3p0.max_statements”>0</property>
<property name=”hibernate.c3p0.min_size”>0</property>
<property name=”hibernate.c3p0.timeout”>5</property>
<property name=”hibernate.c3p0.idleConnectionTestPeriod”>5</property>

initialPoolSize C3P0 default: 3

 minPoolSize default: 1

maxPoolSize default: 100 , no of connections that the applications will to serve at once.

idleTestPeriod default: 0 , If this is a number greater than 0, c3p0 will check for all idle pooled connections every this number of seconds.

timeout default is 0 The seconds a Connection can remain pooled but unused before getting closed. 0 means connections never expire.

maxStatements default: 0 The size of Prepared Statement cache. Zero means statement caching is off.

acquireIncrement default: 1 no of connections c3p0 will try to acquire when the pool is exhausted.

You also can set extra c3p0 properties using c3p0.properties.

 

Following property should be added to configure ehcache:
 
This goes in your hibernate.cfg.xml file - 
<property name=”hibernate.cache.provider_class”>org.hibernate.cache.EhCacheProvider</property>
What we have described here are simple configurations to get started with hibernate cache configurations. There are innumerable options and possibilities to fine tune hibernate cache for best performance and its dependent on your entity design. If you need assistance to do it right you can reach us for a free 30 minute consultation with one of our experienced technology / development team members. Contact Us here. 

Read More →

How to setup and configure – OpenAm fedlet with ADFS ?

December 11, 2013 | Posted in tools | By

All the puzzles behind how to setup / configure ADFS & OpenAm integration covered

While delivering a recent enterprise project team at ensarm solutions scratched their heads for a few days to syndicate with ADFS for user authentication. Realizing what a serious mess it can be, we decided to publish our experience and steps to help other fellow developers.

Kindly refer to the steps below at your own risk :) . Although feel free to contact us if you have any questions. We will do our best to revert to you asap. Kindly provide verifiable information along with a descriptive message if you really want us to respond.

=====================================================

 Openam + fedlet + adfs setup

The following steps were performed while setting up the fedlet and adfs federation test::

1.   We had added the openam-9 war in the tomcat of machine with ip:10.10.10.150 (Machine A). This tomcat has ssl enabled.

2.   We have done all the necessary configuration for the openam and created the sp.xml and sp-extend.xml for openam using sso-admin tool.

3.   When the configuration are and all necessary certificates of openam is added in tomcat and java we:

a.    Login into the openam application and create the hosted identity provider using the idp.xml (going to explain below how it is generated) (**ipd.xml is this case is the file obtained from or local adfs during its setup**) and dummy idp-extend.xml created by and containing only the name of the circle of trust.

b.   Once the hosted identity provider is created it gives us sereval option one of which is creating a fedlet using this we create a fedlet and sets its url in such a way that we are deploying on the same tomcat where the openam is setup as we need fedlet url to be secure (we have done this in our case else we can deploy it any where and our fedlet access link is https://10.10.10.150/fedlet)

4.   On the adfs server machine we have set up the adfs and during its setup we also got a federation file which contains many information out of which while creating the hosted identity provider I have created the dummy file with only sp and idp related tags.

(we call this adfs server as Machine B)

5.   The fedlet is added as the relying party into the adfs console using the sp.xml found in the fedlet war’s conf directory. And setup the algorithm is SHA-1

What is done:

1.   When we access the fedlet url from machine B it opens a fedlet index page and then there are to link one say to initiate the sso login using post and other with artifact.

2.   When we click on the post link it redirect us to adfs login page wherein we provide the login credentials and after entering correct credentials it redirects us back to the fedlet application page but with the invalid response and throws a 500 exception saying the response is invalid when we decode the response we get something like this :

  <samlp:Status>

      <samlp:StatusCode Value=”urn:oasis:names:tc:SAML:2.0:status:Requester”>

          <samlp:StatusCode Value=”urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy” />

      </samlp:StatusCode>

  </samlp:Status>

and what we want::

<saml2p:Status>

  <saml2p:StatusCode Value=”urn:oasis:names:tc:SAML:2.0:status:Success”></saml2p:StatusCode>

</saml2p:Status>

 Note – The links below are provided only as example and are not expected to work.

https://win2k8.yourlink.com:8443/FederationMetadata/2007-06/FederationMetadata.xml

just open the url in any browser and you will get the file

 Finally the fedlet and adfs integration works:

Following are the steps performed :

*** for openam setup***

1. use the openam- 9.0 and deploy it on the local tomcat.

