Lets Learn Gradle !

What is Gradle?
Its  an open source build tool written in Java, Groovy, Kotlin. Gradle is more popular because its extensible and customizable.

How to configure Gradle?

1. Download recent version of gradle from gradle.org. 
2. Add the gradle bin path to your system path and set GRADLE_HOME
3. .gradle - is the local repository where all the gradle files will be stored. 
4. build.gradle - build file to define our plugins, dependencies, repositories.

Gradle Components

Build file consists of many projects and each project can contain many tasks. Build -> Projects -> Tasks

Tasks

Tasks can be default or custom tasks. 

Default Tasks - init, wrapper, buildEnvironment, assemble, build, clean, javadoc etc

How do you run tasks?

gradle <taskName>

Define Custom Tasks in build.gradle
task <taskName> {
   group "customTaskGroup"                         -------> Group Task Name
   description "desc"                                       -------> Task Description
   doFirst {}                                                    -------> Perform this first before starting the task
   doLast { println "this is custom task" }      -------> Perform this last after the task execution
}

Define a copy task 
task <taskName>(type: Copy) {         -------------> type can vary depending on the need. 
from ''                                                  -------------> Source directory to copy the files from
into ''                                                   --------------> Destination directory for file copy
}

Build a zip
task <taskName>(type: Zip) {
         from ="E:\someData"
        destinationDir = file ("<fileName>")
        archiveName = "<zipName>"

}

How to skip task 
<taskName>.onlyIf {
  project.hasProperty('<taskName>')
}

How to provide task dependencies
task <taskName>(dependsOn: <taskName>)

Project Properties

1. Right click on task in gradle tab in eclipse and click 'edit configuration'. Enter -P <propertyName> in parameters
2. Run  in command line with gradle <taskName> -P <propertyName>

My Journey to AWS Architect Associate

Today, 'Cloud' and 'AWS' are the Buzz words in IT world When the world is in quarantine, What else can be better than doing a cloud certification and update ourselves with the current market. I'm going to take you through my journey of AWS Architect Associate Exam Preparation and help you in all and every possible way to get your certification. Without further delay, lets dive in..

I passed my AWS Architect Associate Certification Exam(SAA-C01) recently which I'm very happy and proud to share. The journey of exam preparation revealed more challenges, made me more confident, knowledgeable and passing the exam definitely brings lots of enthusiasm and motivation to prepare for the next one. Whether its your first certification or one among many, this guide will help to achieve your goal faster.

1. First step in any certification preparation is to enroll in a training. I started my exam preparation with a training in cloudguru(CloudGuru). Spend enough time to understand all the concepts especially EC2, ELB, S3, VPC and work through all exercises(Utilize AWS free tier efficiently). I would suggest you to go over S3, VPC and ELB FAQ as well. Do not miss out the challenge quiz in cloud guru training. But its totally fine if you get lower scores in the challenge quiz because its little challenging anyway.

Training is just not sufficient enough to face the exam. Your exam preparation is not complete without taking any mock/practice tests.

2. I'm a book lover and enjoy reading books either be technical or non technical. So my second step is to read the study guide(AWS Solutions Architect Study Guide). I read this book mainly to learn any missing concepts and fill in the gaps. I didn't read through this book in detail but I took all practice tests after every unit and sample tests to test my learning. Those tests are really great and help you to take mock tests next.

3. Udemy Mock Tests has 6 mock tests by Jon Bonso. I spent ample time in taking these mock tests. Questions in these tests are very elaborate and it really takes hours to finish a single test initially. But these tests provide you the feel of exam setting with 65 questions and timer on the top. I almost took these tests as many times until I scored 85-95% in every test. As you continue taking these mock tests regularly, the time you take to read, understand, answer a question would significantly be reduced and you should be able to finish the test within the allotted time.

4. More mock tests and almost there.
You are just one steps away from taking the exam. Here are the list of free mock tests you can take once you have finished your training and taking the other mock test.

1. AWS official sample test
2. simplilearn.com
3. Linuxacademy.com
4. Whizlabs Free Test

5. You are all set to be AWS Associate Architect Certified. Create a AWS account and register for your exam here. Make sure to take enough rest, healthy meal, plenty of water on the day of exam. All the best !! Rock on !!!

SAML(Security Assertion Markup Language)

SAML stands for Security Assertion Markup Language. SAML can be used to perform internet based Single Sign On (SSO) for web applications. Spring security framework provides SAML libraries which can be easily configured in our application for authentication purposes. SAML involves two entities at the basic level. SAML is an open standard data format for exchanging authentication and authorization data between identity providers and service providers. 

