Thursday, 1 July 2021

Creating user certificates with encrypted private key using openssl

The intent of this post is to list the steps to generate a self signed user certificate that has an encrypted private key with a passphrase.


Generate private key with passphrase

bash> openssl genrsa -des3 -passout pass:1234 -out client_key.pem 2048
(it has to be atleast 4 characters long)

To verify that this is encrypted private key, easy step is to open this private key in an editor & it will have content like;

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,974D80EBEF938726

hWANCxIG3lT1qaoTqza84pk10JeGD2vUXoVRj92WI2k+eYJvVhnW/tz5cZzNeozu
............................................
............................................
............................................
-----END RSA PRIVATE KEY-----

Generate csr using above generated private key

bash> openssl req -out client.csr -new -nodes -key client_key.pem -sha256
(to proceed, it will ask you for the private key passphrase)


Self Sign the user certifcate with Root CA

bash> openssl x509 -req -days 360 -in client.csr -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -out client_cert.pem -sha256
(you will be asked for ca cert key password)



Hope this helps :-)
Enjoy :-)

Thursday, 3 June 2021

How to block Blacklisted User with OAAM PreAuthenticationCheckpoint

Block Blacklisted User with OAAM Pre Authentication Check


We can block blacklisted users using rules in OAAM. And let's say we want to do this at pre authentication checkpoint, we can add a blacklisted user in a group which we can attach to a condition & that condition will be attached to a rule. For us all this enablement in OAAM gets pre seeded (i am assuming you have imported the snapshot). View this video & get a basic understanding of how policies, rules & conditions come into action at real time.



Hope this helps :-)

Enjoy :-)

How to block a blacklisted IP/IP Range with OAAM Post authentication check

Configure Blacklisted IP in OAAM

We can block ip or range of ip's at post authentication checkpoint. This use case helps you to configure what rules, conditions & groups help you to achieve this in OAAM.


Below video demonstartes how to achieve the usecase;



Hope this helps :-)

Enjoy :-)

How OAAM Scoring Engine Works?

 What role does scoring engine plays? What is the exact flow of scoring mechanism?

To determine a risk score, each level applies its scoring engine to the results from one level below. For example, to determine the policy score, the scoring engine of the policy is applied to the scores of the rules within the policy. To determine the checkpoint score, the scoring engine of the checkpoint is applied to the scores of the policies within the checkpoint. The checkpoint score and action are the final score and action in the assessment. The alerts are propagate from the rules level to the final level.

I have prepared a video series explaining the role, need & work flow of scoring engine. Kindly watch & provide your comments.







 
Hope this helps :-)

Enjoy :-)

OAAM Policy Weights

 What role does policy weights play in OAAM?

Weight is the multiplier values that are applied to policy scores to influence the impact the policy has on determining the total score. Policies have default weights. Weight is used only when a given policy or checkpoint uses a "weighted" scoring engine. The weighted scoring engine uses weights from subcomponents.

For example, if you choose the weighted scoring engine at the policy level, Oracle Adaptive Access Manager uses the weight specified for each rule level when calculating the policy score. Similarly, when you choose a weighted scoring engine at the policy set level, Oracle Adaptive Access Manager uses weights specified for each policy. The score of each policy multiplied by weight is divided by total number of policies multiplied by 100. The range is 0 to 1000.

I have explained the functioning of policy weights in below shared video. Kindly watch & let me know if you have any comments.



Hope this helps :-)

Enjoy :-)

Thursday, 27 May 2021

OAAM 11gR2PS3 Post Authentication Checkpoint

Post Authn Checkpoint

Post authn checkpoint is a really important step in checkpoints flow. How this need to be configured & what could be the different outcomes of this checkpoint are explained in below video.




Hope this helps :-)

Enjoy :-)

OAAM 11gR2PS3 Checkpoints - Basic Understanding

OAAM Checkpoints Part-1

With help of checkpoints, one enforces policies that are to be executed on each check made by a checkpoint in OAAM.

They are fix in number but what you can do & enforce is completely configurable as part of OAAM Admin.

Kindly watch the below video for better understanding of OAAM checkpoints & this topic is divided into 3 parts that are;


Hope this helps :-)

Enjoy :-)