Estimated reading time: 5 minutes

Debugging JavaScript in Auth WebViews

There is a growing trend where authentication is occurring within browser controls in applications instead of through native UI. In general, this is good because it makes things like federation simpler, and lets you use different forms of authentication without requiring changes to native components. This means any application you build can rely on a single authentication service and support a multitude of credential types without having to do anything in your own native app. Microsoft is all in with this through Azure AD, and through the ADAL (Azure Active Directory Authentication Libraries). Of course, there are problems with that. Paramount…

Estimated reading time: 9 minutes

A Year in Review: South Bound and Down

The last year or so has been… busy. Around this time last year the company I work for got acquired by Kaseya and it was a reasonably smooth transition. I went from being the Identity Guy to Lead Member of Technical Staff, and from a small engineering team to, well, a lot more. Our products went from being somewhat silo’ed in nature to being the secure foundation for Kaseya’s new next generation platform. As such my team has spent the last year building some pretty cool things that everyone will see in the coming months. We made amazing progress over this…

Estimated reading time: 2 minutes

What is Code?

One of the lessons that TMitTB [The Man in the Taupe Blazer] has tried to get across to you, the big message that matters most to him, is that code is never done; after shipping the new platform (no longer a website, this is a platform), with all its interlocking components, he and his team will continue to work on it forever. There will always be new bugs, new features, new needs. Such things are the side effects of any growth at all, and this platform is, he insists, designed to scale. What no one in engineering can understand is…

Estimated reading time: 76 minutes

Going Nuclear: Modeling Threats to Distributed Systems

It probably won’t come as a shock to you that as I was writing up my last post on IoT and my new Geiger counter I was mentally reviewing all the things that scared the crap out of me had me concerned security-wise. I don’t mean the apocalyptic visions of Fallout, but about the fact that I have a device I don’t necessarily trust sitting on my network constantly feeding data to a remote server without much control by me. I’m predictable like that. Upon further review I realized I wanted to write up my thoughts on how I would protect against such an unknown, but really……

Estimated reading time: 11 minutes

IoT is Weird: Or Why I now have a Network Connected Geiger Counter

Update I have a page of data here: It’s a bit weird to imagine everything with an IP address. I’m not entirely sure how I feel about this idea. My feelings about this aside though, this is becoming more and more prevalent with the advent of cheap and powerful processors available to anyone with an idea. It used to be that you needed a team of engineers to build embedded devices that can connect to the internet, but now all you need is an Arduino, a few components, a few hundred lines of code, and a few hours to build an internet connected device….

Estimated reading time: 16 minutes

Windows Azure Pack Tenant Public API Authentication Options

Web services, as we’ve learned throughout this series, are integral to the workings of Windows Azure Pack. Every UI exposed to the user connects to the backend via web service, every resource provider is managed by Windows Azure Pack through their own web services, and 3rd party functionality can be tied in through web services. It’s an SOA world. Last time we looked at the Tenant Public API and how it uses client certificates for authentication. Client certificates are paradoxically complex beasts while also being the easiest authentication method for 3rd parties to use. This is because you don’t really need to…

Estimated reading time: 15 minutes

Web Service Authentication in Windows Azure Pack

It’s been a couple months since we last looked at Windows Azure Pack so before we jump into the thick of it lets recap. Windows Azure Pack is an awesome on-premise private cloud platform The interactive portions are broken down into two sections: admin areas and tenant areas It relies on JWTs as bearer tokens to authenticate between UI surfaces and backend web services It uses federation to authenticate users at two separate Security Token Services using WS-Federation A JWT is used as the token in the WS-Fed protocol You can use your own STS or ADFS to authenticate users All coming back now? Good!…

Estimated reading time: 2 minutes

Windows Azure Pack Authentication Part 3.5 – Using ADFS

Since we looked at using a custom IdP for Windows Azure Pack last time I figured it would be good to explicitly list some resources for those looking to use ADFS instead as that’s a fairly common scenario people are exploring. Building Clouds Federated Identities to Windows Azure Pack through AD FS – Part 1 of 3: Federated Identities to Windows Azure Pack through AD FS – Part 2 of 3: Federated Identities to Windows Azure Pack through AD FS – Part 3 of 3: TechNet Configure Active Directory Federation Services for Windows Azure Pack: Windows Azure Pack (#WAPack) and Related Blogs,…

Estimated reading time: 41 minutes

Windows Azure Pack Authentication Part 3 – Using a Third Party IdP

In the previous installments of this series we looked at how Windows Azure Pack authenticates users and how it’s configured out of the box for federation. This time around we’re going to look at how you can configure federation with a third party IdP. Microsoft designed Windows Azure Pack the right way. It supports federation with industry protocols out of the box. You can’t say that for many services, and you certainly can’t say that those services support it natively for all versions – more often than not you have to pay extra for it. Windows Azure Pack supports federation, and actually uses it…

Estimated reading time: 21 minutes

Windows Azure Pack Authentication Part 2

Last time we looked at how Windows Azure Pack authenticates users in the Admin Portal. In this post we are going to look at how authentication works in the Tenant Portal. Authentication in the Tenant Portal works exactly the same way authentication in the Admin Portal works. Detailed and informative explanation, right? Actually, with any luck you’ve read, and were more importantly, able to decipher my explanations in the last post. The reason for that is because we’re going to go a bit deeper into the configuration of how authentication is configured.  If that’s actually the case then you know everything you need…