11th Oct 2010 - First Day in RailCorp

I joined RailCorp ICT department as a Senior Authentication Specialist responsible as a tech lead of the IAM team.

8th Oct 2010 - Mission Accomplished and Farewell to UNSW

Mission Accomplished and Farewell to UNSW. The Web Single Sign On (wSSO) is deployed successfully on 8th of October and in production now. I, as the development team of wSSO, have done my work in UNSW and it’s time to go.

Migrate some posts from other blogger

In the following days, I will migrate some posts back to 2010 from other logger. It seems no way to trick the post date of the google blogger. All old posts will have a date in title.

OpenIDM: why a new identity management solution

OpenIDM is an open standards based Identity Management, Provisioning and Compliance solution.
It is planned to have more or less the same functionality available in OpenIDM as there was in SunIDM with even a stronger focus on role management and complience.

Reference:
http://blogs.forgerock.com/matthias/?cat=3
http://forgerock.com/openidm-faq.html

OpenSSO One Time Password Authentication via Mobile SMS and Email

http://blogs.sun.com/docteger/entry/one_time_password_authentication_opensso

http://www.coresecuritypatterns.com/blogs/?p=1669

How to write CFID and CFTOKEN as per-session cookies?

Cookies are normally saved to the client's hard drive in a text file. To ensure that a user's session ends when they close their browser, save the cfid and cftoken values as per-session cookies instead. Per-session cookies aren't written as a text file to the users's computer; they are stored in memory and are deleted when the browser is closed. If a new browser window is opened and they revisit the same ColdFusion web site, the cfid and cftoken values that previously identified them no longer exist, causing ColdFusion to create a new session for that user.

<cfapplication
name="myapp"
sessionmanagement="Yes"
setclientcookies="No">

<cfif not IsDefined("cookie.cfid")>
<cflock scope="session" type="readonly" timeout="5">
<cfcookie name="cfid" value="#session.cfid#">
<cfcookie name="cftoken" value="#session.cftoken#">
</cflock>

</cfif>


Reference: http://kb2.adobe.com/cps/179/tn_17915.html
http://www.thenetprofits.co.uk/coldfusion/faq/topic.cfm
http://www.adobe.com/devnet/coldfusion/articles/dev_security/coldfusion_security_cf8.pdf

Tour Plan for Blue Mountains (Public Transportation)

Echo Point: 33°43′54.27″S 150°18′46.36″E
Scenic World: 33°43′43.54″S 150°18′01.38″E

train: Allawah --> Central --> Katoomba Station

Option 1 : 2 hours 55 minutes
Take the Eastern Suburbs And Illawarra Line train (CityRail)
Dep: 8:26am Allawah Station Platform 3
Arr: 8:51am Central Station Platform 24

Take the Blue Mountains Line train (CityRail)
Dep: 9:18am Central Station Platform 7
Arr: 11:21am Katoomba Station Platform 2

Option 2 : 2 hours 55 minutes
Take the Eastern Suburbs And Illawarra Line train (CityRail)
Dep: 9:26am Allawah Station Platform 3
Arr: 9:51am Central Station Platform 24

Take the Blue Mountains Line train (CityRail)
Dep: 10:18am Central Station Platform 7
Arr: 12:21pm Katoomba Station Platform 2

bus (686) : Katoomba Station --> Scenic World

Option 1 : 17 minutes
Walk to bus stop Fire Station Parke St Near Bathurst Rd - 88 metres

Take the 686 bus (Blue Mountains Bus Company)
Dep: 11:26am Fire Station Parke St Near Bathurst Rd
Arr: 11:40am Scenic World

Walk to Scenic Railway Katoomba - 120 metres

Option 2 : 20 minutes
Walk to bus stop Fire Station Parke St Near Bathurst Rd - 88 metres

Take the 686 bus (Blue Mountains Bus Company)
Dep: 11:58am Fire Station Parke St Near Bathurst Rd
Arr: 12:15pm Scenic World

