December » 2007 » Enterprise Lab Blog Network

Student

Found this on the German Wikipedia:

Rechtsstellung der Studenten

Angehörige der Universitäten, also Studenten, Professoren aber auch Angestellte wie z. B. die Buchdrucker, galten bis ins 19. Jahrhundert nicht als Bürger der Universitätsstadt, sondern ihrer Universität. Deshalb wurden Studenten, die etwas anstellten, von Seiten der Universität bestraft und kamen nicht in das Stadtgefängnis, sondern in den Karzer der Universität.

Aus dieser Situation ergaben sich vielfach Konflikte mit den Stadtbewohnern. Studenten waren berüchtigt für Alkoholkonsum, nächtliches Lärmen und wilde Streiche. Von der Universität wurden sie dafür vergleichsweise milde bestraft, weshalb sie bei der städtischen Bevölkerung oft unbeliebt waren, selbst wenn man an ihnen gut verdienen konnte.

Unfortunately it’s not available in English.

Porsche 944

Some time ago a friend of mine bought an old Porsche 944I on Ricardo (an online auction website for Switzerland, similar to Ebay)The car is not at all silent, but accelerates fast Also it looks cool. It has four seats, but unfortunately the seats on the back are way too small. I saw an old German advertisement, which said: “The backseats are are quite comfortable for kids”. So all in all the car is cool, but just fits for 2 adults.Also checkout the wikipedia article

Cryptography Libraries

Yesterday evening i stumbled over cryptolib. A crypto library that looks quite good and feature rich. In addition the library has bindings to a lot of different languages for example: C/C++, Python, Java, C#, Delphi,…

In the past I got some experience with OpenSSL which worked well but has almost no documentation at least for the development interface. The cryptolib has a very nice documentation as far as I can tell. It is very easy to read not the usual library gibberish that is almost as boring as sitting in a waiting room.

The library is distributed under a dual license one opensource license the Sleepycat license and a commercial license. But it is still free to be used for small and research application without a buying a license.

The documentation of the library has also some interesting information about the usage of cryptography in applications. It describes how security is used today and who this could be improved.

Shibboleth IdP and SP running in aaitest

During the past few days I have setup an IdP and an SP running in the aaitest federation of Switch. The federation is based on Shibboleth which is an implementation of SAML 1.1. Switch has nice documents about installing IdPs and SPs on various OS.

My IdP is running Shib 1.3.3 on Solaris 10 in a Tomcat only installation (instructions). For user Authentication/SSO I use CAS2 with esup (instructions) and Windoze 2003R2 with AD. CAS is the Central Authentication System originally developed at the Yale University.

The SP runs on Ubuntu 7.10 with Apache 2.2 and the shibboleth SP that comes with Ubuntu (some of here). Both Server have their own certificate signed by the aaitest CA.

If you’re located in the intranet, you can reach the Service Provider here. On the WAYF choose “HSLU EL Test IdP” and use bilbo/bilbo to login. If it doesn’t work, I’m probably “fixing” things.

An eye for an eye (IdP)

My first approach was to just get a wildcard cert (*.el.hta.fhz.ch), so I could use the same on every host. This was a bad idea! Apparently, this is not supported by Shibboleths SAML-Library, at least according to this message. I found other hints that this star-certs can lead to problems with programs which evaluate certificates. So, this was a no go and I requested two certs, one for each server. And magically, the problems began to disappear or at least leave a *useful* log message.

Next I encountered a nice exception:
javax.servlet.ServletException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] ...
Damn! Deeper in the stacktrace it became evident that tomcat had a problem with verifying the certificate of my cas server (in this case himself). To resolve this I just had to make tomcat use a truststore containing the aaitest certificate (truststore.jks used by the Shib IdP is just fine). I did this by adding the following right below the comments of $TOMCAT_HOME/bin/catalina.sh (see also here under CAS):
CATALINA_OPTS="-Djavax.net.ssl.trustStore= /etc/tomcat/truststore.jks -Djavax.net.ssl.trustStorePassword=changeit"

Strong progress, now I already received a Shibboleth error page : org.opensaml.SAMLException: Invalid assertion consumer service URL
This exception was caused by crap metadata about my SP I hacked into metadata.aaitest.xml because I thought it was necessary. Just don’t enter metadata about your SP on your own, use the AAI Resource Registry instead. I deleted this erroneous entry and inserted an entry into the IdPs ARP (Attribute Release Policy) to release attributes to AnyTarget.

