ManageEngine Password Manager Pro Parameter Error

If you start getting an error like this, you need to update the SSL certificate on your SAML server ;) It’ll show up in $installdir\logs\security-log-0.txt. [10:52:00:698]|[06-18-2020]|[com.adventnet.iam.security.URLRule]|[WARNING]|[77]: Extra parameter found: the parameter Map : {[SigAlg = http://www.w3.org/2000/09/xmldsig#rsa-sha1][Signature = Tn+28vsQB9fXiL2SwGShT4gGwyNhDUbWWLPM1SZjc/K2M6xuwAS+zEL8fdDU9/XzAVvnRhrK4SRDitCWjCBwAUMiHLYONjMz6jNRs5HqjwFUCEk8slFlvup0oER2vq4w5BfbXBt7VKku85xOWqu7gHHAr9Xkhtlx8i/Xdmw0S4r/66V+bMHHKUm3dc/bJ/dEF8KOFdseSwNF2gDhiTX2iMyhIsrZeifjp5O/WpJJdi80WbX50kQrkGOJa17Pbvi9o9yoFBLtHDvyp2AfUXghW6kuA8d0unvBmo5dqr8kwTkungs/+IExBHbGIP8M/gKvAcUKgleP/99jXUxjct6GCw==]} for the URI : (/STATE_ID/[0-9]+)?/saml2| [Read More]

Drone CI and 'Github Pages Promoted Build xxxx' causing failed builds

I enabled Github Pages on Dewar last night and it started triggering these weird failing builds in Drone CI. After much searching I finally found a thread on the Drone CI Discourse “GitHub Pages triggering builds incorrectly” - turns out it’s a weird deploy hook thing. Adding the “trigger” block to my .drone.yml fixed it (block snipped from the larger file): kind: pipeline type: docker name: dewar trigger: event: exclude: [ promote ] steps: - name: pytest Quote from @bradrydzewski on the Discourse: [Read More]

Proxmox VE and Management on IPv6

I try to run IPv6 all the things, these days. It makes connectivity from the outside world (when needed) much easier; once DNS is set up, who needs to connect via IP address anyway? I knew connectivity worked because I could ssh to the IPv6 address, but pveproxy was being a pain (as usual). Turns out, it looks at /etc/hosts for the hostname on startup, to figure out where to bind to. [Read More]

Splunk, SAML, and ADFS: failed to parse issuer

Trying to get Splunk doing SAML auth against ADFS today. Was getting this error in splunkd.log. 05-15-2020 00:43:39.673 +0000 ERROR Saml - Failed to parse issuer. Could not evaluate xpath expression /samlp:Response/samlp:Status/samlp:StatusMessage or no matching nodes found. No value found in SamlResponse for key=/samlp:Response/samlp:Status/samlp:StatusMessageCould not evaluate xpath expression /samlp:Response/samlp:Status/samlp:StatusDetail/Cause or no matching nodes found. No value found in SamlResponse for key=/samlp:Response/samlp:Status/samlp:StatusDetail/CauseCould not evaluate xpath expression //saml:Assertion/saml:Issuer or no matching nodes found. [Read More]

Getting the TOTP Key From the Guacamole Database

Guac’s great, but there’s no interface for changing the TOTP key once it’s set for a user. I’m using docker-compose to build this, so your method might be different. Connect to postgresql: psql guacamole postgres To make sure you’re in the right db, type \dt and hit enter, it should show you a bunch of tables starting with guacamole_. This is the query, copypasta should do it. select entity.name, uid. [Read More]

Hexagonal Architecture in Netflix

This post on the Netflix Tech Blog about rebuilding one oftheir applications using Hexagonal Architecture patterns was a fascinating read. I’d never argue for every project to have a big universal interfacing method or connectors everywhere, but at some point you realise your platform needs it. The idea of Hexagonal Architecture is to put inputs and outputs at the edges of our design. Business logic should not depend on whether we expose a REST or a GraphQL API, and it should not depend on where we get data from — a database, a microservice API exposed via gRPC or REST, or just a simple CSV file. [Read More]

SK6812 LEDs, Tasmota and Home Assistant

Installing the requirements should be easy, just run: $ pip3 install --user platformio Truncated output should look like this: Looking in indexes: https://pypi.org/simple, https://www.piwheels.org/simple Collecting platformio Downloading https://files.pythonhosted.org/packages/15/58/49a7134412731bd585f996d9c69e70f7eff0bacf795a7a55524dadf412cd/platformio-4.3.1.tar.gz (169kB) 100% |████████████████████████████████| 174kB 1.2MB/s <snip> Successfully built platformio Installing collected packages: bottle, marshmallow, pyelftools, semantic-version, tabulate, platformio Successfully installed bottle-0.12.18 marshmallow-3.5.1 platformio-4.3.1 pyelftools-0.26 semantic-version-2.8.4 tabulate-0.8.7 To set up the drivers to use the SK6812 properly, there’s a few configuration changes that need to be done. [Read More]

The Strangler, a method for migrating away from legacy systems

That’s a new name for it.. the Strangler. Putting a smart load balancer between clients and your legacy application can help with migrations. You no longer need to get the new system up to feature parity for clients to start using it! Instead, new features get routed to the new server, while old ones stay with the legacy system. When you do have time or a business reason to replace an existing feature the release is nothing more than a config change. [Read More]

OPNsense to Mikrotik IPsec VPN

I needed a VPN from one house to another for running the Ubiquiti Unifi AP’s I’m setting up at RMB’s house… I used to have mikrotik’s at each end so that was a fairly simple setup. This time it was from Mikrotik at one end to OPNsense at the other. IPSEC is … fun sometimes. Here’s a diagram of the layout. A /16 at each house, connected over the internet. [Read More]

Marketing and Corporations, Always Ruining Society

The Woman Shaking up the Diamond Industry, a recent article in the New Yorker, reminds me of how terribly broken our society is due to corporate greed. Talking about N. W. Ayer & Son, the company that De Beers hired to make diamonds more alluring to the market in the United States: One Ayer copywriter, Frances Gerety, recalled that women formerly wanted their future husbands to spend money on “a washing machine, or a new car, anything but an engagement ring,” which was considered “money down the drain. [Read More]