wrong branch? git: move changes to the right branch

Working on the wrong branch ? (e.g. master)
do:

git stash
git checkout rightbranch
git stash apply

update alternatives config java - install remove and set java_home and jre_home

sudo mv /opt/jdk1.8.0_91/ /usr/lib/jvm/
cd /usr/lib/jvm/
ls /usr/lib/jvm/

HOW TO INSTALL

sudo update-alternatives --install "/usr/bin/java" "java" "/usr/lib/jvm/jdk1.8.0_91/bin/java" 1
sudo update-alternatives --install "/usr/bin/javac" "javac" "/usr/lib/jvm/jdk1.8.0_91/bin/javac" 1
sudo update-alternatives --install "/usr/bin/javaws" "javaws" "/usr/lib/jvm/jdk1.8.0_91/bin/javaws" 1
sudo update-alternatives --install "/usr/bin/jar" "jar" "/usr/lib/jvm/jdk1.8.0_91/bin/jar" 1
sudo chown -R root:root /usr/lib/jvm/jdk1.8.0_91/
sudo update-alternatives --config java

HOW TO REMOVE

sudo update-alternatives --remove java /opt/jdk1.8.0_91/
sudo update-alternatives --config java


export JAVA_HOME=/usr/lib/jvm/jdk1.8.0_91
export JRE_HOME=/usr/lib/jvm/jdk1.8.0_91/jre

git: riallineare il fork con l'upstream

                                                   
                            (origin)                                (upstream)
                                |                                        |
                                |                                        |
                                ---->                            <----
                                                  local


1) dal fork: fetch upstream (porta in locale le modifiche di apache/syncope)
2) rebase -i upstream/master    (ribasa i commit di apache/syncope)
3) push -f                (pusha le modifiche nell'upstream.    se esiste un nuovo branch bisogna pushare il branch

update alternatives

e.g. how to add and choose a different java version :

1) download jdk1.7,
3) copy with scp jdk1.7 in /usr/local/dev/packages, unpack it in /opt/, install and pick the right version:
:~$ sudo update-alternatives --install /usr/bin/java java /opt/jdk1.7.0_79/bin/ 1
:~$ sudo update-alternatives --config java
3) set $JAVA_HOME

PARTIAL LOADER

The Partial Loader extends the Static Files Loader to a [part] parameter. This parameter can be set manually, when certain parts of the application are loaded, e.g., a module or a controller. Additionally to the [lang] parameter, this value can be included in the request url. During configuration, the Partial Loader takes a url template. This template will be directly passed to the server, when the language is set or changed

ANGULAR TRANSLATE ASYNCHRONOUS LOADING OF PARTIAL LANGUAGE FILES

1. directory structure

        languages/
            it/
                static.json
                dynamic.json
            en/  
                static.json
                dynamic.json


2. dependencies:  <script src="../webjars/angular-translate-loader-partial/${angular-translate-loader-partial.version}/angular-translate-loader-partial.js"></script>



3. configuration: applying a template url path. (Now that we know how our data is structured, we can configure $translateProvider to use the partial loader with this pattern).
        Everything to do is to add in app.js:

        app.config(['$stateProvider', '$urlRouterProvider', '$httpProvider', '$translateProvider', '$translatePartialLoaderProvider',
          function ($stateProvider, $urlRouterProvider, $httpProvider, $translateProvider, $translatePartialLoaderProvider) {

            $translatePartialLoaderProvider.addPart('static');
            $translatePartialLoaderProvider.addPart('dynamic');
            $translateProvider.useLoader('$translatePartialLoader', {
              urlTemplate: 'languages/{lang}/{part}.json'
            })
                .preferredLanguage('en');

----------------

U can find a good demo here.
And other infos here:

https://angular-translate.github.io/docs/#/guide/12_asynchronous-loading 




https://technpol.wordpress.com/2013/11/02/adding-translation-using-angular-translate-to-an-angularjs-app/

https://github.com/angular-translate/angular-translate/issues/399

Firefox cache issue

Per motivi di cache il login di browser diversi da errore, ricorda le chiamate precedenti e non permette l'accesso se non si ripulisce prima la cache.

