Category: Code

Some years ago, I was scared of the certificates and had no idea how to set it up. I remember just following my colleagues commands. Later on, I have received a task to set up servers and renew a lot of certificates. It was not that complicated to do the basic set up/renewals.

I use keystore and truststore terms to differentiate the keystores for tomcat (java). The keystore usually contains SSL certificate with chain, where truststore contains the ROOT certificates for connected applications and domains.

I was thinking about CyberArk for a while as it is related to my work in IAM area. When this landed on my table, I must admit, it was a nice coincidence and I took it immidiately.

In the beginning, it was about finding the best way how to integrate AD linked CyberArk to our IdentityIQ setup. There were a few options e.g. IIQ PAM module, Webservices connector and afterProvisioning rule for powershell.

I think it didn’t start so well, because the stakeholder didn’t have requirements on what they want to achieve and instead put it on me to tell them whats possible in each scenario 🙂 I mean, no problem, I am happy to find out, but it was not a good sign.

Lets start with the current setup. Booked a meeting with an CyberArk expert. While waiting for a few days I did my research on objects, APIs and CyberArk fundamentals. After that I went through the posibilities in IIQ. After that documentation for PAM module. It made sense to integrate directly and sounded like the best option. Except…

Once I met the expert who was responsible for the solution for several years. He explained his suggestions on requirements and mainly the license optimization. It was actually pretty smart, but it didn’t fit the setup in IIQ. Mass deleting users from the target system didn’t make sense.

License optimization itself was pretty cool, at least for me. CyberArk accounts linked to AD accounts via AD group as basic permissions. Account is created with first login (if deleted, then recreated again)

Safes permissions are linked to AD groups too. Therefore all cyberark access to the UI and to safes are managed via AD groups and you can delete users in CyberArk any time. The next time user logs in, it is created again and keeps the same permissions to safe via AD.

After a few discussions, the PAM module was demo-ed to us from SailPoint and we agreed to have a followup after summer vacations. For me, the best outcome of the meeting was, that we could use 1 month PAM module for PoC for free.

I have got a good idea what is possible and what not, but it seems everyone wants to push it further and verify. I have suggested a worshop with right people so looking forward to it.

I can see realistically 2 outcomes, and maybe some hybrid option as third.

Change everything to CyberArk internal users and gain full governance and functionality from IIQ, but loose the license optimization.

Or implement afterProvisiong rule with powershell to create/remove users and safes in CyberArk. Gain automation, but not much else

Or some kind of hybrid, to manage some internal users and safes in PAM module and then the creation via powershell. Not sure yet how that could be split. But this is too complex, I would not recommend it.

My friend asked me to help out with a website for his new business idea to organize sport weekends for men only. It is mix of sport and relax with some education. Check it out active-relax.cz

I haven’t worked with WordPress for several years, so i was a bit curious how it would go. First impression wasn’t that great due to Woocommerce plugin having some performance issues in admin area.

We went though the classic steps of choosing the theme and dowloading the common plugins. Designing the front page and then going through all the steps that user would go.

Since we have done it from scratch, there was many things to cover and my friend correctly stated, that it was actually a lot of things to do. Meaning for each website/shop there are many things to consider and set up.

Our main tasks were

• registration form for multiple people
• various event types
• payments
• email notifications
• orders export

We managed most of it with plugins and then some parts had to be customized via functions.php in child-theme and some javascript on specific pages. It was quite nice to use vanilla javascript instead of jQuery for selectors.

It had to be created fast to test the idea and allow people to register. Another business reason was to showcase it for potential partners. So I had to put aside quite a few things and family. Worked on it during the nights and weekends and made the deadline end of June. I think the pause for the articles is justified.

If you use a repository on one of the version control platforms like github, gitlab or bitbucket then you need some basic commands.

When I was first introduced to git many years ago, I had to start with git pull, add, commit and push. I use this bulk of commands till nowdays. These commands basically update your local version Additionally you will need git status to see where you are and what you want to add to the repository.

Commands

git pull – gets you the new code from the repository
git add yourFile.php – add data for next commit
git commit -m “message about your changes” – you can put custom message to your commit changes
git push – upload commits to the repository

Scenarios

Join the existing project

When you are invited to the existing project/repository you need to get the code to your local machine. You can find the the URL in the web gui of the repository and then you command git clone git@github.com:bcvsolutions/CzechIdMng.git <optional my folder name>

Creating your own project

Start with creating Git repository online first and use git clone to get it locally. Otherwise you have to make adjustments to connect it later. You will have to deal with existing files or master branch.

Easy workaround

If you already have the code and want to push it to a new repository. Then in my opinion the easiest way to make it happen is through new folder and copy the files and folders there. Rename your current folder to _old if needed, then do a git clone. Copy the files and folders from your _old folder to the repository and proceed with add, commit and push. In this way you don’t have to deal with main branch or other commands.

Git init way

If you have a newer version of git 2.28+ then you can use. New default branch name is “main” on github.

git config --global init.defaultBranch main

git init
git add .
git commit -m “message”
git remote add origin <URL of your git repository>
git push -u origin main – here could be master instead of main, if you happen to have it as a new default branch.

Create a develop branch

As soon as you start testing your code locally or on the server. Try to create a new branch called develop or staging as it will help you in the future to divide production and test environment.

git checkout main – go to the branch main
git pull
git checkout -b develop – create and switch to branch develop from current branch(main) – this is is a shortcut instead of using git branch

When you have properly tested your code and you ready to push the changes to a production environment. Merge develop to main branch. That way you will have a working code in the production and space for developing new features.

git checkout main
git pull
git merge develop

Remove changes from a file

This restores completely the file — you will loose changes in staged area
git checkout HEAD — myfile.java

Forgot to commit a change, which will cause a new commit with minor detail

git reset –soft HEAD~1
git commit -m “changes together”