Posted
Comments None

Real Basic Description

SAML—Security Assertion Markup Language—(pronounced like camel) is an authentication system where the username, password, and info are stored/accessed on/through a centralized server (identity provider) who’s job is to be the central location for authentication. External services (service providers) configured with the identity provider send authentication requests and receive a token once a user is has authenticated. The token contains a user identifier (such as a username) and some optional user info but no passwords. The token exchange is possible because of a certificate exchange between the authentication source and the service during setup and optionally during a config sync (metadata sync). All this is done over HTTPS with a bunch of HTTP redirects that GET or POST base64 encoded XML (text).

SAML uses certificate signatures to validate communication with the option encrypting the username (principal/NameID field) or everything.

Good overview:

https://github.com/jch/saml

SAML Terms

Basic Terms

SAML – Security Assertion Markup Language. Currently on version 2.0.
Shibboleth – Implements SAML but extends it on a few things. Also a hosted provider.
ADFS – Active Directory Federated Services – Somewhat implements SAML in its own Microsofty, butchering kind of way. Kinda like AD is LDAP, sorta. Really rigid and not very configurable.
SimpleSAMLphp – A php based web service that is flexible and works with SAML, Shibboleth, ADFS, and many others. Has plugins and other useful things. Very configurable.

Actual SAML Terms

IdP – Identity Provider – This is the service/place that contains the authority on identities. So Joe Schmoe’s username and password are stored/accessed here. Identities are provided from AD, LDAP, Database, htpassword, text file, or whatever.
SP – Service Provider – This is service/place provides a “service” that does not store username and password info. The SP may store username and whatever attributes are passed via SAML. A service provider could be a content management system (CMS), learning management system (LMS), hosted software, etc. basically anything that is web based and has user profiles.
Metadata – A XML (text) file with all the info about the IdP or SP (info about the SAML service).
Principal – Basically the user or username. See NameID.
Assertions – Extra info on the user. See Attributes.

SAML XML/NItty-Gritty Terms

Entity ID – The unique identifier of the SAML server (IdP or SP). This can be a string or URL as long as it’s a unique name.
NameID – The Username or whatever identifies the user (could be an email address). This is configurable. What ever is the UNIQUE identifier for the user and is almost always the username.
NameID format – The format of the NameID.
Attributes – Extra info on a principal/NameID such as email, first and last name, display name, etc. What attributes are sent is configurable on the IdP side and what attributes are received/processed is configurable on the SP side.
AuthNRequest – A request for authentication from the SP that goes to the IdP. Only for SP initiated setups.
ACS – Assertion Consumer Service – The URL where after a successful authentication at the IdP returns data to (such as NameID and attributes) via HTTP POST, GET, or artifact.
SLS – Single Logout Service – The URL where after a logout at the IdP (weather IdP or SP initiated) the SP is notified of the logout. Also accessed via HTTP POST, GET, or artifact.
Binding – The protocol for binding, i.e. do we use GET POST or artifact to send the XML data.
SP initiated login – The SP initiates the SAML process by redirecting (sending an AuthNRequest) to the IdP for login.
IdP initiated login – The IdP initiates the SAML process by logging in the user and then redirecting to the SP. The IdP can sometimes provide a “portal” for authenticated users to select whatever SP they want to use (hyperlink to SP that in turns completes the SAML process with whatever SP is chosen).

Author
Categories ,

Posted
Comments None

NXLog

Install procedure

  1. Download MSI at:
    sourceforge.net/projects/nxlog-ce/files
  2. Install MSI
  3. Copy nxlog.conf config file to C:\Program Files (x86)\nxlog\conf\ (if on x64 Windows)
  4. Start nxlog service in Services

nxlog.conf

## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.

# x86 ONLY
#define ROOT C:\Program Files\nxlog

# x64
define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Extension syslog>
	Module	xm_syslog
</Extension>

<Input in>
	Module	im_msvistalog
	# this kinda works for me, put * to get everything
	Query	<QueryList>\
			<Query Id="0">\
				<Select Path="Application">*</Select>\
				<Select Path="System">*</Select>\
				<Select Path="Security">*</Select>\
			</Query>\
		</QueryList>
	PollInterval 0.5
	#Filter out bad characters so rsyslog does not print weird stuff
#	Exec	$raw_event = replace($raw_event, "\r\n", " ");
#	Exec	$raw_event = replace($raw_event, "\t", " ");
	Exec	$Message = replace($Message, "\r\n", " ");
	Exec	$Message = replace($Message, "\t", " ");
	Exec	to_syslog_bsd();
</Input>

<Output out>
	Module	om_udp
	# Can also use om_tcp
	# obviously put your rsyslog ip here
	Host	192.168.0.1
	Port	514
</Output>

<Route 1>
	Path	in => out
</Route>

Extra

Add Firewall Exception
Add by program

Reference:

gist.github.com/oerd/4250263
www.scip.ch/en/?labs.20141106
help.papertrailapp.com/kb/configuration/configuring-remote-syslog-from-windows
msdn.microsoft.com/en-us/library/aa385231.aspx
nxlog-ce.sourceforge.net/nxlog-docs/en/nxlog-reference-manual.pdf

Alternatives

code.google.com/p/eventlog-to-syslog
SNARE

Author
Categories ,

Posted
Comments None

Configure Postfix (OpenSuSE)

Note: Postfix seems to be installed by default on OpenSuSE.

Check if Postfix is installed

  1. YaST -> Software Management -> View -> Mail and News Server.
  2. Check Mail and New Server (Optional).
    Note: You don’t need to have the Mail and News Server pattern checked. Postfix is already installed every time I have checked.

Setup mail server

  1. YaST -> Mail Server.
  2. Sometimes will ask for Standard or Advanced. Select Standard.
  3. Connection type: Permanent – Next
  4. Outgoing mail server: (leave blank) – Next
  5. Check Accept remote SMTP connections
  6. Check Open Port in Firewall
  7. Finish

Configure trusted networks

  1. Open terminal and sudo su.
  2. Vim /etc/postfix/main.cf
  3. Find mynetworks value and update:
    Mynetworks = 192.168.0.0/16, 172.16.0.0/16, 10.0.0.0/8 (etc.)
  4. Save
  5. rcpostfix reload (or service postfix reload)
  6. rcpostfix restart

Test SMTP forwarding:

  1. telnet [server fqdn] smtp
  2. HELO [server fqdn]
  3. MAIL from: derp@gmail.com
  4. RCPT to: derp@gmail.com
  5. DATA
  6. Testing! (enter)
  7. . (just a single period) (enter)
  8. QUIT

Author
Categories ,

← Older Newer →