A nice diagram that I found on Okta illustrates the workflow of both SP-initiated and IDP-initialed SSO. Reference: https://developer.okta.com/standards/SAML/index http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
If you see similar errors as below when using openssl to test a https site, it is most likely caused by the SNI that is configured in the reverse proxy or server, like Nginx. openssl s_client -connect bla.bla.com:443 CONNECTED(00000003) 51089:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.60.1/src/ssl/s23_clnt.c:618: To make it work, you need to specify the hostname in the command, … Continue reading Openssl error: SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
What is HSTS? It stands for HTTP Strict Transport Security. Simply speaking, HSTS is a method that allows the browser to do http to https redirect. Why use HSTS? Security! As explained above, the http traffics only stay inside the machine, so it reduces the risk of exposing sensitive information in plain text to the Internet. … Continue reading Enable HSTS in Akamai
It was painful that you are unable to change the instance profile for existing EC2 instance. A good news is that you CAN now via AWS CLI!! Here is a step by step example.
SSSG Ninja is my new open source project - It is a all-in-one managemenet tool for SSSG (Site Shield Security Group), it not only makes recommendations but also can do the jobs for you. If you are interested to try, it can be found in my Github repo. Here are current supported features: Make recommendations based … Continue reading SSSG Ninja
Client -ssh only--> Jumpbox00 -ssh only--> Jumpbox01 --http only-> Internal network Here is how to ssh to jumpbox01, and visit websites in internal networks from Client. 1) Ensure you have a private key that is trusted by both jumpbox00 and jumpbox01. For example, jb.pem under ~/.ssh/, then run the following command: ssh-add ~/.ssh/jb.pem 2) Add the following … Continue reading Double SSH Hops example
AWS Trusted Advisor recently added a new check 'Exposed Access Key' in Security category. This to checks popular code repositories for access keys that have been exposed to the public and for irregular Amazon Elastic Compute Cloud (Amazon EC2) usage that could be the result of a compromised access key. By default Trusted Advisor run … Continue reading keyWatcher scan exposed AWS key