Monday, May 11, 2009

google search appliance experience

Over the past few months I've gotten intimately acquainted with the Google Search Appliance(gsa), which is basically a version of Google you can purchase to search and index your organization's content. The Google search feature we are currently offering our users is good but it could be better and road here was filled with many obstacles.

When we first got the appliance there was this sense that not only was it "plug and play" but that as soon as we plugged it into our network it was just going to out and search everything, potentially choking our network. While the gsa can generate a good deal of traffic, this just couldn't be farther from the truth. We actually spent months, researching and attempting through trial and error to get the gsa to index our content including a legacy document management system.

Our system happens to rely on a combination of windows network authentication and cookies, which at first glance of the documentation it looks like the gsa could support. What they don't seem to tell you is these 2 authentication methods can not be used in tandom. You have to pick one or the other. The other thing they don't tell you is that when they say that the gsa supports cookies what they really mean is that it doesn't support cookies but if you really have to use them they will let you through a convoluted shceme where you direct the gsa to a login form, which may or may not exist on your system, which then generates a cookie which the gsa will store and use from then untill some set point in time in the future.

What we ended up doing was giving the gsa a windows network login and then coding around the system's use of cookies for that user. This was one of the many code changes we have had to make to accomodate the gsa. More on this later but for now I'm off to the to Silverstripe cms talk and indyhall classic.

Wednesday, December 10, 2008

2008 day job accomplisments

I had to put together a list of my accomplishments for my day job as a web developer/ analyst for a Philadelphia based stock brokerage firm so I thought i would repurpose that list here:

Financial Consultant Dashboard: I played an integral role in the design and architecture of a Financial Consultant (FC) Dashboard. I worked closely with the business to understand it's needs and goals and then gathered the requirements for this application. I also designed and mocked up user interfaces for widgets and screens. I also assisted with usability testing and findings analysis.

Financial Consultant Performance Reporting: I significantly enhanced the Performance Reporting tools i began developing last year, revamping the user interface and adding administrative data analysis features for branch, region and firm managers

SharePoint Development: I have begun developing business tools on the MS SharePoint platform. I have released a shared calendar to track Branch Office Visits, Blogs for the Taxable Fixed Income and Municpal Bond Departments and a document libaray with custom workflows to assist with on boarding related documents.

Conference Registration System: I developed a conference registration system which I go into more depth about here

Web Application Monitoring: I researched and then selected Web Application monitoring services from AlertBot, which have resulted in impoved up-time.

Purchase Order System: rebuilt a legacy PO system in oder to stream line the process and get more users on board with paperless system

SAML Single Sign-on System: I coded a SAML SSO system to allow our users to seamlessly access Rearden Commerce's travel booking site. I go into a lot more detail about this here

So, that's pretty much my year of webdevwork day job achievements.

Tuesday, November 4, 2008

typoLight review

While TypoLight is most likely a powerful framework, it is over complicated for the average user. The install did not go as smoothly as I had hoped and had to be redone a few times. Installing without a template left me in a place where I had no idea what to do to get a site up and installing with a template added so much content it would take hours to simplify. I wonder if, after you get to know the system you can just start with exactly what you need from a query rather than building it through the interface. It does seem to have a lot of features like event calendar, forms, and support for extension modules. The main issue at this point seems to be a lack of robust support community which is something that could change overtime.

Thursday, October 30, 2008

SharePoint Initial Impressions

I have recently been doing quite a bit of work with SharePoint. This hasn't been much fun becuase (at least as of yet) it doesn't involve much coding and relies heavily on microsoftian configuration. It has however, been very productive for a fairly low level of effort. In the past week alone, I have rolled out a couple blogs, a shared calendar and a document library, all with fine grain access control, desktop application integration, alerting and workflow. I did have to do a fair degree of customization to these apps, mostly involving disabling or hiding unnecessary functionalities. It has been very interesting learning about the power, limitations and of course bugs of SharePoint.

Friday, September 5, 2008

Single Sign-On with SAML and ColdFusion

My implementation of SAML is largely based on this post by David Rutter which is unfortunately riddled with errors that I spent more time than I would like to admit working through. His post and some of my background knowledge are from Phil Duba's Saml and ColdFusion Series which was very useful until about halfway through part 5 where it ventures out of my comfort zone into compiling java code for use within CF.

What I have done is merge the two approaches into a single solution usable on CF8(and possibly others although it has not been tested) for connecting to PingIdentity's PingFederate Service Provider server such as that used by Rearden Commerce.