Walk to Scenic Railway Katoomba - 120 metres

Option 3 : 17 minutes
Walk to bus stop Fire Station Parke St Near Bathurst Rd - 88 metres

Take the 686 bus (Blue Mountains Bus Company)
Dep: 12:26pm Fire Station Parke St Near Bathurst Rd
Arr: 12:40pm Scenic World

Walk to Scenic Railway Katoomba - 120 metres

Scenic World:
Option 1: Scenic Skyway
Option 2: Railway --> Scenic Walkway(2.8km) --> Scenic Cableway
Option 3: Scenic Cableway --> Scenic Walkway(2.8km) --> Scenic Railway

bus (686) : Scenic World --> Echo Point (Three Sisters)

bus (686) : Echo Point --> Katoomba Station

train: Katoomba Station --> Central --> Allawah

Option 1 : 2 hours 42 minutes
Take the Blue Mountains Line train (CityRail)
Dep: 3:25pm Katoomba Station Platform 1
Arr: 5:31pm Central Station Platform 7

Take the Eastern Suburbs And Illawarra Line train (CityRail)
Dep: 5:44pm Central Station Platform 25
Arr: 6:07pm Allawah Station Platform 4

Option 2 : 2 hours 42 minutes
Take the Blue Mountains Line train (CityRail)
Dep: 4:25pm Katoomba Station Platform 1
Arr: 6:31pm Central Station Platform 7

Take the Eastern Suburbs And Illawarra Line train (CityRail)
Dep: 6:44pm Central Station Platform 25
Arr: 7:07pm Allawah Station Platform 4

Option 3 : 2 hours 42 minutes
Take the Blue Mountains Line train (CityRail)
Dep: 5:25pm Katoomba Station Platform 1
Arr: 7:31pm Central Station Platform 10

Take the Eastern Suburbs And Illawarra Line train (CityRail)
Dep: 7:44pm Central Station Platform 25
Arr: 8:07pm Allawah Station Platform 4

http://www.scenicworld.com.au/
http://www.131500.com.au/

Tour Plan for Wollongong (Driving)

Bald Hill Lookout: LAWRENCE HARGRAVE DRIVE Otford, NSW 2508
Stanwell Park: (34°13′41.79″S 150°59′19.00″E)
Sea Cliff Bridge: Sea Cliff Bridge, 2508
Kiama Blowhole: Blowhole Point Headland Blowhole Point Road Kiama, NSW 2533
Kiama lighthouse: Blowhole Point, Kiama New South Wales 2533 (Kiama Lighthouse)
Illawarra Fly Tree Top Walk: 182 Knights Hill Rd, Knights Hill NSW 2577

Home--> Bald Hill Lookout (34°13′23.45″S 150°59′52.49″E)
39.3 km – about 47 mins
Bald Hill Lookout --> Sea Cliff Bridge (34°15′26.97″S 150°58′21.82″E)
4.4 km – about 4 mins

Sea Cliff Bridge--> Kiama Blowhole, Kiama lighthouse (34°40′18.59″S 150°51′43.04″E)
59.7 km – about 1 hour 5 mins

Kiama--> Illawarra Fly Tree Top Walk (34°37′280″S 150°42′100″E)
25.0 km – about 26 mins

Illawarra Fly Tree Top Walk --> Home
108 km – about 1 hour 39 mins


SCENIC DRIVE FOUR - SADDLEBACK MOUNTAIN LOOKOUT, JAMBEROO VILLAGE, MINNAMURRA RAINFOREST, ILLAWARRA FLY TREETOP WALK, JAMBEROO ACTION PARK

Time: 1 hour

Start at the Kiama Visitors Centre on Blowhole Point, drive the loop past the Lighthouse and Blowhole, turn right on Terralong Street, then left at the roundabout onto Manning Street. Travel south and turn right at Kiama High School onto Saddleback Mountain Road. Turn left at the hill top and follow the scenic country road which takes you to Saddleback Lookout where, on a clear day, you can see almost 120km north and south along the coast. This is also the start of Hoddles Track
bush walk.

