Friday, March 11, 2022
Monday, March 7, 2022
Hashing in Action
Hashing is a cryptographic concept that can be used to validate the integrity of files and store passwords.
What does it mean?
> Let's say I want to download Eclipse, the popular Java IDE
> I google and find the website from where I can download Eclipse
> But wait, how do I know that this file was not tempered and what is this SHA-512 button
> If you are here, you already know where this is going, let's look at SHA-512
> Now download the file and use OpenSSL tool to find hash of your downloaded file
> cat eclipse-inst-jre-win64.exe | openssl dgst -sha512
I have OpenSSL tool installed on my system, here are the steps:
https://iamsecurity-tips.blogspot.com/2022/03/install-openssl-on-windows-subsystem.html
https://iamsecurity-tips.blogspot.com/2022/03/install-windows-subsystem-for-linux-wsl2.html
Install OpenSSL on Windows Subsystem for Linux (WSL2)
wget https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.0.tar.gz
<Check latest version and replace everywhere>
tar -xvf libressl-3.5.0.tar.gz
cd libressl-3.5.0/
./configure
You may receive and error configure: error: no acceptable C compiler found in $PATH
sudo apt-get install -y build-essential checkinstall
sudo make
sudo make check
sudo make install
sudo ldconfig
<In new Terminal>
openssl version
Install Windows Subsystem for Linux (WSL2)
Pre-requisite: You must be running Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11
> Run powershell as administrator
> Run command:
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux
wsl --install -d Ubuntu
> Restart the system, after that find and run Ubuntu and it will ask you to set a user name and password.
sudo apt update && sudo apt upgrade
sudo apt install gedit -y
reference: Install WSL | Microsoft Docs
Tuesday, September 28, 2021
AD Provisioning Error - ERROR http-nio-8080-exec-1 sailpoint.connector.ADLDAPConnector:3871 - 1158736412 Exception occurred in handling Object Request.
More often then not, this is because IIQ machine is not able to connect to IQService.
- Check the status of IQService
- Check network
- Check firewalls
Full Stack Trace:
2021-09-28 15:10:11,539 ERROR http-nio-8080-exec-1 sailpoint.connector.ADLDAPConnector:3871 - 1158736412 Exception occurred in handling Object Request.
sailpoint.tools.GeneralException: Network is unreachable (connect failed)
at sailpoint.connector.RPCService.execute(RPCService.java:429)
at sailpoint.connector.ADLDAPConnector.handleObjectRequest(ADLDAPConnector.java:4203)
at sailpoint.connector.ADLDAPConnector.provision(ADLDAPConnector.java:3862)
at sailpoint.connector.ConnectorProxy.provision(ConnectorProxy.java:882)
at sailpoint.integration.ConnectorExecutor.provision(ConnectorExecutor.java:165)
at sailpoint.provisioning.PlanEvaluator.provision(PlanEvaluator.java:1541)
at sailpoint.provisioning.PlanEvaluator.execute(PlanEvaluator.java:884)
at sailpoint.provisioning.PlanEvaluator.execute(PlanEvaluator.java:788)
at sailpoint.provisioning.PlanEvaluator.execute(PlanEvaluator.java:687)
at sailpoint.api.Provisioner.execute(Provisioner.java:1685)
at sailpoint.workflow.IdentityLibrary.provisionProject(IdentityLibrary.java:3058)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at sailpoint.server.ScriptletEvaluator.doCall(ScriptletEvaluator.java:136)
at sailpoint.server.ScriptletEvaluator.evalSource(ScriptletEvaluator.java:65)
at sailpoint.api.Workflower.evalSource(Workflower.java:5966)
at sailpoint.api.Workflower.advanceStep(Workflower.java:5121)
at sailpoint.api.Workflower.advance(Workflower.java:4510)
at sailpoint.api.Workflower.startCase(Workflower.java:3091)
at sailpoint.api.Workflower.launchSubcase(Workflower.java:5424)
at sailpoint.api.Workflower.launchSubcases(Workflower.java:5317)
at sailpoint.api.Workflower.advanceStep(Workflower.java:5108)
at sailpoint.api.Workflower.advance(Workflower.java:4510)
at sailpoint.api.Workflower.startCase(Workflower.java:3091)
at sailpoint.api.Workflower.launchSubcase(Workflower.java:5424)
at sailpoint.api.Workflower.launchSubcases(Workflower.java:5317)
at sailpoint.api.Workflower.advanceStep(Workflower.java:5108)
at sailpoint.api.Workflower.advance(Workflower.java:4510)
at sailpoint.api.Workflower.startCase(Workflower.java:3091)
at sailpoint.api.Workflower.launchSubcase(Workflower.java:5424)
at sailpoint.api.Workflower.launchSubcases(Workflower.java:5317)
at sailpoint.api.Workflower.advanceStep(Workflower.java:5108)
at sailpoint.api.Workflower.advance(Workflower.java:4510)
at sailpoint.api.Workflower.assimilate(Workflower.java:4160)
at sailpoint.api.Workflower.handleWorkItem(Workflower.java:7638)
at sailpoint.api.Workflower.process(Workflower.java:1824)
at sailpoint.api.Workflower.process(Workflower.java:1847)
at sailpoint.api.WorkflowSession.advance(WorkflowSession.java:473)
