AlainODea

An example with minimal dependencies is a loopback within an Okta Org.

Say you want to get to the admin interface of an Org. It's at:

/home/admin-entry

URL encoded (what you need for RelayState) that is:

AlainODea

execve("/usr/bin/bash", 0x08047210, 0x0804721C)  argc = 2
sysinfo(SI_MACHINE, "i86pc", 257)		= 6
mmap(0x00000000, 32, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANON, -1, 0) = 0xFEFA0000
mmap(0x00000000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0) = 0xFEF90000
mmap(0x00000000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0) = 0xFEF80000
mmap(0x00000000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANON, -1, 0) = 0xFEF70000
memcntl(0xFEFB5000, 49700, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
memcntl(0x08050000, 148876, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
resolvepath("/usr/lib/ld.so.1", "/lib/ld.so.1", 1023) = 12
resolvepath("/usr/bin/bash", "/usr/bin/bash", 1023) = 13

AlainODea

PR is merged :) Just use the examples in the czmq repo: https://github.com/zeromq/czmq/tree/master/examples/security

AlainODea

The examples that were here are now part of Haskell Stack project here: https://github.com/AlainODea-haskell/zeromq-experiments

AlainODea

import javax.xml.bind.DatatypeConverter;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

AlainODea

Akamai Request signing using HMAC

Akamai Dynamic Site Delivery supports the use of variables and operations in its configurations that allows for a great deal more flexibility than you might imagine. A great example of this is introducing a form of request signing to make up for the lack of mutual TLS between the CDN and the origin servers.

Customer-configuration variables:

• HMAC_IV_HEADER: name of the header that will be sent with the HMAC initiatlization vector

AlainODea

#!/bin/bash
logGroupName=$1
logStreamPrefix=$2
aws --profile prod logs describe-log-streams \
    --log-group-name ${logGroupName} \
    --log-stream-name-prefix ${logStreamPrefix} |
  jq --raw-output '.logStreams |=
                   sort_by(.lastEventTimestamp) |
                   .logStreams[-1].logStreamName'

AlainODea

#!/bin/bash
harFile="${1:=NetworkData.xml}"
cat "${harFile}" |
  jq --raw-output --from-file har-to-SAMLResponse.jq | # get URL encoded SAMLResponse
  while read; do echo -e ${REPLY//%/\\x}; done | # decode to Base64 SAMLResponse
  base64 --decode # decode to XML SAMLResponse

AlainODea

# Get settings to enter on the Identity Provider (IdP) to allow authentication to Service Provider (SP)
function Get-IdP-Settings-From-SP($Metadata) {
    [xml]$SPMetadata = $Metadata
    $SPAssertionConsumerServiceURL = $SPMetadata.EntityDescriptor.SPSSODescriptor.AssertionConsumerService |
    ? {$_.Binding -eq "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"} |
    % {$_.Location}
    $SPIssuerURI = $SPMetadata.EntityDescriptor.entityID
    $SPSignatureCertificate = $SPMetadata.EntityDescriptor.SPSSODescriptor.KeyDescriptor |
    ? {$_.use -eq "signing"} |
    Select-Object -Last 1 |

AlainODea

$Script = [System.IO.Path]::GetTempFileName()
(New-Object System.Net.WebClient).DownloadFile("https://path/to/your/script.ps1", $Script)
Get-Content $Script | clip.exe
# right click to run