2. Perform the basic configuration for openam setup :

a. provide the password : amadmin1

b. provide a directory path where all the configuration will made and have all related data.

c. provide these values on the next screen:

   dc=ensarm, dc =com

d. use the default data store provide by openam.

e. select no option on the next screen

f. now the configuration will be created .

3. once the openam is setup you can access it using : https://server.yourlink.com/openam/

***For adfs setup***

1. Do the adfs setup first using some documentation

2. for generating the federation metadata we can use this url  (And this file wil be idp.xml):

https://win2k8.yourlink.com:8443/FederationMetadata/2007-06/FederationMetadata.xml

3. then edit this file : and remove all the content under this tag === ds:Signature , RoleDescriptor, SPSSODescriptor

4. So the content for this file will look something like this:

<EntityDescriptor ID=”_084a9712-83f3-4c5f-be57-13b6d0b03b4b”

entityID=”http://win2k8.yourlink.com/adfs/services/trust” xmlns=”urn:oasis:names:tc:SAML:2.0:metadata”>

<IDPSSODescriptor protocolSupportEnumeration=”urn:oasis:names:tc:SAML:2.0:protocol”>

<KeyDescriptor use=”encryption”>

<KeyInfo xmlns=”http://www.w3.org/2000/09/xmldsig#”>

<X509Data>

<X509Certificate>

MIIC5DCCAcygAwIBAgIQFDAgVWh5MblOedpyX2m6AzANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDEyNBREZTIEVuY3J5cHRpb24gLSB3aW4yazguZW5zYXJtLmNvbTAeFw0xMjExMDcwMzU4NDhaFw0xMzExMDcwMzU4NDhaMC4xLDAqBgNVBAMTI0FERlMgRW5jcnlwdGlvbiAtIHdpbjJrOC5lbnNhcm0uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz6/2z+/r2nvGTIjUcVHQeDy3YaBGdNcEqtiGWPnZWizYkLYN2RF4phFrSBTdw5vLkLkyztNYP39hsG+s/qn1ykQ+1aeBkEfonLwvXhPQNEJpFqy3VHsq3oCf6IgCGtaa+CLMWf3KUF7PX8jBkAWXbGxnjewqYffGHY8kCbnOQ5bACKUOlfBS1A/RXtYXVK08xqelAZVEq/8AFFTl8TcFqKIcIfeAe96YzEr0prjfggyknFKZP8JfqdBKvj7EPnYizd4Vp8dYsMH+/2xE+l+U/Th90hxymCN5P7NtiwHzFTr+9m1eP47UDZOvaDgrRoe/Uo2v62UrmEkD2TWPnfOg7QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBdr1WdrF5I3Ne1mN862eO1mtP+9hQFlyDceXsqZqlFlOcuWQcjogMUy56RuM42c2Is8peCdiyenCnFbH7stCCyqfNrsA9NZBOYgRIrcoUnM8837W4xrZ0tKhHvN7qV3/uxkYbL9Rdj3cgdxKamk+nXusU1YFP26qP5ZAXJxHG+oHC2U5hs835JCYD1CHTXG0sN3QRID9YI+Ryls82vVa89FBsZ+pNtYnprR+LAEOvQmIOkhzpfmShm+gOf51ZMxojUrF2hH41yru2AP1aoNsMYQdxfnP4mmf+L+8MP8ihTsnO56YrxOmsT3lF3WWL1S25pEpRy0t725OnjMHJT/Yqz

