Sohail Khan

Secure & Trustworthy Applications…

Single Sign-On with Shibboleth Identity & Access Management Solution

This topic has been covered by many people and you can find some good stuff regarding it on the web. I and a few of my colleagues worked on identity and access management solutions especially Shibboleth during our studies, each time we thought to write it down somewhere for future use but laziness on my side. I had a chance to work around it again and thought to write down the steps to set up a basic Shibboleth structure for an organization.

For those who are not familiar with the concept here is a brief summary. Single Sign-On (SSO) is an authentication process that allow users to log in once and be authenticated to all the network resources they are granted permission to access. It ease the burden of remembering multiple passwords for different applications by eliminating further prompts for username/passwords while shifting from one resource to another for a particular session.

Shibboleth is a free open source implementation for identity management, providing a web-based single sign-on mechanism across different organizational boundaries. In a simple scenario, a client access a resource which is protected by Shibboleth service provider (SP), the client is authenticated by her home identity provider (IdP) and is redirected to the SP to access the particular resource. The SP may apply further access control mechanisms to restrict access to the resource. This way, information about a user is sent from a home identity provider to a service provider which prepares the information for protection of sensitive content and use by applications. If you are not familiar with Shibboleth and how it works, you may be benefited from the Shibboleth home page.

In this tutorial we will cover installation of the IdP first and then we will perform the necessary configuration to customize the IdP for an organization. Afterwords, we will install and configure the shibboleth SP and will setup a basic scenario to protect a resource. This is just a summary of our new tutorial, you can continue to read the full tutorial at our main blog (CSRDU blog) at Shibboleth IdP and SP Installation and Configuration.

TPM emulator, TrouSerS & IMA on Android

In this tutorial, we will cover the installation of TPM emulator, TrouSerS (the open source Trusted Computing Software Stack) and IMA (Integrity Measurement Architecture) on the Android platform. This tutorial is based on Ubuntu 10.10 (x86), Android source code (froyo version) & Android golfish kernel 2.6.29. This tutorial is aimed at relative newbies so each step will be explained in detail. Here are the steps that are needed to successfully download, build and run a specific kernel (with the above mentioned features) on the emulator.

1. Installing the prerequisites

1.1 Installing the JDK

The Sun JDK is no longer in Ubuntu’s main package repository. In order to download it through apt-get, you need to add the appropriate repository and indicate to the system which JDK should be used.

Java 5: for Froyo and older versions of Android

$ sudo add-apt-repository "deb http://archive.ubuntu.com/ubuntu dapper main multiverse"
$ sudo add-apt-repository "deb http://archive.ubuntu.com/ubuntu dapper-updates main multiverse"
$ sudo apt-get update
$ sudo apt-get install sun-java5-jdk

1.2 Installing required packages for Android source

You will need to install a number of required packages in order to set up your development environment. Run the following command to install these packages:

$ sudo apt-get install git-core gnupg flex bison gperf build-essential zip curl zlib1g-dev libc6-dev libncurses5-dev x11proto-core-dev libx11-dev libreadline5-dev libz-dev libgl1-mesa-dev
Read the rest of this entry »

How to compile IMA on Ubuntu

There are a number of how-to’s available for kernel compilation but here we will compile the kernel to include Integrity Measurement Architecture (IMA). You can find details regarding IMA here.

1. Download Kernel:

You can download the kernel by using the Synaptic Package Manager or directly from kernel.org by the following command:

wget -c http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.35/linux-2.6.35.11.tar.bz2

Note: If you use Synaptic Manager make sure you select the source code repository option.

2. Extract the kernel:

Extarct the kernel to /usr/src or any other directory:

sudo tar -C /usr/src -xvjf linux-2.6.x.x.tar.bz2

It will extract the kernel to /usr/src folder. Enter the kernel directory:

cd /usr/src/linux-2.6.x.x Read the rest of this entry »