Friday, May 11, 2012

11th Oct 2010 - First Day in RailCorp

I joined RailCorp ICT department as a Senior Authentication Specialist responsible as a tech lead of the IAM team.

8th Oct 2010 - Mission Accomplished and Farewell to UNSW

Mission Accomplished and Farewell to UNSW. The Web Single Sign On (wSSO) is deployed successfully on 8th of October and in production now. I, as the development team of wSSO, have done my work in UNSW and it’s time to go.

Migrate some posts from other blogger

In the following days, I will migrate some posts back to 2010 from other logger. It seems no way to trick the post date of the google blogger. All old posts will have a date in title.

Friday, August 6, 2010

OpenIDM: why a new identity management solution

OpenIDM is an open standards based Identity Management, Provisioning and Compliance solution.
It is planned to have more or less the same functionality available in OpenIDM as there was in SunIDM with even a stronger focus on role management and complience.

Reference:
http://blogs.forgerock.com/matthias/?cat=3
http://forgerock.com/openidm-faq.html

Wednesday, August 4, 2010

OpenSSO One Time Password Authentication via Mobile SMS and Email

http://blogs.sun.com/docteger/entry/one_time_password_authentication_opensso

http://www.coresecuritypatterns.com/blogs/?p=1669

How to write CFID and CFTOKEN as per-session cookies?

Cookies are normally saved to the client's hard drive in a text file. To ensure that a user's session ends when they close their browser, save the cfid and cftoken values as per-session cookies instead. Per-session cookies aren't written as a text file to the users's computer; they are stored in memory and are deleted when the browser is closed. If a new browser window is opened and they revisit the same ColdFusion web site, the cfid and cftoken values that previously identified them no longer exist, causing ColdFusion to create a new session for that user.


<cfapplication
name="myapp"
sessionmanagement="Yes"
setclientcookies="No">

<cfif not IsDefined("cookie.cfid")>
<cflock scope="session" type="readonly" timeout="5">
<cfcookie name="cfid" value="#session.cfid#">
<cfcookie name="cftoken" value="#session.cftoken#">
</cflock>

</cfif>


Reference: http://kb2.adobe.com/cps/179/tn_17915.html
http://www.thenetprofits.co.uk/coldfusion/faq/topic.cfm
http://www.adobe.com/devnet/coldfusion/articles/dev_security/coldfusion_security_cf8.pdf

Tuesday, July 13, 2010

Tour Plan for Blue Mountains (Public Transportation)

Echo Point: 33°43′54.27″S 150°18′46.36″E
Scenic World: 33°43′43.54″S 150°18′01.38″E

train: Allawah --> Central --> Katoomba Station


Option 1 : 2 hours 55 minutes
Take the Eastern Suburbs And Illawarra Line train (CityRail)
Dep: 8:26am Allawah Station Platform 3
Arr: 8:51am Central Station Platform 24

Take the Blue Mountains Line train (CityRail)
Dep: 9:18am Central Station Platform 7
Arr: 11:21am Katoomba Station Platform 2

Option 2 : 2 hours 55 minutes
Take the Eastern Suburbs And Illawarra Line train (CityRail)
Dep: 9:26am Allawah Station Platform 3
Arr: 9:51am Central Station Platform 24

Take the Blue Mountains Line train (CityRail)
Dep: 10:18am Central Station Platform 7
Arr: 12:21pm Katoomba Station Platform 2

bus (686) : Katoomba Station --> Scenic World

Option 1 : 17 minutes
Walk to bus stop Fire Station Parke St Near Bathurst Rd - 88 metres

Take the 686 bus (Blue Mountains Bus Company)
Dep: 11:26am Fire Station Parke St Near Bathurst Rd
Arr: 11:40am Scenic World

Walk to Scenic Railway Katoomba - 120 metres

Option 2 : 20 minutes
Walk to bus stop Fire Station Parke St Near Bathurst Rd - 88 metres

Take the 686 bus (Blue Mountains Bus Company)
Dep: 11:58am Fire Station Parke St Near Bathurst Rd
Arr: 12:15pm Scenic World

Walk to Scenic Railway Katoomba - 120 metres

Option 3 : 17 minutes
Walk to bus stop Fire Station Parke St Near Bathurst Rd - 88 metres

Take the 686 bus (Blue Mountains Bus Company)
Dep: 12:26pm Fire Station Parke St Near Bathurst Rd
Arr: 12:40pm Scenic World

Walk to Scenic Railway Katoomba - 120 metres

Scenic World:
Option 1: Scenic Skyway
Option 2: Railway --> Scenic Walkway(2.8km) --> Scenic Cableway
Option 3: Scenic Cableway --> Scenic Walkway(2.8km) --> Scenic Railway

bus (686) : Scenic World --> Echo Point (Three Sisters)

bus (686) : Echo Point --> Katoomba Station

train: Katoomba Station --> Central --> Allawah

Option 1 : 2 hours 42 minutes
Take the Blue Mountains Line train (CityRail)
Dep: 3:25pm Katoomba Station Platform 1
Arr: 5:31pm Central Station Platform 7