</X509Certificate>

</X509Data>

</KeyInfo>

</KeyDescriptor>

<KeyDescriptor use=”signing”>

<KeyInfo xmlns=”http://www.w3.org/2000/09/xmldsig#”>

<X509Data>

<X509Certificate>

MIIC3jCCAcagAwIBAgIQU2mxwgjOF4FAp31ZbxAQezANBgkqhkiG9w0BAQsFADArMSkwJwYDVQQDEyBBREZTIFNpZ25pbmcgLSB3aW4yazguZW5zYXJtLmNvbTAeFw0xMjExMDcwMzU4MjBaFw0xMzExMDcwMzU4MjBaMCsxKTAnBgNVBAMTIEFERlMgU2lnbmluZyAtIHdpbjJrOC5lbnNhcm0uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApKxo1i/THY8wNsGM7iaze/aHFG8nBX+7idovLUGpUsL8zhdr30tjuRB6xrRML3fKv/Hviz3+xo0OMzdQU1+ORBcyAAD4Z+VL30LCU0u+rnwydd/OKOiiwxc+FGzZ2q3f9w4mCWAlbsI3zp7xOtgYV1P1ba1ytJ1GtlS/ZHVJuPQZjpMs83lOZVVoURll+8qU5uWUyWci6Imwp6RvGRpn4vJyxEWpnMtSAQ52l6kbjLZTlsfRR/R3PlZ1J0NBu1PDALMgXhrHck9GnCT89RGKTfbvrzcC8Jhr4Uz0WOANWYDMmPQS3uS13C5Pc7qV1soreEvlERZC2c3SYiCskbhgtQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBZdrezR2Dmby8zAaj7HBXktQPTpVjblRuFFI44YqMURvDxmI8vI9wRjKNtpQq2yUSjbXRoocsEwYcjHFCC1WJrW+UnjOhacj+TChq+k84OeqWG3wpIHncW3i35xvjpXg0x01tgLuUgAOIYN2OKn+kVsrt/bkey1RzbehZBjseII2Saiknea5Af/18amiTuwLaA1V6ZYdbRTTdN3P+xDGbtaAdPJ9SMpgQY58P+QfuZb2l1y+4zaZG+HxYbx+UiRXpiyDe7259n3GdmTkGjGyVYtAosr062ucDDjnnFnZrSJoKROqnVmT63p6XmBWgSTW3/Kv8m9MxVVHPqluBaRutU

</X509Certificate>

</X509Data>

</KeyInfo>

</KeyDescriptor>

<ArtifactResolutionService Binding=”urn:oasis:names:tc:SAML:2.0:bindings:SOAP” Location=”https://win2k8.yourlink.com:8443/adfs/services/trust/artifactresolution” index=”0″/>

<SingleLogoutService Binding=”urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect” Location=”https://win2k8.yourlink.com:8443/adfs/ls/”/>

<SingleLogoutService Binding=”urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST” Location=”https://win2k8.yourlink.com:8443/adfs/ls/”/>

<NameIDFormat>

urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

</NameIDFormat>

<NameIDFormat>

urn:oasis:names:tc:SAML:2.0:nameid-format:persistent

</NameIDFormat>

<NameIDFormat>

urn:oasis:names:tc:SAML:2.0:nameid-format:transient

</NameIDFormat>

<SingleSignOnService Binding=”urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect” Location=”https://win2k8.yourlink.com:8443/adfs/ls/”/>

<SingleSignOnService Binding=”urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST” Location=”https://win2k8.yourlink.com:8443/adfs/ls/”/>

<Attribute xmlns=”urn:oasis:names:tc:SAML:2.0:assertion” Name=”http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress” NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:uri” FriendlyName=”E-Mail Address”/>

<Attribute xmlns=”urn:oasis:names:tc:SAML:2.0:assertion” Name=”http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname” NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:uri” FriendlyName=”Given Name”/>

<Attribute xmlns=”urn:oasis:names:tc:SAML:2.0:assertion” Name=”http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name” NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:uri” FriendlyName=”Name”/>

<Attribute xmlns=”urn:oasis:names:tc:SAML:2.0:assertion” Name=”http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn” NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:uri” FriendlyName=”UPN”/>

<Attribute xmlns=”urn:oasis:names:tc:SAML:2.0:assertion” Name=”http://schemas.xmlsoap.org/claims/CommonName” NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:uri” FriendlyName=”Common Name”/>

<Attribute xmlns=”urn:oasis:names:tc:SAML:2.0:assertion” Name=”http://schemas.xmlsoap.org/claims/EmailAddress” NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:uri” FriendlyName=”AD FS 1.x E-Mail Address”/>

<Attribute xmlns=”urn:oasis:names:tc:SAML:2.0:assertion” Name=”http://schemas.xmlsoap.org/claims/Group” NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:uri” FriendlyName=”Group”/>

<Attribute xmlns=”urn:oasis:names:tc:SAML:2.0:assertion” Name=”http://schemas.xmlsoap.org/claims/UPN” NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:uri” FriendlyName=”AD FS 1.x UPN”/>

<Attribute xmlns=”urn:oasis:names:tc:SAML:2.0:assertion” Name=”http://schemas.microsoft.com/ws/2008/06/identity/claims/role” NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:uri” FriendlyName=”Role”/>

<Attribute xmlns=”urn:oasis:names:tc:SAML:2.0:assertion” Name=”http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname” NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:uri” FriendlyName=”Surname”/>

