Introduction There are several ways to do Linux Azure AD authentication. In other words you can log in to your Linux hosts Azure Active Directory ("Azure AD") credentials in various ways. Azure, Microsoft's public Cloud, builds on top of Azure AD. In fact, your Azure users, groups, roles and role assignments are stored in Azure […]
Introduction This article tries to include everything you need to know about Keycloak Javascript policy deployment. By Javascript policies I mean authorization policies of Javascript type attached to Keycloak clients that have authorization enabled. If you don't know what Keycloak authorization services are, you are probably in the wrong place. While the process of creating […]
Introduction Red Hat Openshift is essentially an opinionated Kubernetes distribution that comes with a large number of features such as CI/CD and container registry built-in; for a full list of differences look at the Red Hat OpenShift vs. Kubernetes. Openshift comes in a number of versions, some commercial and some open source. The naming history […]
Introduction The Keycloak Authorization Services allows you to offload your application's authorization decisions to Keycloak instead of implementing them in your code. This way you can leverage Keycloak's advanced features like 2FA without any additional development on your part. If you're unfamiliar with the Authorization Services I suggest having a look at the Keycloak authorization […]
Introduction There's no substitute for understanding what you're doing, and that in turn is difficult without seeing what is happening. Debugging Keycloak OIDC problems without understanding what is happening under the hood is no exception to this rule. The purpose of this article is twofold: For the purposes of this blog post I've been using […]
Introduction Keycloak Authorization Services are built on top of well-known standards such as the OAuth2 and User-Managed Access specifications (UMA). You can manage Keycloak Authorization Services programmatically, if needed, as described in our other blog post. OAuth2 clients (such as front end applications) can obtain access tokens from the server using the token endpoint and […]
Introduction Let's Encrypt and the ACME protocol enable getting free (as in beer) TLS/SSL certificates. The main use for Let's Encrypt is to enable HTTPS on web servers. Let's Encrypt TLS certificates expire pretty quickly, in 3 months, but the idea is that renewal is automated so that you don't ever really have to worry […]
The symptoms I recently received and email from Amazon Route53 asking me to verify the contact details for one of our registered DNS domains (replaced here with example.org). And sure enough, I saw wrong Route53 domain contact details in the email: These wrong Route53 domain contact details originate from whois data for the registered domain. […]
Introduction Ansible has reasonably good support for managing various aspects of Keycloak. You can use the community.general.keycloak_realm module to handle realm management, including Keycloak realm SMTP server settings. However, in the true Ansible fashion the documentation looks good, but does not help you much. In fact, documentation only mentions that the smtp_server parameter is a […]
Introduction Prometheus is a widely used, cloud-native open source monitoring solution. Its alerting component is called Alertmanager, which can send alerts to email, Slack and elsewhere. Both Prometheus and Alertmanager fit very well into the infrastructure as code model as well. Twilio SMS is a SMS sending service with consumption-based pricing model with an extensive […]
Introduction Prometheus is a Cloud-native metrics platforms that is very easy to manage with infrastructure as code tools. Prometheus is often couple with Alertmanager which handles alerting and alert routing. AlertManager has good support for various alert transport (e.g. email or slack) but its alerting capabilities can be extended with custom webhooks. When AlertManager is […]
Kyllästyimme Edenred-korttien latauksen kankeuteen ja automatisoimme latausprosessin. Tässä artikkelissa kerrotaan, miten automaatio toteutettiin CSV-tiedostoilla ja ohjelmistorobotilla. Lisäksi artikkelista löytyy linkit GitHub-sivustollemme, josta voit ladata koodit käyttöösi. Edenred-korttien lataustapoja Edenred on yksi suurimmista suomalaisista työsuhde-etujen tarjoajista. Edenred tarjoaa fyysisiä ja virtuaalisia kortteja, joihin voidaan ladata työntekijöiden lounas-, virike- ja työmatkaetuja. Edenred-korttien lataamiseen on lukuisia tapoja, mutta […]
What does it do, this Keycloak thing? Dear seasoned keycloaker, as you probably know, Keycloak is a stable, scalable, programmable and otherwise killer platform to centralize all your identity, authentication and authorization needs. Keycloak supports fine-grained authorization policies using Keycloak authorization services. We highly recommend reading our Keycloak authorization services terminology article before this article. […]
Causes for the Terraform AWS UnauthorizedOperation errors Terraform is an infrastructure as code tool you can use to configure Cloud resources in AWS. When using Terraform AWS provider you frequently run into various UnauthorizedOperation errors when creating, modifying or deleting resources. That happens unless you do what you should not do and let Terraform use […]
Introduction AWS recommends that you disable S3 bucket ACLs for all new buckets. To understand why some background information is needed. AWS S3 providers two ways to manage access to S3 buckets and objects: AWS combines IAM policies and ACLs to figure out the effective access control rules for objects in an S3 bucket. The […]
It's time for a brief rant about Microsoft Teams. Before we start I'll state that Teams is probably an ok platform for collaboration when you work for just one organization. But when you need to work with multiple organizations, each with their own Teams, you immediately run into a world of hurt. There are two […]
This article shows you how to convert a hash into JSON in Puppet using a simple ERB template that gets its data from Hiera. Suppose you have this data in Hiera: Converting a hash into a JSON file on the target node is surprisingly easy. First look up the data: Then create a simple ERB […]
You are 100% sure that all your Terraform resources are using terraform-provider-azurerm, yet Terraform attempts to download the deprecated "azure" provider: You grep the state file and find no references to the "azure" provider. You assume that the cause is some nested module that depends on it, but no, that's not it. You run "terraform […]
What is Azure Private DNS? Azure Private DNS is a DNS service for Azure virtual networks. You can register a private DNS zone to Azure Private DNS and then link that zone with one or more virtual networks. If you enable DNS auto-registration for a virtual network, a new resource (e.g. virtual machines and VPN […]
What are Ansible modules? Ansible modules provide the infrastructure as code building blocks for your Ansible roles, plays and playbooks. Modules manage things such as packages, files and services. The scope of a module is typically quite narrow: it does one thing but attempts to do it well. Writing custom Ansible modules is not particularly […]