Everyone can read the specs for a protocol. But real understanding often requires a real world example. I’ve been trying to understand SAML. Here’s a “real” SAML assertion, somewhat modified for public consumption. I’ll annotate:
While the Bugzilla command line tool does a lot of useful things, one feature it is missing is the ability to link a bug to an upstream bug in a remote tracker. Working with the Web UI can be slow. Martin Kozek, of FreeIPA fame, wrote a simple Python program to link them together for me using direct XML-API calls. Thanks Martin:
#!/usr/bin/python
#
# Authors:
# Martin Kosek: mkosek@redhat.com
#
# Copyright (C) 2013 Red Hat
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
import bugzilla
import sys
import xmlrpclib
URL = 'https://bugzilla.redhat.com/xmlrpc.cgi'
USER = 'user@redhat.com'
PASSWORD = 'bar'
try:
bz_id = int(sys.argv[1])
launchpad_id = int(sys.argv[2])
except Exception:
sys.exit("Usage: bz_lp_link bz_id lp_id")
proxy = bugzilla.RHBugzilla3(url=URL, user=USER, password=PASSWORD)
proxy.connect(URL)
LAUNCHPAD_TRACKER_ID = 29
try:
proxy._proxy.ExternalBugs.add_external_bug(
{'bug_ids':[bz_id],
'external_bugs': [{'ext_type_id': LAUNCHPAD_TRACKER_ID,
'ext_bz_bug_id': launchpad_id}]
})
except xmlrpclib.Fault, e:
sys.exit(e.faultString)
During the years I worked as a Web application developer, it seemed like every application had its own authentication mechanism. An application developer is thinking in terms of the domain model for their application whether it be eCommerce, Systems management, photography, or weblogs. Identity Management is a cross cutting concern, and it is hard to get right. Why, then, do so many applications have “user” tables in their databases?
Continue reading
Organizational data is held in publicly accessible directories accessed via the Lightweight Directory Access Protocol(LDAP). In general, the end applications have the ability to query via LDAP, but not update it. Up until Grizzly the OpenStack Identity management Service, Keystone, has required write access to the backing store if you wanted to be able to manage authorization from within OpenStack. This mismatch has been addressed in Havana