SP-initiated vs IDP-initiated SSO


A nice diagram that I found on Okta illustrates the workflow of both SP-initiated and IDP-initialed SSO. Reference: https://developer.okta.com/standards/SAML/index http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf  

Advertisements

Openssl error: SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol


If you see similar errors as below when using openssl to test a https site, it is most likely caused by the SNI that is configured in the reverse proxy or server, like Nginx. openssl s_client -connect bla.bla.com:443 CONNECTED(00000003) 51089:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.60.1/src/ssl/s23_clnt.c:618: To make it work, you need to specify the hostname in the command, … Continue reading Openssl error: SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

Double SSH Hops example


Client -ssh only--> Jumpbox00 -ssh only--> Jumpbox01 --http only-> Internal network Here is how to ssh to jumpbox01, and visit websites in internal networks from Client. 1) Ensure you have a private key that is trusted by both jumpbox00 and jumpbox01. For example, jb.pem under ~/.ssh/, then run the following command: ssh-add ~/.ssh/jb.pem  2) Add the following … Continue reading Double SSH Hops example

keyWatcher scan exposed AWS key


AWS Trusted Advisor recently added a new check 'Exposed Access Key' in Security category. This to checks popular code repositories for access keys that have been exposed to the public and for irregular Amazon Elastic Compute Cloud (Amazon EC2) usage that could be the result of a compromised access key. By default Trusted Advisor run … Continue reading keyWatcher scan exposed AWS key