PreReqs

  1. Download the binary(bin) Apache XML Security Library. I used the most current version 1.4.2.

  2. Unzip it and copy from xml-security-1_4_2\libs serializer.jar and xmlsec-1.4.2.jar into ColdFusion8\lib and restart the CF service

  3. Buy or Generate an x509 certificate and provide the public portion to you service provider. I will cover this in more depth in another post.


Now we are ready to get into the code.

We start with SAML Assertion XML and fill in the dynamic portions: ID's, dates and username.












#username#

urn:oasis:names:tc:SAML:1.0:cm:bearer









Now we will Sign our XML Assertion:


//injest the xml
samlAssertionElement = samlAssertionXML.getDocumentElement();
samlAssertionDocument = samlAssertionElement.GetOwnerDocument();
samlAssertion = samlAssertionDocument.getFirstChild();

//create the neccesary Java Objects
SignatureSpecNS = CreateObject("Java", "org.apache.xml.security.utils.Constants").SignatureSpecNS;
TransformsClass = CreateObject("Java","org.apache.xml.security.transforms.Transforms");
SecInit = CreateObject("Java", "org.apache.xml.security.Init").Init().init();
XMLSignatureClass = CreateObject("Java", "org.apache.xml.security.signature.XMLSignature");

//set up the signature
sigType = XMLSignatureClass.ALGO_ID_SIGNATURE_RSA_SHA1;
signature = XMLSignatureClass.init(samlAssertionDocument, javacast("string",""), sigType);
samlAssertionElement.insertBefore(signature.getElement(),samlAssertion.getFirstChild());

//set up signature transforms
TransformsClass = CreateObject("Java","org.apache.xml.security.transforms.Transforms");
transformEnvStr = TransformsClass.TRANSFORM_ENVELOPED_SIGNATURE;
transformOmitCommentsStr = TransformsClass.TRANSFORM_C14N_EXCL_OMIT_COMMENTS;
transforms = TransformsClass.init(samlAssertionDocument);
transforms.addTransform(transformEnvStr);
transforms.addTransform(transformOmitCommentsStr);

KeyStoreClass = CreateObject("Java" , "java.security.KeyStore");
//injest your previously created keystore
ksfile = CreateObject("Java", "java.io.File").init("c:\temp.keystore");
inputStream = CreateObject("Java", "java.io.FileInputStream").init(ksfile);
ks = KeyStoreClass.getInstance("JKS");
ks.load(inputStream,"SamlTest");
keypw = "mypass";
key = ks.getKey("SamlTest",keypw.toCharArray());
cert = ks.getCertificate("SamlTest");
publickey = cert.getPublicKey();

signature.addDocument("", transforms);

//optionally include the cert and public key
//signature.addKeyInfo(variables.cert);
//signature.addKeyInfo(variables.publickey);

signature.sign(key);

samlAssertionXML = toBase64(toString(samlAssertionXML), "utf-8");



and then we use a form to post it to the service provider









And there you have homegrown SAML Single Sign-on Solution In ColdFusion.

Here is the source file in it's entirety because blogger has a tendency to mangle code

Please feel free to post questions or comments.

Wednesday, July 30, 2008

FC Recruiting Workflow System

I need to provide a system where users will have the ability to post, comment and approve documents. In addition, his system needs to provide access control and groups. Work flow would also be nice if possible.

Due to the procedural changes being handed down from on high, I need to get this done in under 30 days otherwise, it turns into a pumpkin, or rather a project, as opposed to a Rapid Application and would then require voluminous paperwork and painstaking meetings.

While I could build something custom, I'm not sure that I can get all the desired features done in the time frame, so I'm looking at document management systems and frameworks I could potentially build off of.

I looked at M$ WSS, but quickly scrapped it due to the need to run Visual Studio 2005 on Windows Sever 2003, which makes it much less free (as in beer)

I then looked at Alfresco, which is very pretty but complex. The community edition comes in a large executable, which install a full java stack. It was not as easy to get running as I had hoped.

Next, was Knowledge Tree, which I found to be more usable and intuitive than Alfresco, although slightly less shiny. I am interested in pursuing this one, but also want to continue investigating other lighter weight alternatives such as Genus and others found on SourceForge.

Sunday, July 27, 2008

firefox extensions to have

The best thing about Firefox besides the good standards compliance, speed and reliability are the extension.

I'm running:
  • Adblock Plus
  • All-in-one Sidebar
  • Delicious Bookmards
  • Firebug
  • Web Developer