Fabian Lee : Software Engineer

GCP: LDAP authentication for Anthos VMware clusters using Anthos Identity Service

October 18, 2022
Categories: Hyperscaler, Kubernetes

Anthos Identity Service allows an organization to tie into their existing Identity Provider to authenticate and authorize users into their Anthos clusters. In this article, I will show how the authentication for an Anthos on VMware cluster can be integrated into an existing Active Directory deployment, and further how a user’s AD group membership can … GCP: LDAP authentication for Anthos VMware clusters using Anthos Identity Service

OAuth2: Configuring Github for OAuth2

September 12, 2022
Categories: Authentication

Github allows users or systems to access their API via OAuth2. Although this mechanism is often used on the public internet for authentication of users into a 3rd party site, note that OIDC is not implemented. In this article, I will show how to use the Spotify Dashboard to configure an Application that can support … OAuth2: Configuring Github for OAuth2

OAuth2: Configuring okta for OAuth2/OIDC

September 12, 2022
Categories: Authentication

okta is an Identity and Access Management solution that can be used to provide OAuth2 and OIDC authentication and authorization to your applications. In this article, I will show how to use the okta Dashboard to configure a hosted okta Application that can support OAuth2/OIDC. We will then use a small, local Docker image to … OAuth2: Configuring okta for OAuth2/OIDC

Kubernetes: Keycloak IAM deployed into Kubernetes cluster for OAuth2/OIDC

September 10, 2022
Categories: Authentication, Kubernetes

Keycloak is an open-source Identity and Access Management (IAM) solution that can be used to provide authentication and authorization to your enterprise applications. One of the many protocols it supports is OAuth2/OIDC. One of the easiest ways to deploy Keycloak is directly into your Kubernetes cluster, exposed securely with an NGINX Ingress. In this article, … Kubernetes: Keycloak IAM deployed into Kubernetes cluster for OAuth2/OIDC

Ansible: Login to Ubuntu with Windows Active Directory using SSSD

January 7, 2021
Categories: Automation, Linux

A centralized authentication/authorization mechanism is a key part of a security stance as well as a convenience to end users. There are multiple packages and systems to achieve this, and in this article I will focus on integrating back into Windows Active Directory using SSSD for login and group membership. When complete, you will have … Ansible: Login to Ubuntu with Windows Active Directory using SSSD

Ansible: Installing Ansible on Ubuntu 16.04

June 6, 2017
Categories: Automation, Linux

Ansible is an agentless configuration management tool that helps operations teams manage installation, patching, and command execution across a set of servers. In this article I’ll describe how to deploy the latest release of Ansible using pip on Ubuntu 16.04, and then perform a quick validation against a client.

Ansible: Managing a Windows host using Ansible

June 5, 2017
Categories: Automation, Linux

Ansible is an agentless configuration management tool that helps operations teams manage installation, patching, and command execution across a set of servers. Ansible was started as a Linux only solution, leveraging ssh to provide a management channel to a target server. However, starting at Ansible 1.7, support for Windows hosts was added by using Powershell … Ansible: Managing a Windows host using Ansible

Ansible: Installing Ansible on Ubuntu 14.04

June 4, 2017
Categories: Automation, Linux

Ansible is an agentless configuration management tool that helps operations teams manage installation, patching, and command execution across a set of servers. In this article I’ll describe how to deploy the latest release of Ansible using pip on Ubuntu 14.04, and then perform a quick validation against a client.

Apache2: Enable LDAP authentication and SSL termination for Ubuntu

February 21, 2017
Categories: DevOps, Linux

Some web applications leave authentication as an orthogonal concern to the application – not including any kind of login functionality and instead leaving authentication as an operational concern. When this happens, a reverse proxy that has an LDAP integration can act as an architectural sentry in front of the web application and also fulfills the … Apache2: Enable LDAP authentication and SSL termination for Ubuntu

PingIdentity: Disabling SSLv3 and weak ciphers for PingFederate

February 4, 2017
Categories: Linux

The PingFederate server provides best-in-class Identity Management and SSO. However, due to US laws governing export of cryptography, the default SSL protocols and cipher suites need to be configured to harden the solution. Below are the steps involved with making these post-installation changes.

EMC OnDemand: Federated Identity Management and Silent SSO

July 4, 2013
Categories: Documentum

Identity Management for On-Premise Applications Our industry today has some very proven technologies for providing a single set of login credentials to applications installed on-premise. Most commonly, companies use a central Identity Management system (e.g. Microsoft Active Directory/Oracle Internet Directory/IBM Tivoli), and these systems implement an LDAP interface that 3rd party applications can call to … EMC OnDemand: Federated Identity Management and Silent SSO