Monday, June 26, 2023

SAML

SAML (Security Assertion Markup Language)

  • Centralize user management and provides access to SaaS solutions.

Identity - Stored in LDAP DB or Microsoft AD

Authentication: SAML IDP /  ADFS

Authorization: Application controls it , can use LDAP group

Entities : 

  • SAML Service Provider (example: Application like Pega)
  • SAML Identity Provider (example : ADFS) 

User Agent (Browser) : Critical in this flow as it has to be there for redirect.

Setting up trust between SP and IDP:

SAML response is encrypted and is also signed by IDP. In order to decrypt and recognize signature, the SAML Service Provider needs the certificate of SAML IDP.  Same way the SAML IDP needs the certificate of SAML SP. This is what is called as trust.

SAML IDP and SAML SP needs to know each others information, which requires exchange of SAML metadata. SAML metadata is an xml file containing the certificates that needs to be exchanged.

SAML response contains the SAML token and token contains the claims. Claims are attributes of user like first name, last name, email, groups. SAML claims and SAML token are encrypted for security reasons.

What is SAML assertion?

It is an XML document that the IDP sends to SP containing the user authorization status.

Process Flow:

1. User tries to login to application URL in browser.

2. Application generates SAML request.

3. Application redirects (http redirect) request to Browser. Browser redirects request to IDP SSO url.

4. IDP parses SAML request and authenticates user.

5. IDP generates SAML  response and sends encodes response to Browser.

6. Browser redirects SAML response to ACS URL of application SP.

7. Assertion Consumer Service verifies SAML response.

8. User is logged into application.


Posted by at No comments:
Labels:

Monday, August 20, 2012

Calculating Julian date

There was this need for identifying the date in YYYYMMDD format when year and day of the year was to be taken from a property value.

I did this by creating utility in Pega, though Java coding is the last option suggested in PRPC.
Here is the code-
import java.util.GregorianCalendar;

public class Julian {
public static void main(String[] argv) {
    GregorianCalendar gc = new GregorianCalendar();
    String yr="2011"; // parameter to be passed into the function
    String day="230"; // parameter to be passed into the function
   
    int yr1 = Integer.parseInt(yr);
    int day1 = Integer.parseInt(day);
   
    gc.set(GregorianCalendar.YEAR, yr1);
    gc.set(GregorianCalendar.DAY_OF_YEAR, day1);
    int Day;
    int Month;

    Day=gc.get(GregorianCalendar.DAY_OF_MONTH);
    Month=(gc.get(GregorianCalendar.MONTH)+1);

    String mm=Integer.toString(Month);
    String dd=Integer.toString(Day);
    if(Month <10 ){
        mm=0+mm;
    }
    if (Day <10){
        dd=0+dd;
    }
    String date=yr+mm+dd;
  }
}

If anyone can suggest better approach, that would be great.
Posted by at No comments:
Labels:

Class inheritance in PRPC

Inheritance, an object oriented concept is to encourage reuseability in the design.

 In PRPC two types of Class Inheritance is defined, one is Pattern Inheritance and another one is Direct Inheritance.

 Pattern Inheritance
As per the  name, pattern inheritance is about creating a child class by using the same name pattern of the parent class.
example-
Parent Class - Ilend-Home
Child Class   - Ilend-Home-Mortgage

 Direct Inheritance
Directed inheritance allows to specify or direct from what classes the current class may inherit.
example-
Ilend-Home-Mortgage could have directed inheritance to Work-Object-

 Usage-
Lets consider class x needs to inherit from two different class hierarchy, we will be using Pattern inheritance to inherit from the same class hierarchy and direct to inherit from different class hierarchy.

For Ex. We have Framework and Implementation Layer.

Where my worktypes belongs to Implementation layer, by using Pattern i can inherit from Implementation layer class structure and using direct i can inherit from framework layer.

 Rule Resolution and Class Inheritance
While Rule Resolution classes are always checked through pattern inheritance first all the way through the class pattern hierarchy, coming back to starting point and check through direct inheritance.

 I tried to make it simple to understand, though any comments are most welcome.
Posted by at No comments:

BPM and BRE

So here we are discussing about the two main terms that define PRPC, and those are BPM which stands for Business Process Management and BRE which states Business Rules Engine.

BPM is about managing the business processes of an Organization.
It includes Planning, Designing, Building, Operating, Maintaining and improving business processes.


BRE is the system that manages business rules.
It separates the business logic from the critical applications and enables the enterprise to manage and execute business practices.


The business rules engine can be embedded or called from another system using Service JSR94 rules.
Posted by at No comments:
Subscribe to: Comments (Atom)