<Attribute xmlns=”urn:oasis:names:tc:SAML:2.0:assertion” Name=”http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier” NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:uri” FriendlyName=”PPID”/>

<Attribute xmlns=”urn:oasis:names:tc:SAML:2.0:assertion” Name=”http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier” NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:uri” FriendlyName=”Name ID”/>

<Attribute xmlns=”urn:oasis:names:tc:SAML:2.0:assertion” Name=”http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant” NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:uri” FriendlyName=”Authentication time stamp”/>

<Attribute xmlns=”urn:oasis:names:tc:SAML:2.0:assertion” Name=”http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod” NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:uri” FriendlyName=”Authentication method”/>

<Attribute xmlns=”urn:oasis:names:tc:SAML:2.0:assertion” Name=”http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid” NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:uri” FriendlyName=”Deny only group SID”/>

<Attribute xmlns=”urn:oasis:names:tc:SAML:2.0:assertion” Name=”http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid” NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:uri” FriendlyName=”Deny only primary SID”/>

<Attribute xmlns=”urn:oasis:names:tc:SAML:2.0:assertion” Name=”http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid” NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:uri” FriendlyName=”Deny only primary group SID”/>

<Attribute xmlns=”urn:oasis:names:tc:SAML:2.0:assertion” Name=”http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid” NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:uri” FriendlyName=”Group SID”/>

<Attribute xmlns=”urn:oasis:names:tc:SAML:2.0:assertion” Name=”http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid” NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:uri” FriendlyName=”Primary group SID”/>

<Attribute xmlns=”urn:oasis:names:tc:SAML:2.0:assertion” Name=”http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid” NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:uri” FriendlyName=”Primary SID”/>

<Attribute xmlns=”urn:oasis:names:tc:SAML:2.0:assertion” Name=”http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname” NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:uri” FriendlyName=”Windows account name”/>

</IDPSSODescriptor>

<ContactPerson contactType=”support”/>

</EntityDescriptor>

5. I have created a dummy idp-extended.xml file. Whose contents goes as below :

 

<?xml version=”1.0″ encoding=”UTF-8″ standalone=”yes”?>

<EntityConfig entityID=”http://win2k8.yourlink.com/adfs/services/trust” hosted=”1″ xmlns=”urn:sun:fm:SAML:2.0:entityconfig”>