Leave the lookout and turn left on Fountaindale Road and follow the bitumen track to Jamberoo Road.
Turn left and proceed for 2km to reach historic Jamberoo village. About 1km through town, turn right at the roundabout, then left up Jamberoo Mountain Road for the award winning Minnamurra Rainforest in Budderoo National Park, Barren Grounds Nature reserve and the Illawarra Fly Tree Top Walk at Knights Hill.

Return to Jamberoo Road, turn left and travel for about 4km to Jamberoo Action Park, then onto Albion Park. Turn right at the Princes Highway to head back to Kiama. Or from Jamberoo Action Park you can return back to Kiama on Jamberoo Road, past historic Terragong House.

http://www.freeoz.org/ibbs/viewthread.php?tid=881851
http://grandpacificdrive.com.au/attractions/default.aspx
http://www.sydney.com
http://www.kiama.com.au/accom_result1/minnamurra-rainforest/
http://www.kiama.com.au/pages/drives/

Integrate with CAS to provide authentication service to Adobe ColdFusion Application

Just recorded a video to show integrating with CAS to provide authentication service to Adobe ColdFusion Application.

Demo: CASifying Adobe ColdFusion Application

Kuali Identity Management (KIM)

In the last few months, I was looking for a solution that provides authentication, authorization, single sign-on and identity management service by plugging in Identity and Access Management implementations. I found Kuali Identity Management (KIM).

The primary goal of KIM was to build a service-oriented abstraction layer for Identity and Access Management.

Integration with other IDM services was acknowledged, expected, and designed for!

Company Website has been setup

Company Name: QF Software Consulting Pty Ltd

Website: http://www.qfsoftware.biz

The site shows you some solutions on Identity Management Area including Single Sign On, Federation, Access Management and Identity Management using CAS, Shibboleth and Sun IDM.

We provide online or onsite consulting services. For detail, please refer to Consluting Service.

Qualifications:
Sun Certified Java Programmer
Sun Certified Web Developer
Sun Certified Enterprise Architect
Sun Certified Integrator for Identity Manager

Contact Us by email: info@qfsoftware.biz

Passed: Sun Certified Integrator for Identity Manager

Passed the Sun Certified Integrator for Identity Manager exam this morning.

Now I'm a "certified" specialist of Sun Identity Manager.

Sun Identity Manager 7.1 LDAP Resource Failover Support

On the version of Sun Identity Manager 7.1, the Host is "the name or IP address of the host where the LDAP server is running" in LDAP Resource Edit form.

















It seems Host can only support one server.
But it can be configured to multiple servers to support failover.

server1 ldap://server2 ldap://server3

The Order of returning Error when authenticating against AD using LDAP/Kerberos

LDAP:

Account Locked --> Wrong Password --> Account Disabled --> Account Expired --> Password Expired

Kerberos:
Account Locked/Disabled/Expired --> Wrong Password --> Password Expired

Simple tool to get java object memory map

jmap

http://java.sun.com/developer/technicalArticles/J2SE/monitoring/


IKM Test Report - J2EE

On 2008, I did a IKM test on J2EE.

Test Report: http://qingfeng.tech.officelive.com/Documents/IKM-Java-J2EE%20Test%20Result%20-%20Qingfeng%20Zhang.pdf

Kerberos vs Ldap

Kerberos cannot distinguish between 'Account Disabled', 'Account Locked out' and 'Account Expired'. They share the same error code 18.

But LDAP can distinguish them by different error code.

Green Slip Calculator - Australia

http://prices.maa.nsw.gov.au/index.html

Post/Redirect/Get pattern for web applications

The WONTFIX bug (Bug 160144 – Replace "PAGE CONTAINS POST DATA" with better UI) is really annoying.

The best way to bypass that is:
http://en.wikipedia.org/wiki/Post/Redirect/Get

IE Session Sharing

IE6, IE7 do not share session between IE windows (created separately by running iexplore.exe).

IE 8 do share session like Firefox.

