Friday, August 26, 2016

OAM - Apache Server - WebGate - https failing back to http instead of https

If you encounter this issue , you will have set the correct secure HTTP headers

If it is not possible to make modifications to the reverse proxy then it is possible to configure OAM to pass the required SSL headers as well.  To ensure that the WebGate checks SSL on a reverse proxy server do the following:
  1. Go to Access System Console -> Access System Configuration -> Access Gate configuration and modify the accessgate.
  2. Add a ProxySSLHeaderVar entry to the "User Defined Parameters" section at the bottom of the form. The value of the proxySSLHeaderVar parameter defines the name of the header variable the proxy must set. The value of the header variable must be "ssl" or "nonssl". For example:

    ProxySSLHeaderVar:IS_SSL
  3. In the loadbalancer, add an HTTP custom header variable that contains the name specified above and set its value to “ssl”.

Friday, August 12, 2016

OAM - Failover URL, Primary/Secondary, Chained Authentication

In this post, I will talk about the different strategies to configure the failover URL for authentication in case the primary mode of authentication fails.
This also allows you to configure a kind of chained authentication.

1) Failure URL: Via the Application Domain through the authentication policies
The standard way to redirect to a particular URL on authentication or authorization failure is to set the Failure URL value in the Application Domain Protected Resource Policy for authentication (or authorization).


2) Custom Plugin: Via the Authentication Module-> Steps-> Oechestration-> Authentication Plugin -> Java Code.

In Authentication policy with LDAPScheme you have to configure the Failure URL to point to a static JSP/HTML page/URL.
Make sure this is the absolute full address eg. http://server/index.htm.
That static HTML page/URL should be protected with another authentication policy that is configured for BasicScheme authentication.

When you attempt to access the protected page (protected by the Authentication Policy with LDAPScheme), you will get a login page. Provide incorrect username/password. Then you are redirected to failure URL. As this failure URL is protected with BasicScheme you will get a dialogbox to provide credentials. Once you provide correct credentials you will have valid ObSSOCookie set and could access to this resource.

i) In case a single Failure Redirect URL to all resources protected by the authentication scheme, but there is a requirement to redirect only for specific cases
ii) Dynamic URL

------------------------------Custom Code--------------------------------
pluginStatus = ExecutionStatus.PAUSE;

  final RedirectionContextData redirectionData = new RedirectionContextData(
  redirectURL, RedirectionMetaData.URL);

  String queryString = "queryParam1=test1;queryParam2=test2";
  final RedirectionContextData queryStringData = new RedirectionContextData(
  queryString, RedirectionMetaData.QUERY_STRING);

  RedirectionActionContext redirectionContext = new RedirectionActionContext();
  redirectionContext.getContextData().add(redirectionData);
  redirectionContext.getContextData().add(queryStringData);
  RedirectionAction action = new RedirectionAction(redirectionContext);
  pluginStatus.setAction(action);
 
  return pluginStatus;
  ------------------------------------------------------------------------------

 Redirection is made to happen within the custom authentication plug-in code using a RedirectionActionContext(API) object.

 Note that the plugin ExecutionStatus must be set appropriately. If ExecutionStatus.FAILURE is set the redirection will not occur because this status is used to indicate that the authentication attempt has failed. As a result the OAM Server will take over and attempt to re-authenticate the user once again i.e. user will be presented with the login page again.

--------------------------------------------------------------------------------------------------------------------




Authentication Scheme: scheme1 with auth level 2 : primary authentication
Authentication Scheme: scheme2 with auth level 5 : secondary authentication


Application Domain: AppDom1 : protect http://server/index.htm : Auth Scheme : scheme1 : Failure URL : http://server/authfail.htm
Application Domain: AppDom2 : protect http://server/authfail.htm :  Auth Scheme : scheme2 : Failure URL : http://server/authfail_2.htm (no need)



Tuesday, August 2, 2016

Most Used Unix Commands

This post is slightly different from other posts as here I will list down some of the most used unix commands working on all the different aspects.