1. IDP (Identity Provider) - Verifies the identity of the user and generates SAML assertion
2. SP(Service Provider) - Verifies the SAML assertion, logs in and will provide access to the protected resource

How SAML works - These two parties establish trust by passing XML metadata files from one to the other. SAML request and response are XML strings that are shared between IDP and SP for actual authentication. Popular IDPs are Salesforce, Okta, OneLogin and Shibboleth. 

There are two types of authentication mechanisms

1. SP-initiated SSO - User first tries to access a resource at SP and initiates the flow.
2. IDP-initiated SSO - User would login to IDP and clicks on a link to access the service provider

Lets look at the steps to configure SAML configuration in SPRING framework with prewards as SP and ssocircle as our IDP for our prototype. 

1. Spring SAML library  : spring-security-saml2-core
2. Initialize the SAML beans (Refer - SAMLAuthConfig.java)
3. Include the following to generate SP metadata on initialization
   1. <security:custom-filter before="FIRST" ref="metadataGeneratorFilter"/>
4. Spring SAML example uses ssocircle for IDP
5. Name the entity ID unique for sp metadata(Eg.web.prewards.sso)
6. Generate the SP metadata by launching
   1. http://localhost:8080/web-rewards-portal/saml/metadata
7. Import the SP metadata to the IDP(ssocircle) with whom we want to establish the trust
8. For IDP initiated Request - Request URL from SSOcircle is 
   1. https://idp.ssocircle.com/sso/idpssoinit?metaAlias=%2Fpublicidp&spEntityID=<YOUR SERVICE PROVIDER ENTITY ID>
9. IDP and SP metadata is stored in web-prewards portal application and will be referenced as ResourceProvider in the SAML configuration file. 
10. IDP initiated request would have SAML Assertion in encrypted XML format and the assertion would be validated against the local IDP metadata for status, expiration time, issuer, signature etc.  User will be authenticated when the validation is successful
11. Multiple attributes can be sent 

Keypoints for troubleshooting

1. SAML request/response can be viewed using a firefox plugin (SAMLTracer)
2. HTTP POST request (raw form) would have the saml assertion in the encrypted form. SAMLResponse_SsoCircle_encoded.txt
3. Sample_SAMLRequest.txt, Sample_SAMLResponse.txt,ssocircle-idp.xml SAML Request/Resonse are attached. 
4. Spring SAML comes with default key manager (SamlKeystore.jks). This keystore can be used to store private certificates which can be used to digitally sign messages created by SPs and decrypting the messages sent from IDP
5. Default skew time is set to 60. If you are getting errors like "Authentication is too old to be used with values", try to increase the skew time and maxAuthenticationAge value
6. SSOCircle sends the email address in Name ID parameter. SP and IDP usually communicates each other about a subject and the subject should be identified through a NAME identifier, which should be in the common format so thats easy for the other party to identify based on the format. SAML allows the following formats
   1. urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified [default] - The interpretation of the content of the element is left to individual implementations. 
   2. urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
   3. urn:oasis:names:tc:SAML:2.0:nameid-format:persistent - IDP provides persistent identifiers and they are used for linking to the local accounts in SP. For example johnForAir, johnForCard has the permission for one specified services. 
   4. urn:oasis:names:tc:SAML:2.0:nameid-format:transient - IDP tells the SP that the users in the session have been grated to access the resource on SP but the identities of the users do not offer to SP actually. For example, the assertion is just like anonymity
7. SP Metadata contains SingleSignOnService and SingleLogoutService element with a binding attribute of HTTP_Redirect and HTTP_Post. Please make sure HTTP_POST is set for default for POST request
8. WantAuthnRequestsSigned flag in IDP metadata specifies that IDP wants the authentication requests it receives from SP signed.
9. AuthnRequestsSigned flag in SP metadata specifies SP would sign the authentication requests that it sends to IDP.
10. ValidUntil indicaes how long the saml metadata is valid. ValidUntil is independant of any expiry date for signing/encryption certificates. 
11. extendedMetadataDelegate.setMetadataTrustCheck(false) can be added to disable the metadata verification on launching the application
12. Multiple attributes can be added to the assertion statements if IDP needs to send multiple values 

Generating Private Key commands - For future reference

1. keytool -keystore <keystorename> -genkeypair -alias <keyname> -keypass <password>
2. keytool -list -keystore <keystorename>
3. keytool -importkeystore -srckeystore <keystorename> -destkeystore <pkcs12keystorename> -deststoretype pkcs12 -destkeypass <pkcs12keystorepassword>
4. openssl pkcs12 -in <pkcs12keystorename> -nocerts -nodes
5. keytool -export -alias ssocircle -file ssocircle.der -keystore aKeystore.jks