Take the Eastern Suburbs And Illawarra Line train (CityRail)
Dep: 5:44pm Central Station Platform 25
Arr: 6:07pm Allawah Station Platform 4

Option 2 : 2 hours 42 minutes
Take the Blue Mountains Line train (CityRail)
Dep: 4:25pm Katoomba Station Platform 1
Arr: 6:31pm Central Station Platform 7

Take the Eastern Suburbs And Illawarra Line train (CityRail)
Dep: 6:44pm Central Station Platform 25
Arr: 7:07pm Allawah Station Platform 4

Option 3 : 2 hours 42 minutes
Take the Blue Mountains Line train (CityRail)
Dep: 5:25pm Katoomba Station Platform 1
Arr: 7:31pm Central Station Platform 10

Take the Eastern Suburbs And Illawarra Line train (CityRail)
Dep: 7:44pm Central Station Platform 25
Arr: 8:07pm Allawah Station Platform 4

http://www.scenicworld.com.au/
http://www.131500.com.au/

Tour Plan for Wollongong (Driving)

Bald Hill Lookout: LAWRENCE HARGRAVE DRIVE Otford, NSW 2508
Stanwell Park: (34°13′41.79″S 150°59′19.00″E)
Sea Cliff Bridge: Sea Cliff Bridge, 2508
Kiama Blowhole: Blowhole Point Headland Blowhole Point Road Kiama, NSW 2533
Kiama lighthouse: Blowhole Point, Kiama New South Wales 2533 (Kiama Lighthouse)
Illawarra Fly Tree Top Walk: 182 Knights Hill Rd, Knights Hill NSW 2577

Home--> Bald Hill Lookout (34°13′23.45″S 150°59′52.49″E)
39.3 km – about 47 mins
Bald Hill Lookout --> Sea Cliff Bridge (34°15′26.97″S 150°58′21.82″E)
4.4 km – about 4 mins

Sea Cliff Bridge--> Kiama Blowhole, Kiama lighthouse (34°40′18.59″S 150°51′43.04″E)
59.7 km – about 1 hour 5 mins

Kiama--> Illawarra Fly Tree Top Walk (34°37′280″S 150°42′100″E)
25.0 km – about 26 mins

Illawarra Fly Tree Top Walk --> Home
108 km – about 1 hour 39 mins


SCENIC DRIVE FOUR - SADDLEBACK MOUNTAIN LOOKOUT, JAMBEROO VILLAGE, MINNAMURRA RAINFOREST, ILLAWARRA FLY TREETOP WALK, JAMBEROO ACTION PARK

Time: 1 hour

Start at the Kiama Visitors Centre on Blowhole Point, drive the loop past the Lighthouse and Blowhole, turn right on Terralong Street, then left at the roundabout onto Manning Street. Travel south and turn right at Kiama High School onto Saddleback Mountain Road. Turn left at the hill top and follow the scenic country road which takes you to Saddleback Lookout where, on a clear day, you can see almost 120km north and south along the coast. This is also the start of Hoddles Track
bush walk.

Leave the lookout and turn left on Fountaindale Road and follow the bitumen track to Jamberoo Road.
Turn left and proceed for 2km to reach historic Jamberoo village. About 1km through town, turn right at the roundabout, then left up Jamberoo Mountain Road for the award winning Minnamurra Rainforest in Budderoo National Park, Barren Grounds Nature reserve and the Illawarra Fly Tree Top Walk at Knights Hill.

Return to Jamberoo Road, turn left and travel for about 4km to Jamberoo Action Park, then onto Albion Park. Turn right at the Princes Highway to head back to Kiama. Or from Jamberoo Action Park you can return back to Kiama on Jamberoo Road, past historic Terragong House.

http://www.freeoz.org/ibbs/viewthread.php?tid=881851
http://grandpacificdrive.com.au/attractions/default.aspx
http://www.sydney.com
http://www.kiama.com.au/accom_result1/minnamurra-rainforest/
http://www.kiama.com.au/pages/drives/

Tuesday, June 22, 2010

Integrate with CAS to provide authentication service to Adobe ColdFusion Application

Just recorded a video to show integrating with CAS to provide authentication service to Adobe ColdFusion Application.

Demo: CASifying Adobe ColdFusion Application

Kuali Identity Management (KIM)

In the last few months, I was looking for a solution that provides authentication, authorization, single sign-on and identity management service by plugging in Identity and Access Management implementations. I found Kuali Identity Management (KIM).