------------------------------network related-----------------------------------
ping ip-address
nc -v ip-address port
telnet ip-address port
nslookup hostname
tracert hostname
-------------------------------------------------------------------------------------
ifconfig -a
ifconfig eth0 up
ifconfig eth0 down

----------------------list files------------------------------------------
ls
ls -ltr
ls -larth
--------------------create file----------------------------------------
touch filename

------------------empty the contents of the log file----------------------------
cat /dev/null > /var/log/unused.log




----------------------------network file--------------------------------------
vi /etc/resolv-conf

search DOMAIN-NAME.COM
--------------------------------------service command--------------------------------------
Service command is used to run the system V init scripts. i.e Instead of calling the scripts located in the /etc/init.d/ directory with their full path, you can use the service command.

service ssh status
service --status-all
service ssh restart

service iptables status
----------------------------------------Mount ------------------------------------------------------
mount -t nfs <SERVERNAME>:/SERVER_PATH /LOCAL-PATH

-------------etc/fstab example----------------------------------------

/etc/fstab

SERVER-NAME:/SERVER-PATH /LOCAL-MACHINE-PATH    nfs    vers=3,proto=tcp,hard,intr,timeo=600,wsize=65536,rsize=65536

chown -R oracle:oracle /LOCAL-DIR-PATH/
chown user:group filename
chmod -R 775 /LOCAL-DIR-PATH/

----------copy a folder recursively--------------------------------------
cp -R folder1 folder2
Copy file1 to file2 preserving the mode, ownership and timestamp.

$ cp -p file1 file2

--------------tar gz a folder-----------------------------------------------

cd /u01
tar -zcvf app.tar.gz app
tar -zxvc app.tar.gz

---------------------------remove a folder and contents------------------------
rm -rf folder
rm file

------------search for a pattern inside a file------------------------------

grep -R pattern filename
grep  1024 . -R


-----------find file--------------------------------------------------------
locate filename
find . -name filename

-----------------------to set the hostname correctly----------------------------
vi /etc/hostname
vi /etc/hosts

--------------------------search for the processes--------------------------

ps -ef | grep java
ps -efH | more (hierarchy)
kill -9 process-id

--------------------------network related- update the network information----------------

cd /etc/sysconfig/networkscripts
vi ifcfg-eth0

ifup eth0
ifdown eth0

-----------------------------------set the default domain to search-----------------------

vi /etc/resolv-conf

search DOMAINNAME.COM

-------------------iptables--------------------------------------------------------------
service iptables status
service iptables stop
service iptables start


----------------find files more than 200 mb----------------------------------------
cd /apps/Oracle
find . -type f -size +200000k -exec ls -lh {} \; | awk '{ print $9 ": " $5 }'

------------find files more than 5 days old and remove----------------------

find . -mtime +5 -name *.log

find . -mtime +5 -name *.log -exec rm -f {} \;

-------------------------------------disk space--------------------------
df -T
df -h
df -ah
df -kh (KB)
df -mh (GB)

-------------------superuser---------------------------------------------
su
sudo su

su - USERNAME
sudo command

-----------------memory related----------------------------------------
top
free/Free
msptat
sar
vmstat
lsof
tcpdump -i eth0
netstat -a | more
netstat -an | grep port-number (to see if the port is open and listening)
htop
iotop
iostat
IPTraf

--------------------less---------------------------------------------------
less filename
g firstline
G lastline
/text forward-search
?text backward-search
n next search match
N previous search match
spacebar nextpage
b previous page
arrows for navigation
<n> G go to line number

----------------Environment edits------------------------------------------
vi ~/.bashrc
vi ~/.bash_profile

--------------Set Environment variables--------------------------------------
export JAVA_HOME=/usr/java/jdk1.8
export PATH=$JAVA_HOME/bin:$PATH


---------------------find the difference between 2 files----------------------------
diff file1 file2

----------------------disk usage------------------------------------------------------
go to the folder and issue
du -kh
du -mh
--------------------------------------------------------------------------------------------------

