Fortigate: SAML authentication in firewall policy with Keycloak

First, create a new Single Sign-On authentication under User & Authentication. As of version 7.0.6, the GUI does not specify ports and does not let you change them either. To work around this, use the CLI. Default ports used by the captive portal are TCP/1000 and TCP/1003 for HTTP and HTTPS traffic respectively. You can find the different URLs about the IdP in Keycloak, in the relevant realm, under Realm Settings, then click on “SAML 2.0 Identity Provider Metadata”. The idp-entity-id is the value of entityID on the first line. The idp-single-sign-on-url and idp-single-logout-url are the same on Keycloak and you can use the value of the binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST. ...

October 6, 2022 · 3 min

Running a PKI using Smallstep certificates with Docker

Recently, I had to set up a new PKI. I was going to go with the good old OpenSSL but it’s 2021, there must be a more userfriendly and, more importantly, automated approach. There are many open-source possibilities: EJBCA, cfssl, Hashicorp Vault, Smallstep Certificates. I chose to use Smallstep certificates because it has all the features I need and they are not behind a pay-wall: lightweight: small Go binary, you can run it with a file-based database (similar to SQLite) user friendly CLI: compared to openssl commands ACME protocol: useful for Traefik reverse proxy OIDC authentication support: the guys are super friendly and available on their Discord channel Be sure to check their website, they have other features that you might want, especially their Certificate Manager. They also have a SaaS offering if you do not want to get your hands dirty. ...

September 12, 2021 · 11 min

Wowza 3 + Ubuntu 12.04 setup

2012-08-13 Update: simple monitoring with Cacti. I want to have a clean Wowza setup for a live streaming platform. The access to the streaming server will be open but every other service (management interface, ssh, web server, etc) will be firewalled. There will be usage reporting through awstats, monitoring through SNMP (performance) and Nagios NRPE (availability). Ubuntu Ubuntu installation I’ve done a standard installation, nothing fancy. Partitionning is done like this: ...

May 16, 2012 · 5 min

Allposters rapide et efficace

Première commande chez AllPosters.be , service rapide et effiace. Commande passée le jeudi soir, préparée et expédiée le vendredi, reçue le lundi matin via la Poste classique. Les posters étant enroulés dans du papier gris, le tout enfermé dans un tuyau en carton bien rigide, ils sont arrivés en bon état. A utiliser sans crainte !

December 7, 2010 · 1 min