The primary goal of KIM was to build a service-oriented abstraction layer for Identity and Access Management.

Integration with other IDM services was acknowledged, expected, and designed for!

Thursday, May 6, 2010

Company Website has been setup

Company Name: QF Software Consulting Pty Ltd

Website: http://www.qfsoftware.biz

The site shows you some solutions on Identity Management Area including Single Sign On, Federation, Access Management and Identity Management using CAS, Shibboleth and Sun IDM.

We provide online or onsite consulting services. For detail, please refer to Consluting Service.

Qualifications:
Sun Certified Java Programmer
Sun Certified Web Developer
Sun Certified Enterprise Architect
Sun Certified Integrator for Identity Manager

Contact Us by email: info@qfsoftware.biz

Friday, April 30, 2010

Passed: Sun Certified Integrator for Identity Manager

Passed the Sun Certified Integrator for Identity Manager exam this morning.

Now I'm a "certified" specialist of Sun Identity Manager.

Tuesday, March 23, 2010

Sun Identity Manager 7.1 LDAP Resource Failover Support

On the version of Sun Identity Manager 7.1, the Host is "the name or IP address of the host where the LDAP server is running" in LDAP Resource Edit form.

















It seems Host can only support one server.
But it can be configured to multiple servers to support failover.

server1 ldap://server2 ldap://server3

Friday, March 19, 2010

The Order of returning Error when authenticating against AD using LDAP/Kerberos

LDAP:

Account Locked --> Wrong Password --> Account Disabled --> Account Expired --> Password Expired

Kerberos:
Account Locked/Disabled/Expired --> Wrong Password --> Password Expired

Friday, February 26, 2010

Kerberos vs Ldap

Kerberos cannot distinguish between 'Account Disabled', 'Account Locked out' and 'Account Expired'. They share the same error code 18.

But LDAP can distinguish them by different error code.

Wednesday, January 13, 2010

Green Slip Calculator - Australia

http://prices.maa.nsw.gov.au/index.html

Post/Redirect/Get pattern for web applications

The WONTFIX bug (Bug 160144 – Replace "PAGE CONTAINS POST DATA" with better UI) is really annoying.

The best way to bypass that is:
http://en.wikipedia.org/wiki/Post/Redirect/Get

IE Session Sharing

IE6, IE7 do not share session between IE windows (created separately by running iexplore.exe).

IE 8 do share session like Firefox.

Friday, December 4, 2009

Sequence Diagrams for CAS

Sequence Diagram for Accessing Application (Pre-Authentication):



















Sequence Diagram for Accessing Application (Post-Authentication):

Solution for independent session timeout setting between CAS Server and Client Applications.

CAS standard implementation for session timeout is by providing a global session timeout setting to overwrite any client application's.
The simple scenario is like this:
Settting:
CAS Session Timeout: 60 minutes;
App Session Timeout: 30 minutes.
Steps:
1. Logon to App through CAS;
2. Idle App for 30 minutes;
3. App still is alive and can be used without re-login.

But lots of customers have this requirement: keep the client application session timeout.
The simple scenario is like this:
Settting:
CAS Session Timeout: 60 minutes;
App1 Session Timeout: 30 minutes;
App2 Session Timeout: 45 minutes.
Steps:
1. Logon to App1 through CAS;
2. Idle App1 for 30 minutes;
3. Click App1 and will be redirect to CAS login page.
4. Access App2 URL within 60 minutes since first Logon, you still can get access to App2 without login.

Solution:
When App Logout, provide a renew-like function so you need to re-authenticate when trying to access that App again.

Friday, October 9, 2009

Monday, September 21, 2009

Monday, August 31, 2009

Friday, July 17, 2009

Contributing CAS extension to OpenSSO (Updated)

The solution CASifying Sun Access Manager has been contributed to Sun OpenSSO as Authentication Module Extension and published on https://opensso.dev.java.net/public/extensions/index.html

JA-SIG CAS Extension of OpenSSO: [ README | Source ]

Saturday, July 4, 2009

QF Software Consulting Pty Ltd Created

We provide online or onsite consulting services on Identity Management Area including Single Sign On, Federation, Access Management and Identity Management using CAS, Shibboleth and Sun IDM. For detail, please refer to Online Consluting Service.

Website:
QF Software Consulting Pty Ltd

Friday, July 3, 2009

CAS Single Sign Out Solution

My solution should be the easiest solution for single sign out. With my solution, you do not need to change anything on CAS enabled client application. The only change is on CAS. It's not like the current CAS official supported Single Sign Out solution that all client applications must be modified to handle a sign out request that send by CAS Server.