Sequence Diagrams for CAS

Sequence Diagram for Accessing Application (Pre-Authentication):



















Sequence Diagram for Accessing Application (Post-Authentication):

Solution for independent session timeout setting between CAS Server and Client Applications.

CAS standard implementation for session timeout is by providing a global session timeout setting to overwrite any client application's.
The simple scenario is like this:
Settting:
CAS Session Timeout: 60 minutes;
App Session Timeout: 30 minutes.
Steps:
1. Logon to App through CAS;
2. Idle App for 30 minutes;
3. App still is alive and can be used without re-login.

But lots of customers have this requirement: keep the client application session timeout.
The simple scenario is like this:
Settting:
CAS Session Timeout: 60 minutes;
App1 Session Timeout: 30 minutes;
App2 Session Timeout: 45 minutes.
Steps:
1. Logon to App1 through CAS;
2. Idle App1 for 30 minutes;
3. Click App1 and will be redirect to CAS login page.
4. Access App2 URL within 60 minutes since first Logon, you still can get access to App2 without login.

Solution:
When App Logout, provide a renew-like function so you need to re-authenticate when trying to access that App again.

jbosscache vs memcached

snoop vs Ethereal(Wireshark)

Freeware for Solaris

http://www.sunfreeware.com/

CAS Windows Desktop SSO DEMO

DEMO:
http://qfsoftware.biz/Documents/CAS%20Windows%20Desktop%20SSO.html

SPNEGO - CAS User Manual - JA-SIG Wiki:
http://www.ja-sig.org/wiki/display/CASUM/SPNEGO

HTTP-Based Cross-Platform Authentication via the Negotiate Protocol:
http://msdn.microsoft.com/en-us/library/ms995329.aspx

Property Title Search

Online Property Title Search - NSW https://lpi-online.lpi.nsw.gov.au/cgi-bin/lpis/menu.pl

Contributing CAS extension to OpenSSO (Updated)

The solution CASifying Sun Access Manager has been contributed to Sun OpenSSO as Authentication Module Extension and published on https://opensso.dev.java.net/public/extensions/index.html

JA-SIG CAS Extension of OpenSSO: [ README | Source ]

QF Software Consulting Pty Ltd Created

We provide online or onsite consulting services on Identity Management Area including Single Sign On, Federation, Access Management and Identity Management using CAS, Shibboleth and Sun IDM. For detail, please refer to Online Consluting Service.

Website:
QF Software Consulting Pty Ltd

CAS Single Sign Out Solution

My solution should be the easiest solution for single sign out. With my solution, you do not need to change anything on CAS enabled client application. The only change is on CAS. It's not like the current CAS official supported Single Sign Out solution that all client applications must be modified to handle a sign out request that send by CAS Server.

DEMO:
CAS Single Sign Out

Qingfeng's Tech Area

The site shows you what I have learned and worked on Identity Management Area including Single Sign On, Federation, Access Management and Identity Management using CAS, Shibboleth and Sun IDM.

http://qingfeng.tech.officelive.com

AutoPager :: Add-ons for Firefox

AutoPager automatically loads the next page when you reach the end of the page. It works on a ton of sites, like Google,Yahoo .......
This add-on works well with most other add-ons like adblock plus, WOT and most of the greasemonkey scripts.

https://addons.mozilla.org/en-US/firefox/addon/4925

WeatherBug :: Add-ons for FirefoxWeatherBug :: Add-ons for Firefox

Get live, local weather conditions in Firefox with the WeatherBug extension. Featuring forecasts, radar, and severe weather alerts from WeatherBug's community of neighborhood weather stations.

https://addons.mozilla.org/en-US/firefox/addon/2455

QQ failed to login on Pidgin (Solved)

I got this when trying to logon QQ through Pidgin.














Solution: Change QQ Client Version on Advanced Tab in Modify Account Window.