at sailpoint.service.WorkflowSessionService.advance(WorkflowSessionService.java:105)
at sailpoint.service.form.FormService.next(FormService.java:164)
at sailpoint.service.form.FormService.submit(FormService.java:109)
at sailpoint.rest.ui.form.BaseFormResource.submit(BaseFormResource.java:130)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:144)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:161)
at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:160)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:99)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:389)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:347)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:102)
at org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:326)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)
at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
at org.glassfish.jersey.internal.Errors.process(Errors.java:267)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317)
at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:305)
at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1154)
at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:473)
at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:427)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:388)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:341)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:228)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at sailpoint.rest.jaxrs.MethodOverrideFilter.doFilter(MethodOverrideFilter.java:90)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at sailpoint.rest.RestCsrfValidationFilter.doFilter(RestCsrfValidationFilter.java:69)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at sailpoint.rest.AuthenticationFilter.doFilter(AuthenticationFilter.java:100)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at sailpoint.web.SailPointContextRequestFilter.doFilter(SailPointContextRequestFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at sailpoint.web.SailPointPollingRequestFilter.doFilter(SailPointPollingRequestFilter.java:109)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at sailpoint.web.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:63)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:201)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:698)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:364)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:616)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1629)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.net.SocketException: Network is unreachable (connect failed)
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:476)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:218)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:200)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:394)
at java.net.Socket.connect(Socket.java:606)
at java.net.Socket.connect(Socket.java:555)
at java.net.Socket.<init>(Socket.java:451)
at java.net.Socket.<init>(Socket.java:228)
at sailpoint.connector.RPCService.execute(RPCService.java:412)
... 113 more
Wednesday, September 22, 2021
SailPoint Identity IQ JDBC Aggregation: A common mistake
A common mistake that I have seen being made is how the aggregation query is written.
Let's say there are three tables:
- User
- Groups
- Membership
The names are exactly what is contained in the tables, User table contains the user data, Groups table contains the group data, Membership table contains the membership data.
Pay attention to both the queries, both will return the result and mostly pass the unit testing. The issue is that if a user is not part of any groups, they would not appear in the result set of query1
Incorrect Query
SELECT User.*, Membership.groupName
FROM User, Membership
WHERE User.Id = Membership.UserId;
Correct Query
SELECT User.*, Membership.groupName
FROM User
LEFT JOIN Membership
ON User.Id = Membership.UserId;
Hope it helps !!
Monday, September 20, 2021
SailPoint IIQ: Delete WorkItems assigned to a User
- Query the 'spt_work_item' table. Pay attention to 'id' column(used for deleting the workitem) and 'owner' column (used to identifying the owner
- Use the console utility to delete the workitem
- Navigate to <tomcat>/webapps/iiq/WEB-INF/bin/
- Execute ./iiq console
- delete workitem ff8080817bffde5f017c029a820700ab (where id is the one you queried from database)
- If multiple ids have to be deleted, you can create a file with content like:
delete workitem ff8080813eb1de6f013eb3d811f10081
delete workitem ff8080813eb1de6f013eb3d82b6b0095
delete workitem ff8080813eb1de6f013eb3d83b1000a9
delete workitem ff8080813eb1de6f013eb3d846b900bd
delete workitem ff8080813eb1de6f013eb3d855cb00d1
- Within IIQ console: source deleWorkItem.txt
Subscribe to:
Posts (Atom)