La soluzione consiste nel forzare la pulizia della cache, o meglio disabilitare la cache ad ogni chiamata get.

In angular è possibile risolvere questo problema in 2 modi:

1. per chrome e ie indicando in maniera globale che venga disabilitata la cache, nel provider:

    //disable IE ajax request caching
    $httpProvider.defaults.headers.get['If-Modified-Since'] = 'Mon, 26 Jul 1997 05:00:00 GMT';
    // extra
    $httpProvider.defaults.headers.get['Cache-Control'] = 'no-cache';
    $httpProvider.defaults.headers.get['Pragma'] = 'no-cache';



Per firefox fare in modo che ogni chiamata get sia diversa, tramite un'interception:


    $httpProvider.interceptors.push('noCacheInterceptor',function () {
            return {
                request: function (config) {
                    console.log(config.method);
                    console.log(config.url);
                    if(config.method=='GET'){
                        var separator = config.url.indexOf('?') === -1 ? '?' : '&';
                        config.url = config.url+separator+'noCache=' + new Date().getTime();
                    }
                    console.log(config.method);
                    console.log(config.url);
                    return config;
               }
           };
    });

SSO: Oh no, a redirect loop!

In my previous example there are some bits that could go wrong and essentually result in a redirect loop. A redirect loop 90+% of the time happens because of cookies and domains – i.e. misconfiguration. So what happens is that OpenAM creates the cookie for its domain, but when the user is redirected back to the application, the app/agent won’t be able to find the cookie in the incoming request, but authentication is still required, so it redirects back to OpenAM again. But wait, AM already has a valid session cookie on its domain, no need for authentication, let’s redirect back to the app, and this goes on and on and on. The most common reasons for redirect loops:

• The cookie domain for OpenAM does not match at all with the protected application.
• The cookie domain is set to sso.example.com, instead of example.com, and hence the cookie is not available at foo.example.com .
• The cookie is using Secure flag on the AM side, but the protected application is listening on HTTP.
• Due to some customization possibly, the AM cookie has a path “/openam” instead of the default “/”, so even if the cookie domain is matching the path won’t match at the application.
• You run into one of the previously listed IE quirks.
• Your cookie domain for OpenAM isn’t actually an FQDN.

So how does OpenAM deal with applications running in different domains? The answer is CDSSO (Cross Domain Single Sign-On). But let’s discuss that one in the next blog post instead. Hopefully this post will give people a good understanding of the very basic SSO concepts, and in future posts we can dive into the more complicated use-cases.

Openan: Authentication LDAP Module: creation and configuration via command line

./ssoadm list-auth-instances -e / -u amadmin -f /tmp/pwd.txt



./ssoadm create-auth-instance \
 -e / -m LDAPQuercia          \
 -t LDAP -u amadmin -f        \
 /tmp/pwd.txt



./ssoadm update-auth-instance   \
 -e / -m LDAPQuercia            \
 -u amadmin -f /tmp/pwd.txt     \
 --datafile ~/OpenAMstuff/datafile



where datafile is:



iplanet-am-auth-ldap-ssl-enabled=false
iplanet-am-auth-ldap-return-user-dn=true
iplanet-am-auth-ldap-base-dn=o=client,dc=ericsson,dc=org
iplanet-am-auth-ldap-server=am01.tirasa.net:1389
iplanet-am-auth-ldap-user-naming-attribute=uid
iplanet-am-auth-ldap-auth-level=0
iplanet-am-auth-ldap-bind-passwd=password
iplanet-am-auth-ldap-ssl-trust-all=false
iplanet-am-auth-ldap-user-search-attributes=uid
iplanet-am-auth-ldap-behera-password-policy-enabled=false
iplanet-am-auth-ldap-bind-dn=cn=openam,dc=ericsson,dc=com




login to module:

http://mat.workstation.net:6080/openam/XUI/#login?module=LDAPQuercia

Installing OpenAM via command line

How to install openam via command line

1) Create openamConfigTools dir and openamAdminTools,  unzip OpenAM-12.0.0.zip and unzip SSOConfiguratorTools-12.0.0.zip and SSOAdminTools-12.0.0.zip in the directories just created.

