Thursday, April 17, 2014

PHP Federation Libraries

With federation technologies running rampant, I've been working with different methods of providing federated SSO between different applications.  As I go through this process, I always look to see if someone else has developed a library to make my life easier.  In the case of PHP, I have found a couple libraries that are very promising for making a retrofit to applications simple for OAUTH and SAML.  They are:


Enjoy

Wednesday, April 9, 2014

DirXML-Associations nameSpace wildcard magic number

When constructing a query for the DirXML-Associations attribute, I wanted to find a specific entitlement value.  In order to construct the query, I need all 3 parts of the structured attribute, which are nameSpace, volume, and path.  Volume is the DN of the entitlement object.  Path is the XML value of the entitlement.  nameSpace is the status of the entitlement as it it relates to the user.  The nameSpace attribute will NOT allow you to use a simple "*" wildcard.  Turns out, there is a "Magic Number" that is used in place of the wildcard.  That magic number is 4278190086.  Took quite a bit of Googling to find this.

Now, I tried the same thing on the nrfEntitlementRef attribute for nrfResource objects and it does NOT work - the error returned looks like:
<status level="error">Code(-9053) One or more errors occurred while
processing a query: Code(-8009) Error processing &lt;search-attr>:
java.lang.NumberFormatException: For input string: "4278190086".</status>
To work around, I simply did two queries and stuffed their values in the same nodeset (in DirXML - I've been told the magic number works for LDAP calls).  It seems the only values it gets for nameSpace are 0 and 1.  When setting my local variable nodeset - I simply included the same query with both values.  If I find a different value, I'll be sure to update this blog post.

Thursday, April 3, 2014

Adding custom links to NetIQ User Application

Working with a client that is using the SSPR 3.0 tool with NetIQ Identity Manager.  Within the User Application, it has a link for challenge response, but does not link out to SSPR, it uses the internal pages.  We wanted to have this link go over to SSPR instead.  It wasn't as intuitive as I would have liked to simply create a link in its place.

I went into User Application as the uaadmin, clicked on administration, then on page admin.  I selected the Password Challenge Response portlet, then selected "select contents" on the page.  I removed the item it was using and added "Message" and saved back out to the main screen.  Now, I needed to click "arrange content", edited the "Message" element, then selected "View/edit custom preference" for the message.  At the bottom, there is a checkbox for "View source".  I put the following as my message:

<META HTTP-EQUIV="refresh" content="0;URL=https://idm.example.com/sspr/">
<SCRIPT LANGUAGE="JavaScript">
<!--
window.location="https://idm.example.com/sspr/";
// -->
</script>
Magic voodoo happening in the background to take you to the SSPR
page, if the voodoo master is going too slow, you can use this link:
<a href="https://idm.example.com/sspr/">SSPR Home</a>