Return user roles in Auth0

I wanted to play with SAML Authentication in Splunk and decided to use Auth0 is my SAML Identity Provider (IdP).
Since i’ve never worked with Auth0 I just followed the SAML SSO with Auth0 as Service Provider and as an Identity Provider tutorial,, which worked well, but when I tried to use Splunk as Service Provider(SP), i.e. SAML service consumer, I noticed that roles are not returned by Auth0 SAML assertion, so I had to find a way to return user roles in Auth0 together with other user’s information.

Of course the  prerequisite of returning roles assigned to the user is to have them defined, so configure a few Roles under the User & Roles section on the left and assign 1 or more rule to a user.

Auth0 Roles

I’ve created bu1_p and bu2_p (as for Business Unit 1/2 – Power User).

Next you will need to configure a Rule.

“Rules are JavaScript functions that execute when a user authenticates to your application. They run once the authentication process is complete, and you can use them to customize and extend Auth0’s capabilities.”

So from different sources I’ve stitched up a simple rule that adds roles assigned to a user and adds them to the user context.

Go to Rules and create a new Rule using empty rule template

Update the function to look like this:

Save it.

If you want to test it by clicking “TRY THIS RULE” button, but don”t forget to update the context to include the  authorization with the roles (last couple of lines in the snippet below)

 

That’s it, now the authorization will return user roles in Auth0 as “rolez” attribute

Rule Try Output

Manage Splunk KV Store using REST API

I’ve started working with Splunk KV store for one of my recent projects. It is a robust system with an extensive API. since I was learning and documenting my fundings anyway I thought, why not put up a blog post about how to manage Splunk KV Store using REST API.

Continue reading Manage Splunk KV Store using REST API

Colour code Google calendar events automatically using Google Apps Script

Sometimes you want to have a certain colour for the Google Calendar events. I know that you can do it manually, but what if you want it to be colour coded automatically based on some filters. In my case it was based on meeting organizer (my wife to be precise 🙂 ). So decided to try and colour code Google calendar events automatically using Google Apps Script.

Continue reading Colour code Google calendar events automatically using Google Apps Script

Splunk HEC SSL Certificate Set up

Here is how to set up Splunk HTTP Event Collector (HEC) SSL with your own certificate

In /opt/splunk/etc/apps/splunk_httpinput/local/inputs.conf edit the [http] stanza with these 4 properties

[http]
enableSSL = 1
sslPassword = $1$IA1A1A1A1
privKeyPath = /opt/splunk/etc/auth/splunkweb/hec.mydomain.com.key
serverCert = /opt/splunk/etc/auth/splunkweb/hec.mydomain.com.pem

Verify ownership of a site for Bing in Google Domains

Here is how to verify ownership of a site for bing in Google Domains


There are 3 options

  • Option 1: Place an XML file on your web server

  • Option 2: Copy and paste a
    tag in your default webpage

  • Option 3: Add CNAME record to DNS

I chose option 3 (and it is the focus of this post) when I was verifying my ALinks4U.com domain for 2 reasons: (1) It doesn’t require to touch you website code and/or have access to your site’s filesystem (2) It is unique to Google Domains (vs other hosting platforms)

Verify ownership of a site for bing in Google Domains

  1. Login to Bing Webmaster Console
  2. In the “Add a Site” section, type in your website URL and click Add
  3. You will be redirected to Verify ownership for page
  4. Scroll down to **Option 3: Add CNAME record to DNS*
  5. Copy your unique ID (something like xx9999837bffff939aa33632ae285)
  6. Now go to Google Domains Console and click the Configure DNS icon
  7. Under Custom resource records add a new CNAME record
  8. Back in the Bing Webmaster Console hit the Verify button. Please note that it might take some time for the DNS resolution to start working (took about 10 minutes for me)

That’s it, now your new site is verified by Bing and will be crawled and indexed and will appear in relevant search results. As an additional benefit, sites that are crawled by Bing are also indexed by DuckDuckGo.com

How to ssh from Mac via socks proxy

In order to ssh from Mac via socks proxy you will need to use ncat utility.


You will need to use ncat utility which is not available on OSx by default, and is not directly in homebrew, but you can get it by installing nmap (as nmap installation includes ncat utility with support of socks5)

Install nmap

brew install nmap

Connect to your target host

ssh -v -o 'ProxyCommand=ncat --proxy-type socks5 --proxy proxyhost:proxyport --proxy-auth proxyuser:proxypass %h %p' -p22 username@serverhost

That’s is, the only disadvantage is that you need to fill in your user:pass in the command itself. If you have any idea how to overcome it please let me know.

Reference https://stackoverflow.com/questions/34348720/osx-ssh-to-server-through-socks5-proxy

Sites and Games that teach kids to code

Hi, I have a 7 years old son and wanted to introduce him to coding. So I have started to collect information about Apps, Sites and Games that can teach kids to code or introduce them to coding mindset. Below are the ones that I’ve found. Please help me and others by commenting here or contributing in the GitHub repository and recommending the ones that you are aware of and have used. Continue reading Sites and Games that teach kids to code

Use Gmail with your own domain for free

Well, if you are looking at this post you (1) have your own domain name, (2) love using gmail and want to use it as to send and receive email for your domain and (3) prefer not to pay for this. If not the 3rd point you could easily do it using G-Suite (message me if you want to get a 20% discount code for your first year, as a comment here or on Twitter @IlyaReshet), but then you will have to pay $5/month, but fear not, there is a way to use Gmail with your own domain for free. Continue reading Use Gmail with your own domain for free

Is it healthy to…

I went to donate blood recently and if you have not done so yourself recently (or at all) I strongly recommend you doing it.

Just go to https://www.donateblood.com.au/ to find the closest location to you.

When I came in they said “Hey looks like you have donated blood a lot of times before and currently we have plenty of your blood type in the bank, but would you consider donating plasma today?” I said why not , read some material, signed some forms and proceeded with it.

Later when I came to office (I did the donation 7:30AM on my way there, YES they open this early so there is no excuse not to donate) I decided to google how healthy it is to donate plasma vs regular blood donation.

So I’ve opened a new tab and typed “Is it healthy to” and here is what I’ve got as the suggested searches

Suggested Search results for Australia

I almost fell of my chair laughing. Is that what the general google search user in Australia is concerned about when it is regarding his/her health?!

Continue reading Is it healthy to…