   <IDPSSOConfig metaAlias=”/idp”>

       <Attribute name=”description”>

           <Value/>

       </Attribute>

       <Attribute name=”signingCertAlias”>

           <Value>idp_ts</Value>

       </Attribute>

       <Attribute name=”encryptionCertAlias”>

            <Value>idp_te</Value>

       </Attribute>

       <Attribute name=”basicAuthOn”>

           <Value>false</Value>

       </Attribute>

       <Attribute name=”basicAuthUser”>

           <Value/>

       </Attribute>

       <Attribute name=”basicAuthPassword”>

           <Value/>

       </Attribute>

       <Attribute name=”autofedEnabled”>

           <Value>false</Value>

       </Attribute>

       <Attribute name=”autofedAttribute”>

           <Value/>

       </Attribute>

       <Attribute name=”assertionEffectiveTime”>

           <Value>600</Value>

       </Attribute>

       <Attribute name=”idpAuthncontextMapper”>

           <Value>com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper</Value>

       </Attribute>

       <Attribute name=”idpAuthncontextClassrefMapping”>

           <Value>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|0||default</Value>

       </Attribute>

       <Attribute name=”idpAccountMapper”>

           <Value>com.sun.identity.saml2.plugins.DefaultIDPAccountMapper</Value>

       </Attribute>

       <Attribute name=”idpAttributeMapper”>

           <Value>com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper</Value>

       </Attribute>

       <Attribute name=”assertionIDRequestMapper”>

           <Value>com.sun.identity.saml2.plugins.DefaultAssertionIDRequestMapper</Value>

       </Attribute>

       <Attribute name=”nameIDFormatMap”>

           <Value>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress=mail</Value>

           <Value>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName=</Value>

           <Value>urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName=</Value>

           <Value>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos=</Value>

           <Value>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified=</Value>

       </Attribute>

       <Attribute name=”idpECPSessionMapper”>

           <Value>com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper</Value>

       </Attribute>

       <Attribute name=”attributeMap”/>

       <Attribute name=”wantNameIDEncrypted”>

           <Value/>

       </Attribute>

       <Attribute name=”wantArtifactResolveSigned”>

           <Value/>

       </Attribute>

       <Attribute name=”wantLogoutRequestSigned”>

           <Value/>

       </Attribute>

       <Attribute name=”wantLogoutResponseSigned”>

           <Value/>

       </Attribute>

       <Attribute name=”wantMNIRequestSigned”>

           <Value/>

       </Attribute>

       <Attribute name=”wantMNIResponseSigned”>

           <Value/>

       </Attribute>

       <Attribute name=”cotlist”>

           <Value>mycot</Value>

       </Attribute>

       <Attribute name=”discoveryBootstrappingEnabled”>

           <Value>false</Value>

       </Attribute>

       <Attribute name=”assertionCacheEnabled”>

           <Value>false</Value>

       </Attribute>

       <Attribute name=”assertionNotBeforeTimeSkew”>

           <Value>600</Value>

       </Attribute>

       <Attribute name=”saeAppSecretList”/>

       <Attribute name=”AuthUrl”>

           <Value/>

       </Attribute>

       <Attribute name=”appLogoutUrl”>

           <Value/>

       </Attribute>

       <Attribute name=”idpSessionSyncEnabled”>

           <Value>false</Value>

       </Attribute>

       <Attribute name=”relayStateUrlList”/>

   </IDPSSOConfig>

</EntityConfig>

Once this basic configuration is created you can move on with these steps:

 

1. login into openam : https://server.yourlink.com/openam/UI/Login

using the username : amadmin      &&    password : amadmin1

2. click on the : Comman task  ⇒  click on the create hosted identity provider and create the provider using the above idp.xml and idp-extended.xml and name the cot as “mycot”  and create the identity provider. Note :- select realm ⇒ test.

 

3 . Once the provider is created , create the fedlet setting the above created provider is idp and give the name as fedlet and provide  Destination URL of the Service Provider which will include the Fedlet: the url using which we are going to access the fedlet . For me its : https://openam.yourlink.com/fedlet/

4. Then provide the follwing three Attribute Mapping :

CommonName=cn, GivenName=sn, and UserStatus=inetUserStatus.

 

Now create the fedlet.

 

5. The fedlet will now be created in the F:/openam_443/myFedlet directory. This is the openam configuartion directory .

 

6. Unzip the Fedlet.zip  which will have 2 file fedlet.war and readme file.

 

7. Use this fedlet.war file and deploy it on the tomcat you want. I have deployed it on the tomcat where i have openam.

*** setup at fedlet  ***

1. start the tomcat , access the fedlet from browser https://openam.yourlink.com/fedlet/

2. create the fedlet configuration directory or use the default location.

Now some important steps:

3. In the openam directory F:\openam_443\openam you will find these three file keystore.jks ,  .keypass, .storepass files copy these files and add them into the fedlet config directory (not war config).

4. Once done open the keystore file you will only have test in it and password will be “changeit”.

 

*** setup at adfs ***

1. add the relying party as the fedlet using the sp.xml which is present in the conf directory of the fedlet.

2.  give a display name ⇒ permit all user ⇒ next ⇒ finish.

3. add the following claim rules:

a. add rule ⇒ transform incoming claim rule ⇒ incoming claim type :: Name Id ⇒ claim format :: transient identifier ⇒ outgoing claim type :: Email address

b. Send claim using custom rule and add this:

c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"]

=> issue(Type = “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier”, Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = “urn:oasis:names:tc:SAML:2.0:nameid-format:transient”, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/spnamequalifier"] = “fedlet”);

4. Double click on the fedlet and in the advance tab select sha-1.

From the same adfs snap-in ⇒ under the certificates tab export the signing and encryption certificate. Once done import these certificates in the keystore of fedlet.

Restart tomcat and adfs and start accessing the link.

 

 

 

Read More →

How to add a license to a java source file ? An ant script

December 11, 2013 | Posted in tools | By

Using an ant script to add license terms to project specific java source files

Team at Ensarm has been engaged over the years in multitudes of project. Some thriving open source ones and many client specific ones, code of which are guarded with our lives.

Over a period of time while releasing open source projects / code bases to developers outside, its critical for us to make sure licensing terms are crystal clear. Same applies to client specific projects although license terms are different and are governed by Service contracts in place.

Either way its critical to make sure that all license terms are clear in each and every piece of source code you share. And it may not happen that easily as you are developing your code to remember addition of such terms into each and every file. And after you have written hudreds / thousands of lines of code it can be a challenge to add such license / disclaimer to each and every source file.

You can download the script here.

Do change the .txt file extension into .xml after you download. You can use the contact us form on the right to send us any questions.

Read More →