DEMO:
CAS Single Sign Out

Thursday, July 2, 2009

Qingfeng's Tech Area

The site shows you what I have learned and worked on Identity Management Area including Single Sign On, Federation, Access Management and Identity Management using CAS, Shibboleth and Sun IDM.

http://qingfeng.tech.officelive.com

Wednesday, June 24, 2009

AutoPager :: Add-ons for Firefox

AutoPager automatically loads the next page when you reach the end of the page. It works on a ton of sites, like Google,Yahoo .......
This add-on works well with most other add-ons like adblock plus, WOT and most of the greasemonkey scripts.

https://addons.mozilla.org/en-US/firefox/addon/4925

WeatherBug :: Add-ons for FirefoxWeatherBug :: Add-ons for Firefox

Get live, local weather conditions in Firefox with the WeatherBug extension. Featuring forecasts, radar, and severe weather alerts from WeatherBug's community of neighborhood weather stations.

https://addons.mozilla.org/en-US/firefox/addon/2455

Tuesday, June 23, 2009

QQ failed to login on Pidgin (Solved)

I got this when trying to logon QQ through Pidgin.














Solution: Change QQ Client Version on Advanced Tab in Modify Account Window.


Monday, June 22, 2009

Can't access www.google.cn (solved)

Can't access www.google.cn any more, but I found some alternatives:

http://www.google.com/intl/zh-CN/
http://74.125.127.160/
http://72.14.203.160/

Online query of property sale history (Australia)

Links:
http://www.suburbview.com/
http://www.oldlistings.com.au/
http://homepriceguide.com.au/
http://onthehouse.com.au/

A weird problem solved on Sun Access Manager

Symptom: Only can access login module once, will get following error when trying to access login module at the second time.

Error:
[22/May/2009:18:08:25] failure ( 8127): for host 149.171.129.78 trying to GET /amserver/UI/Login, service-j2ee reports: StandardWrapperValve[
LoginServlet]: PWC1406: Servlet.service() for servlet LoginServlet threw exception
java.lang.IncompatibleClassChangeError
at com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:328)
at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981)
at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
at com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:459)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:796)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:917)
at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:398)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:86)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:217)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:255)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:188)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:586)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:556)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:187)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:586)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:556)
at com.sun.webserver.connector.nsapi.NSAPIProcessor.service(NSAPIProcessor.java:160)

Reason:
mismatch of Sun Access Manager version and amserver web application version

Solution:
replace am_auth_ui.jar, am_mfwkexc.jar, jato.jar under /var/opt/SUNWwbsvr7/https-am/web-app/am/amserver/WEB-INF/lib
using the jars in amserver.war under /opt/SUNWam

Firebug

A JavaScript Debugging Tool.

Reference:
Firebug
Google Code FAQ - JavaScript Debugging with Firebug

Friday, June 19, 2009

JGroups - A Toolkit for Reliable Multicast Communication

http://www.jgroups.org/

YourKit - easy to use profiling tool

http://www.yourkit.com/

JMeter - free Java tool for load/stree test

http://jakarta.apache.org/jmeter/

OutOfMemoryException: unable to create new native thread

This error will occur even when you have plenty of heap, but the OS cannot allocate more memory for the threadstack. You can reduce the size of the thread stack with -Xss128k. The total memory usage equation is:

(heap size) + (number of threads)x(thread stack size) = (total RAM used by JVM process).

Default Thread Size:
Thread Stack Size (in Kbytes). (0 means use default stack size) [Sparc: 512; Solaris x86: 320 (was 256 prior in 5.0 and earlier); Sparc 64 bit: 1024; Linux amd64: 1024 (was 0 in 5.0 and earlier); all others 0.]

Articles:
http://www.jboss.org/community/wiki/OutOfMemoryExceptions
http://www.jboss.org/community/wiki/OutOfMemoryExceptionWhenCannotCreateThread
http://java.sun.com/javase/technologies/hotspot/vmoptions.jsp

Using JConsole to Monitor Applications

JConsole is a JRE embedded tool for monitoring Java Application.


Articles:

Using JConsole to Monitor Applications

Using JConsole - Java SE Monitoring and Management Guide

Sunday, May 10, 2009

Tomtom wrong suburb problem

I meet a problem when using Tomtom direct to a certain address but it will direct me to a wrong suburb with the same address.

Nero disc-at-once problem (Solved)

That's because other application is trying to write that disc as well.

The most case on windows is windows media player.

The solution is easy, just kill media player process.

Friday, March 27, 2009

Solution for No Mouse Integration when installed VirtualBox Guest Additions on Ubuntu 8.10

1. Goto System-->Administration--> Update Manager
2. Install Update for xserver-xorg-input-vmmouse
3. sudo reboot

Friday, March 20, 2009

Thursday, March 12, 2009

My LinkedIn Profile

I heard the LinkedIn first time when Pat Patterson (Sun Federation Architect) inviting me to join his network. Then, I created my profile http://www.linkedin.com/in/qingfengzhang