[OTDev] OpenSSO now secure
Andreas Maunz andreas at maunz.deFri Jun 11 10:09:34 CEST 2010
- Previous message: [OTDev] OpenSSO now secure
- Next message: [OTDev] OpenSSO now secure
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Nina, you would create a policy that contains: <Subject name="mygroupname" type="LDAPUsers" includeType="inclusive"> <AttributeValuePair> <Attribute name="Values"/> <Value>uid=mygroup,ou=groups,dc=opentox,dc=org</Value> </AttributeValuePair> Mind the "ou=groups" instead of "ou=people". Then, create the group "mygroup" and assign users to it (contact Micha for that). Best regards Andreas Nina Jeliazkova wrote on 06/11/2010 08:53 AM: > Hi Andreas, > > Could you tell how to create a policy, that allows group of users to > POST or GET ? This would be applicable to almost all top level > resources like /algorithm/{id} , etc. > > Following the example at p.12 of the deliverable D3.3. , one could > create a policy which is per user only. > > Best regards, > Nina > > Andreas Maunz wrote: >> Hi all, >> >> connections to the OpenSSO service at opensso.in-silico.ch can now be >> made secure by using SSL. >> Submit your user credentials safely and obtain a token: >> >> **************************************************************** >> am at z21:~/aa$ curl -v -k -i -d "username=amaunz&password=secret" >> https://opensso.in-silico.ch/opensso/identity/authenticate?uri=service=openldap >> >> * About to connect() to opensso.in-silico.ch port 443 (#0) >> * Trying 178.63.18.76... connected >> * Connected to opensso.in-silico.ch (178.63.18.76) port 443 (#0) >> * successfully set certificate verify locations: >> * CAfile: none >> CApath: /etc/ssl/certs >> * SSLv3, TLS handshake, Client hello (1): >> * SSLv3, TLS handshake, Server hello (2): >> * SSLv3, TLS handshake, CERT (11): >> * SSLv3, TLS handshake, Server finished (14): >> * SSLv3, TLS handshake, Client key exchange (16): >> * SSLv3, TLS change cipher, Client hello (1): >> * SSLv3, TLS handshake, Finished (20): >> * SSLv3, TLS change cipher, Client hello (1): >> * SSLv3, TLS handshake, Finished (20): >> * SSL connection using AES256-SHA >> * Server certificate: >> * subject: C=CH; ST=Some-State; L=Basel; O=in silico toxicology; >> CN=Christoph Helma; emailAddress=helma at in-silico.ch >> * start date: 2010-06-09 16:38:59 GMT >> * expire date: 2020-06-06 16:38:59 GMT >> * common name: Christoph Helma (does not match >> 'opensso.in-silico.ch') >> * issuer: C=CH; ST=Some-State; L=Basel; O=in silico toxicology; >> CN=Christoph Helma; emailAddress=helma at in-silico.ch >> * SSL certificate verify result: self signed certificate (18), >> continuing anyway. >>> POST /opensso/identity/authenticate?uri=service=openldap HTTP/1.1 >>> User-Agent: curl/7.19.7 (i486-pc-linux-gnu) libcurl/7.19.7 >>> OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15 >>> Host: opensso.in-silico.ch >>> Accept: */* >>> Content-Length: 32 >>> Content-Type: application/x-www-form-urlencoded >>> >> < HTTP/1.1 200 OK >> HTTP/1.1 200 OK >> < Server: nginx/0.6.32 >> Server: nginx/0.6.32 >> < Date: Thu, 10 Jun 2010 08:12:27 GMT >> Date: Thu, 10 Jun 2010 08:12:27 GMT >> < Content-Type: text/plain;charset=UTF-8 >> Content-Type: text/plain;charset=UTF-8 >> < Connection: keep-alive >> Connection: keep-alive >> < Content-Length: 72 >> Content-Length: 72 >> >> < >> token.id=AQIC5wM2LY4SfcyyY3V7C7qD1FD2ZoktJHsYKEKE8g+wXys=@AAJTSQACMDE=# >> * Connection #0 to host opensso.in-silico.ch left intact >> * Closing connection #0 >> * SSLv3, TLS alert, Client hello (1): >> **************************************************************** >> >> As you can see, a special switch (-k) is still required to allow >> connections using the self-signed certificate from Christoph. We might >> improve on this by using a free certificate from startssl.com, which >> clients trust. >> >> Moreover, connections without SSL still work as usual. >> >> Greetings >> Andreas >> > -- http://www.maunz.de According to my calculations the problem doesn't exist.
- Previous message: [OTDev] OpenSSO now secure
- Next message: [OTDev] OpenSSO now secure
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Development mailing list