New Post
0 Kudos

Utilize the HIBP API

by jproctor ‎02-27-2018 11:10 AM

I'd love to see this API integrated with Centrify to make everyone a lot more secure:

 

https://haveibeenpwned.com/API/v2

 

Here is an example of a recent integration and how I think it would work best. https://blog.bittylicious.com/2018/02/have-i-been-pwned/

 

For each user that newly logs in, Bittylicious will interrogate with the service to determine whether the password being used by the Bittylicious user is one that is commonly used and has been listed in one of many breaches. This means that from now onwards:

  • Users will not be able to change their password to one that is very well known, i.e. used regularly by many others and appears in multiple lists.
  • Privileged users (brokers and administrators) will not be able to use the service if their password is in any single list at all; the password will need to be changed before the service can be used.

 

 

 

0 Kudos

After installed Centrify Express and have the smart card inserted, the app creates a new keychain under the Apple Keystore, however none of the credentials are accessible via the user's keystore.

 

Namely you can't access it when you do the following in Java:

 

KeyStore.getInstance("KeychainStore", "Apple");

 

 

 

 

 

 

0 Kudos

Centrify with Spring Boot (Java)

by nathand on ‎11-25-2015 10:43 AM

Has anyone tried to integrate Centrify with Spring or Spring Boot?

I’m trying to integrate Centrify ADFS with Spring Security Kerberos using Java 1.8 with JCE on RHEL 6. Per this link - http://docs.spring.io/spring-security-kerberos/docs/1.0.1.RELEASE/reference/htmlsingle/#samples-sec-..., here are some sample properties that I would need to collect to run a Spring Boot sample

server:

    app:

        ad-domain: EXAMPLE.ORG

        ad-server: ldap://WIN-EKBO0EQ7TS7.example.org/

        service-principal: HTTP/neo.example.org@EXAMPLE.ORG

        keytab-location: /tmp/tomcat.keytab

        ldap-search-base: dc=example,dc=org

        ldap-search-filter: "(| (userPrincipalName={0}) (sAMAccountName={0}))"

 

I’ve configured the SPN and keytab following this link - http://docs.spring.io/spring-security-kerberos/docs/1.0.1.RELEASE/reference/htmlsingle/#setupwinkerb.... But, I’m wondering if I even need to setup an SPN or if there would be a more suitable one already created by Centrify. Or maybe there are some Centrify peculiarities that I’m missing.

 

The code for the app can be found here - https://github.com/spring-projects/spring-security-kerberos/tree/master/spring-security-kerberos-sam.... You need to download the entire project, build with Gradle, then run the jar (java -jar spring-security-kerberos/spring-security-kerberos-samples/sec-server-win-auth/build/libs/sec-server-win-auth-1.0.2.BUILD-SNAPSHOT.jar). 

Showing results for 
Search instead for 
Do you mean