Category Archives: Security

AWS: RDS Certificate Authority SSL certificate upgrade

22 November 2019
 

 We started receiving emails from AWS with notifications to update RDS Certificate Authority certificates. It’s time to do it, so let’s start from our Dev, then will repeat on Staging and Production environments. W eare using common AWS RDS MariaDB instances, and the upgrade documentation is available here>>>. The process itself is really simple and… Read More »

What is: SAML – an overview, its structure and requests tracing between a Jenkins and Okta SSO

17 November 2019
 

 During the SAML SSO configuration for our Jenkins, I faced an issue, when some attributes weren’t passed from Okta to the Jenkins instance. So in this post will try to figure out what is SAML in general, will take a short overview of its architecture and main components, and will make some SAML-requests tracing/sniffing to… Read More »

Okta: G-Suite integration – provisioning and users import and export

25 October 2019
 

 And going forward with Okta setup for our project. Previous posts: Okta: SSO authentication for Gmail and Slack Jenkins: SAML Authentication with Okta SSO and users groups Jenkins: SAML, Okta, users groups, and Role-Based Security plugin Github: SAML, Okta, and Github Enterprise Cloud – Organization SSO configuration The next task is to integrate our Google… Read More »

Github: SAML, Okta, and Github Enterprise Cloud – Organization SSO configuration

21 October 2019
 

 As a follow-up to the SSO, Okta, and SAML. We already did everything for our Jenkins (see the Jenkins: SAML, Okta, user groups, and Role-Based Security plugin post) – now it’s time to do the same thing with our Github organization. The idea is the same as for the Jenkins’ setup: keep all users in… Read More »

OpenVPN: the No route to host and ERR_ADDRESS_UNREACHABLE errors – the cause and a solution

14 October 2019
 

 We have an OpenVPN Access Server running, see its setup in the OpenVPN: OpenVPN Access Server set up and AWS VPC peering configuration post. The VPN server is hosted in a first AWS VPC, while a Bitwarden service – in another one VPC. Between those VPCs we have a VPC peering configured, and the OpenVPN… Read More »

Jenkins: SAML Authentication with Okta SSO and users groups

11 October 2019
 

 SAML – Secure Assertion Markup Language is used for federated authentication when some service which we need to get access to (a Service Provider), asks another service (an Identity Provider) to perform a user’s authentification. Check the documentation here>>>. Service Provider (SP): is a system where need to authenticate, in our case this will be Jenkins… Read More »

Okta: the Custom domain and TLS configuration

4 October 2019
 

 You can use your own domain configured for Okta. The one thing worth to mention here is the fact that Okta’s official plugin doesn’t work with a Custom domain feature so you’ll have to use Okta’s URL for the plugin authentification, see the  documentation for details. Custom domain configuration Go to the Settings > Customization:… Read More »

Kubernetes: part 4 – AWS EKS authentification, aws-iam-authenticator and AWS IAM

3 September 2019
 

  Let’s proceed with our AWS Elastic Kubernetes Service, EKS. Previous parts: Kubernetes: part 1 – architecture and main components overview Kubernetes: part 2 – a cluster set up on AWS with AWS cloud-provider and AWS LoadBalancer Kubernetes: part 3 – AWS EKS overview and manual EKS cluster set up. In the previous – Kubernetes:… Read More »