Can't access www.google.cn (solved)

Can't access www.google.cn any more, but I found some alternatives:

http://www.google.com/intl/zh-CN/
http://74.125.127.160/
http://72.14.203.160/

Online query of property sale history (Australia)

Links:
http://www.suburbview.com/
http://www.oldlistings.com.au/
http://homepriceguide.com.au/
http://onthehouse.com.au/

A weird problem solved on Sun Access Manager

Symptom: Only can access login module once, will get following error when trying to access login module at the second time.

Error:
[22/May/2009:18:08:25] failure ( 8127): for host 149.171.129.78 trying to GET /amserver/UI/Login, service-j2ee reports: StandardWrapperValve[

LoginServlet]: PWC1406: Servlet.service() for servlet LoginServlet threw exception
java.lang.IncompatibleClassChangeError
at com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:328)
at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981)
at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
at com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:459)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:796)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:917)
at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:398)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:86)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:217)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:255)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:188)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:586)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:556)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:187)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:586)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:556)
at com.sun.webserver.connector.nsapi.NSAPIProcessor.service(NSAPIProcessor.java:160)

Reason:
mismatch of Sun Access Manager version and amserver web application version

Solution:
replace am_auth_ui.jar, am_mfwkexc.jar, jato.jar under /var/opt/SUNWwbsvr7/https-am/web-app/am/amserver/WEB-INF/lib
using the jars in amserver.war under /opt/SUNWam

Firebug

A JavaScript Debugging Tool.

Reference:
Firebug
Google Code FAQ - JavaScript Debugging with Firebug

JGroups - A Toolkit for Reliable Multicast Communication

http://www.jgroups.org/

YourKit - easy to use profiling tool

http://www.yourkit.com/

JMeter - free Java tool for load/stree test

http://jakarta.apache.org/jmeter/

OutOfMemoryException: unable to create new native thread

This error will occur even when you have plenty of heap, but the OS cannot allocate more memory for the threadstack. You can reduce the size of the thread stack with -Xss128k. The total memory usage equation is:

(heap size) + (number of threads)x(thread stack size) = (total RAM used by JVM process).

Default Thread Size:
Thread Stack Size (in Kbytes). (0 means use default stack size) [Sparc: 512; Solaris x86: 320 (was 256 prior in 5.0 and earlier); Sparc 64 bit: 1024; Linux amd64: 1024 (was 0 in 5.0 and earlier); all others 0.]

Articles:
http://www.jboss.org/community/wiki/OutOfMemoryExceptions
http://www.jboss.org/community/wiki/OutOfMemoryExceptionWhenCannotCreateThread
http://java.sun.com/javase/technologies/hotspot/vmoptions.jsp

Using JConsole to Monitor Applications

JConsole is a JRE embedded tool for monitoring Java Application.


Articles:

Using JConsole to Monitor Applications

Using JConsole - Java SE Monitoring and Management Guide

Tomtom wrong suburb problem

I meet a problem when using Tomtom direct to a certain address but it will direct me to a wrong suburb with the same address.

Nero disc-at-once problem (Solved)

That's because other application is trying to write that disc as well.

The most case on windows is windows media player.

The solution is easy, just kill media player process.

Solution for No Mouse Integration when installed VirtualBox Guest Additions on Ubuntu 8.10

1. Goto System-->Administration--> Update Manager
2. Install Update for xserver-xorg-input-vmmouse
3. sudo reboot

The Future of Enterprise Java Developer: OSGi + Spring?

Rod Johnson Discusses Spring, OSGi, Tomcat and the Future of Enterprise Java :
http://www.infoq.com/interviews/johnson-spring-osgi-tomcat

Getting Started with OpenSSO and Policy Agent

The link:
http://qfsoftware.biz/Documents/opensso-policyagent.html

Install OpenSSO Enterprise 8.0 on Tomcat in Windows

I have recorded a demo for how to install OpenSSO Enterprise 8.0 on Tomcat in Windows.

The link:
http://qfsoftware.biz/Documents/opensso-installation.html

My LinkedIn Profile

I heard the LinkedIn first time when Pat Patterson (Sun Federation Architect) inviting me to join his network. Then, I created my profile http://www.linkedin.com/in/qingfengzhang