At the topic of Metadata: I already figured that the metadata for IdP could be important and hacked it in early enough (before I got an exception for not doing it; if you didn’t you may receive something like “Unauthorized Identity Provider”). I copied the entry of some aai-test IdP and changed some fields, hostnames and keynames. The proper way to do this would be to use the AAI resource registry.

A tooth for a tooth (SP)

The SP was much simpler to setup, at least on Linux (even compiling the whole shit has been a walk in the park). On Ubuntu Server, you don’t even need to do this compiling thingy, just aptitude install libapache2-mod-shib and you are done. Internet2 also provided RPMs and other package formats (look here).

After the SP was installed, the configuration part had to be done. I followed another nice Switch HOWTO, which also explains how you’d have to compile the SP. If you don’t follow the complete guide (e.g. because you skip the compiling part), pay attention to the various paths inside the config files.

So far, I didn’t have success on Solaris 10, but I only tried with the packages provided for Solaris 8 by the shib-guys. I think I had some missmatch with compiler/compiled against versions. At least the apache thread exited with SIGSEGV or something, every single time I requested a shib-protected page.

Change of Multiple Files

Today needed to change the namespace of my project. Since this would lead to go through all the sourcefiles and change the namespace I was looking for a tool that helps me with this. After a few search request I found in the beginning only windows tools. Then I found a python script that helped in the ActiveState Python Cookbook.

I made some small changes to the script to get it easier to use.

use of getopt to get the command line parameters.
added ignore regex to specify files/directories that should be ignored
changed the use of the regex for the files. now match is used instead of search

The script can be found here

An example how to to use the script you find here.

An other way to solve this problem would be using a full featured development environment. But since the project was setup with vim this was not an option.

Netbeans 6.0 Final Release

What a birthday present SUN gave me Netbeans 6.0 has been released tonight. So switching to the brand new stable IDE should now be done. Learn more about the new features here. Happy Coding!

Learning Java Enterprise @HSLU

The Lab Exercise of the Bachelor module Enterprise Application reached the second Milestone. It’s a JEE5 application with typical web shop requirements. The shop sales mp3 song files payable by credit card. Milestone 2 includes JAX-WS, JMS, stateful and staeless Beans, Message Driven Beans, and of course the EJB3 persistent Framework which uses 1 (read only) DB hosting the songs and song metadata, and another DB hosting the client and sales data. The credit card check is implemented as a web service running on a dedicated server in the Enterprise Lab. The application does not yet include any sophisticated security. This topic will be addressed in milestone 3. Container based (declarative) Security and other security tools such as access manager will be included in the application.

I’m very pleased by the progress an the interest produced by the students and pretty sure the the way we follow by teaching Enterprise Application Technologies has a bright future. First time the Industry can count on the Education Institutes (I mean we) to get graduates with in depth knowledge about Enterprise Architectures (Thanks to Prof. Joerg Hofstetter) and Enterprise Application Technologies. Stay tuned and read more about final Bachelor works. We got some very interesting JEE5 and some nice Unix applications. Same station, same time….

Login or Sign-up
Recently Active Blogs
- HOLZZER
  Designmöbel im Einklang mit der Natur
- Enterprise Lab
  Presenting the EL to the world
- Philip's Blog
  perhaps wayne cares
- Antoine Hauck's blog
  blog.antoine.li
- Bruno's blog
  Not just another blog, a blog about the HSLU Enterprise Lab
- little bit
  über Hardware, Software und Kommunikation
- D3S: Distributed Secure Software Systems
  Bei unserem Kernthema „eProcess“ geht es um die Konzipierung und den Bau sicherer Softwaresysteme für die Prozessautomatisierung über Firmen- und Organisationsgrenzen hinweg unter Einbezug der Endkunden via Web-Portale.
- Stefan Rothenbuehlers blog
  Blogging about my experiences with Enterprise Lab and as my SUN Campus Ambassador position at SUN Microsystems
- Chrigu's blog
  Life, the Universe, and Everything.
- Marcel's blog
  Can anybody tell me why I'm doing this?
- Michael Ingold's Blog
  Not just another blog.enterpriselab.ch site
- tdmarti's IT trip
  experience during my journey as a HSLU T&A employee
- Marfurt's Blog
  SharePoint
Blogs