2) cd openamConfigTools and create config.properties file:

----------------------------------------------
SERVER_URL=http://mat.example.net:6080
DEPLOYMENT_URI=/openam
BASE_DIR=/home/matteo/openam-test
locale=en_US
PLATFORM_LOCALE=en_US
AM_ENC_KEY=
ADMIN_PWD=password
AMLDAPUSERPASSWD=secret12
COOKIE_DOMAIN=.example.net
ACCEPT_LICENSES=true

DATA_STORE=embedded
DIRECTORY_SSL=SIMPLE
DIRECTORY_SERVER=mat.example.net
DIRECTORY_PORT=50389
DIRECTORY_ADMIN_PORT=4444
DIRECTORY_JMX_PORT=1389
ROOT_SUFFIX=dc=example,dc=net
DS_DIRMGRDN=cn=Directory Manager
DS_DIRMGRPASSWD=password

----------------------------------------------

3) Deploy openam

4) run the jar:

    java -jar openam-configurator-tool-12.0.0.jar --file config.properties

Setup OpenDj and replication

on both machines:  

./setup -i -n -b "dc=example,dc=com"\

 -h localhost -p 1389 \
  --adminConnectorPort 4444 \

 -D "cn=Directory Manager" \ 

 -w "secret12" -q -Z 1636 \
 --generateSelfSignedCertificate

on am1:

 ./dsreplication enable --host1 cfg1.example.net \

 --port1 4446  --bindDN1 "cn=directory manager" \

 --bindPassword1 password --replicationPort1 8991 \

 --host2 cfg2.example.net --port2 4446 \

 --bindDN2 "cn=directory manager" \

 --bindPassword2 password \

 --replicationPort2 8991 \

 --adminUID admin \

 --adminPassword password \

 --baseDN "dc=ericsson,dc=com" -X -n


 ./dsreplication initialize --baseDN "dc=example,dc=com" \

 --adminUID admin --adminPassword password  \

 --hostSource ctsdj01.tirasa.net \

 --portSource 4446 \

 --hostDestination cfg2.example.net \ 

 --portDestination 4446 -X -n --trustAll --no-prompt


on am2:
./dsreplication initialize --baseDN "dc=example,dc=com" \

--adminUID admin --adminPassword password \

--hostSource cfg2.example.net \

--portSource 4446  \

--hostDestination cfg1.example.net \

--portDestination 4446 -X -n

Openam - create and configure authentication module

cp oauth.jar /opt/tomcat/webapps/openam/WEB-INF/lib/

cp amAuth.properties /opt/tomcat/webapps/openam/WEB-INF/classes/
cp Auth.xml /opt/tomcat/webapps/openam/config/auth/default/
vi /tmp/pwd.txt
>    secret12
chmod 400 /tmp/pwd.txt
chown user /tmp/pwd.txt

./ssoadm create-svc -u amadmin -f /tmp/pwd.txt -X /home/user/...Auth.xml

./ssoadm register-auth-module -u amadmin -f /tmp/pwd.txt -a "com.boh.authentication.modules.oauth.Auth"

Openam agents configuration

Steps:
configure agents -> install agents -> configure policies

Web agent:
Server URL: http://www.ex.net:8080/openam (where openam is deployed)
Agent URL:  http://www.ex.net:80/risorsadaprotegge

J2EE agent:
Server URL: http://www.ex.net:8080/openam (where openam is deployed)
Agent URL:  http://www.ex.net:8082