----------------------------download file from internet----------------------------------
wget http://server/file.gz
--------------------------------------------------------------------- 



------------------YUM and RPM---------------------------------------

rpm -ivh
rpm -uvh
rpm -ev


yum install httpd
yum update httpd
yum delete httpd

-------------------------------------------------------------------------------------------------
Print N number of lines from the file named filename.txt

$ tail -n N filename.txt
--------------------------------------------------------------------------------------------------

---------which & whereis--------------------------------------
whereis zip
which zip
--------------------------------------------------------------------

Uname command displays important information about the system such as — Kernel name, Host name, Kernel release number,
Processor type, etc.,

uname -a

-----------------------password related-----------------------------------------------------------

change your password from command line using passwd. This will prompt for the old password followed by the new password.

$ passwd

Super user can use passwd command to reset others password. This will not prompt for current password of the user.

# passwd USERNAME

Remove password for a specific user. Root user can disable password for a specific user. Once the password is disabled, the user can login without entering the password.

# passwd -d USERNAME

---------------------------------------------------------------------------------------------------------

Give full access to user and group (i.e read, write and execute ) on a specific file.

$ chmod ug+rwx file.txt
Revoke all access for the group (i.e read, write and execute ) on a specific file.

$ chmod g-rwx file.txt

Apply the file permissions recursively to all the files in the sub-directories.

$ chmod -R ug+rwx file.txt
-------------------------------------------------------------------------------------------------------------
free command is used to display the free, used, swap memory available in the system

free
free -g (gb)
free -t (swap)

---------------------------------------------------------------------------------------------------------------
Machine restart shut
init 0
init 6
shutdown -h now (Shutdown the system and turn the power off immediately)
shutdown -r now (Reboot the system using shutdown command) 
 
-------------------------Unzip
unzip file.zip
unzip -l file.zip (to view the contents only )

--------------------------------------------------------------------------- 


------------------------------------------------gzip -----------------------------------------------------------------
gzip file.txt (To create a *.gz compressed file)
gzip -d file.gz (To uncompress a *.gz file)

-------------------------------------------------------------------------------------------------------------------

grep -r "Error" * (Search for a given string in all files recursively)
grep -i "Exception" demo_file (Search for a given string in a file (case in-sensitive search))
find ~ -empty (Find all empty files in home directory)
find -iname "MyCProgram.c" -exec md5sum {} \; (Execute commands on files found by the find command)

--------------run a command forever------------------------------------------------------------------

watch -n5 "telnet host port" (watch command will repeat a command forever with an interval specified)
every 5 seconds
------------------------------------------------------------------------------------------------------------------------

remote working

ssh username@machinename

scp username@machinename:/dir/filename username@machinename:/dir/filename


----------------------------------------------------------------------------------------------------------------------

Also if you used a command once and then want to re-issue again without trying to remember the whole command just search the history


history | grep tail
history | grep telnet
history | grep ping


---------------------------------------------------------------------------------------------------------------------

Formatting

mount | column –t


cat /etc/passwd | column -t -s

Repeat a Command Until It Runs Successfully

while true

Sort Processes by Memory Usage

ps aux | sort -rnk 4

Sort Processes by CPU Usage


ps aux | sort -nk 3

Watch Multiple Log Files at the Same Time

use multitail

Monitor Command Output at Regular Intervals

watch df -h

-------------------------------------------------------------------------------------------

Sudo requires that you type your own password. (The purpose is to limit the damage if you leave your keyboard unattended and unlocked, and also to ensure that you really wish to run that command and it wasn't e.g. a typo.) It is often configured to not ask again for a few minutes so you can run several sudo commands in succession.

$ sudo -i
# command 1
# command 2
...
# exit

Instead of sudo -i, you can use sudo -s. The difference is that -i reinitializes the environment to sane defaults, whereas -s uses your configuration files for better or for worse.

su

The su command exists on most unix-like systems. It lets you run a command as another user, provided you know that user's password. When run with no user specified, su will default to the root account.

su -c 'service apache restart'

$ su
# command 1
# command 2
...
# exit