** 2021-W07 *** 2021-02-15 Monday **** IN-PROGRESS Authentication, ID, Activation Optimisation :work: :LOGBOOK: CLOCK: [2021-02-15 Mon 11:20]--[2021-02-16 Tue 09:07] => 21:47 :END: [2021-02-15 Mon 11:20] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/Cisco.org.gpg::*managed IdP vs non-managed IdP and org-ids][managed IdP vs non-managed IdP and org-ids]] *** 2021-02-16 Tuesday **** DONE create OAuth2 clients for Vitalii in PROD :work: :LOGBOOK: CLOCK: [2021-02-16 Tue 16:34]--[2021-02-16 Tue 16:35] => 0:01 :END: [2021-02-16 Tue 16:34] - ref :: [[file:~/dev/iroh/services/iroh-auth/test/iroh_auth/iroh_auth_web_service_test.clj:::expect-merge? true]] **** DONE update SSE clients :work: :LOGBOOK: CLOCK: [2021-02-16 Tue 15:22]--[2021-02-16 Tue 16:34] => 1:12 :END: [2021-02-16 Tue 15:22] - ref :: [[orgit:~/dev/iroh/][~/dev/iroh/ (magit-status)]] ***** NAM client-id: client-3e55e6a3-4561-4733-b380-ffbd94733ba1 #+begin_src js { "scopes": [ "integration", "private-intel", "admin", "profile", "inspect", "iroh-master", "iroh-auth", "sse", "users", "casebook", "orbital", "enrich", "oauth", "global-intel", "collect", "response", "ui-settings", "openid", "ao" ], "description": "PROD NAM Environment for Security Services Exchange Admin Console", "approved?": true, "redirects": [ "https://admin.sse.itd.cisco.com/*/*", "https://admin.sse.itd.cisco.com/*/*/*", "https://admin.sse.itd.cisco.com/*", "https://admin.sse.itd.cisco.com/*/*/*/*", "https://devops.sse.itd.cisco.com/*/*", "https://devops.sse.itd.cisco.com/*/*/*", "https://devops.sse.itd.cisco.com/*", "https://devops.sse.itd.cisco.com/*/*/*/*" ], "availability": "everyone", "access-token-lifetime-in-sec": 86400, "id-token-aliases": [ { "alias": "spId", "case-value": { "sxso": "SXSO", "idb-tg": "TG", "idb-amp": "AMP" }, "default-value": "AMP", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/idp/id" }, { "alias": "companyId", "replace-value": [ [ "^threatgrid[:]", "" ] ], "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/id" }, { "alias": "companyName", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/name" }, { "alias": "user_name", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/name" }, { "alias": "user_email", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/email" }, { "alias": "role", "case-value": { "admin": "admin", "master": "admin", "iroh-admin": "admin" }, "default-value": "user", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/role" } ], "password": "$s0$f0801$yjznqcXJR2qIloN/JFc4LQ==$FPuIlE/C5Pk/vVG+VVJeTos5UtV5HPhDveM3T/m4wAg=", "id-token-lifetime-in-sec": 86400, "name": "sse-ui-prod-nam-client", "org-id": "576c9ad4-7820-44ca-9d5e-6ca678eadcd1", "enabled?": true, "grants": [ "auth-code" ], "client-type": "confidential", "id": "client-3e55e6a3-4561-4733-b380-ffbd94733ba1", "approval-status": "approved", "owner-id": "d697511a-9164-49d0-8c7b-a5c1a11fb25d", "created-at": "2020-02-03T13:48:54.758Z" } #+end_src ****** PATCH #+begin_src js { "id-token-aliases": [ { "alias": "spId", "case-value": { "sxso": "SXSO", "idb-tg": "TG", "idb-amp": "AMP" }, "default-value": "AMP", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/idp/id" }, { "alias": "spId", "case-value": { "sxso": "SXSO", "idb-tg": "TG", "idb-amp": "AMP" }, "default-value": "AMP", "claim-to-alias": "old-idp-mapping-idp" }, { "alias": "companyId", "replace-value": [ [ "^threatgrid[:]", "" ] ], "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/id" }, { "alias": "companyId", "replace-value": [ [ "^threatgrid[:]", "" ] ], "claim-to-alias": "old-idp-mapping-organization-id" }, { "alias": "companyName", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/name" }, { "alias": "user_name", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/name" }, { "alias": "user_email", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/email" }, { "alias": "role", "case-value": { "admin": "admin", "master": "admin", "iroh-admin": "admin" }, "default-value": "user", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/role" } ] } #+end_src ***** EU become master: user-id: 080c8271-e1c7-4fe6-b6e2-bc1fda123432 done. #+begin_src js { "scopes": [ "integration", "private-intel", "admin", "profile", "inspect", "iroh-master", "iroh-auth", "sse", "users", "casebook", "orbital", "enrich", "oauth", "global-intel", "collect", "response", "ui-settings", "openid", "ao" ], "description": "PROD EU Environment for Security Services Exchange Admin Console", "approved?": true, "redirects": [ "https://admin.eu.sse.itd.cisco.com/*/*", "https://admin.eu.sse.itd.cisco.com/*/*/*", "https://admin.eu.sse.itd.cisco.com/*", "https://admin.eu.sse.itd.cisco.com/*/*/*/*", "https://devops.eu.sse.itd.cisco.com/*/*", "https://devops.eu.sse.itd.cisco.com/*/*/*", "https://devops.eu.sse.itd.cisco.com/*", "https://devops.eu.sse.itd.cisco.com/*/*/*/*" ], "availability": "everyone", "access-token-lifetime-in-sec": 86400, "id-token-aliases": [ { "alias": "spId", "case-value": { "sxso": "SXSO", "idb-tg": "TG-EU", "idb-amp": "AMP-EU" }, "default-value": "AMP-EU", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/idp/id" }, { "alias": "companyId", "replace-value": [ [ "^threatgrid[:]", "" ] ], "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/id" }, { "alias": "companyName", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/name" }, { "alias": "user_name", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/name" }, { "alias": "user_email", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/email" }, { "alias": "role", "case-value": { "admin": "admin", "master": "admin", "iroh-admin": "admin" }, "default-value": "user", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/role" } ], "password": "$s0$f0801$yjznqcXJR2qIloN/JFc4LQ==$FPuIlE/C5Pk/vVG+VVJeTos5UtV5HPhDveM3T/m4wAg=", "id-token-lifetime-in-sec": 86400, "name": "sse-ui-prod-eu-client", "org-id": "576c9ad4-7820-44ca-9d5e-6ca678eadcd1", "enabled?": true, "grants": [ "auth-code" ], "client-type": "confidential", "id": "client-3e55e6a3-4561-4733-b380-ffbd94733ba1", "approval-status": "approved", "owner-id": "d697511a-9164-49d0-8c7b-a5c1a11fb25d", "created-at": "2020-02-03T13:48:54.758Z" } #+end_src PATCH #+begin_src js { "id-token-aliases": [ { "alias": "spId", "case-value": { "sxso": "SXSO", "idb-tg": "TG-EU", "idb-amp": "AMP-EU" }, "default-value": "AMP-EU", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/idp/id" }, { "alias": "spId", "case-value": { "sxso": "SXSO", "idb-tg": "TG-EU", "idb-amp": "AMP-EU" }, "default-value": "AMP-EU", "claim-to-alias": "old-idp-mapping-idp" }, { "alias": "companyId", "replace-value": [ [ "^threatgrid[:]", "" ] ], "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/id" }, { "alias": "companyId", "replace-value": [ [ "^threatgrid[:]", "" ] ], "claim-to-alias": "old-idp-mapping-organization-id" }, { "alias": "companyName", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/name" }, { "alias": "user_name", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/name" }, { "alias": "user_email", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/email" }, { "alias": "role", "case-value": { "admin": "admin", "master": "admin", "iroh-admin": "admin" }, "default-value": "user", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/role" } ]} #+end_src ***** APJC Become master: user-id: b19d5dea-5aa4-4265-b42d-9acc1e913f01 done. ****** Client client-3e55e6a3-4561-4733-b380-ffbd94733ba1 #+begin_src js { "scopes": [ "integration", "private-intel", "admin", "profile", "inspect", "iroh-master", "iroh-auth", "sse", "users", "casebook", "orbital", "enrich", "oauth", "global-intel", "collect", "response", "ui-settings", "openid", "ao" ], "description": "PROD APJC Environment for Security Services Exchange Admin Console", "approved?": true, "redirects": [ "https://admin.apj.sse.itd.cisco.com/*/*", "https://admin.apj.sse.itd.cisco.com/*/*/*", "https://admin.apj.sse.itd.cisco.com/*", "https://admin.apj.sse.itd.cisco.com/*/*/*/*", "https://devops.apj.sse.itd.cisco.com/*/*", "https://devops.apj.sse.itd.cisco.com/*/*/*", "https://devops.apj.sse.itd.cisco.com/*", "https://devops.apj.sse.itd.cisco.com/*/*/*/*", "https://devops.apj.sse.itd.cisco.com" ], "availability": "everyone", "access-token-lifetime-in-sec": 86400, "id-token-aliases": [ { "alias": "spId", "case-value": { "sxso": "SXSO", "idb-tg": "TG-APJ", "idb-amp": "AMP-APJ" }, "default-value": "AMP", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/idp/id" }, { "alias": "companyId", "replace-value": [ [ "^threatgrid[:]", "" ] ], "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/id" }, { "alias": "companyName", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/name" }, { "alias": "user_name", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/name" }, { "alias": "user_email", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/email" }, { "alias": "role", "case-value": { "admin": "admin", "master": "admin", "iroh-admin": "admin" }, "default-value": "user", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/role" } ], "password": "$s0$f0801$yjznqcXJR2qIloN/JFc4LQ==$FPuIlE/C5Pk/vVG+VVJeTos5UtV5HPhDveM3T/m4wAg=", "id-token-lifetime-in-sec": 86400, "name": "sse-ui-prod-apjc-client", "org-id": "576c9ad4-7820-44ca-9d5e-6ca678eadcd1", "enabled?": true, "grants": [ "auth-code" ], "client-type": "confidential", "id": "client-3e55e6a3-4561-4733-b380-ffbd94733ba1", "approval-status": "approved", "owner-id": "d697511a-9164-49d0-8c7b-a5c1a11fb25d", "created-at": "2020-02-03T13:48:54.758Z" } #+end_src PATCH #+begin_src js { "id-token-aliases": [ { "alias": "spId", "case-value": { "sxso": "SXSO", "idb-tg": "TG-APJ", "idb-amp": "AMP-APJ" }, "default-value": "AMP-APJ", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/idp/id" }, { "alias": "spId", "case-value": { "sxso": "SXSO", "idb-tg": "TG-APJ", "idb-amp": "AMP-APJ" }, "default-value": "AMP-APJ", "claim-to-alias": "old-idp-mapping-idp" }, { "alias": "companyId", "replace-value": [ [ "^threatgrid[:]", "" ] ], "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/id" }, { "alias": "companyId", "replace-value": [ [ "^threatgrid[:]", "" ] ], "claim-to-alias": "old-idp-mapping-organization-id" }, { "alias": "companyName", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/name" }, { "alias": "user_name", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/name" }, { "alias": "user_email", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/email" }, { "alias": "role", "case-value": { "admin": "admin", "master": "admin", "iroh-admin": "admin" }, "default-value": "user", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/role" } ] } #+end_src ****** Client client-92258bc0-196a-4f6c-a0b5-fe105de5f505 #+begin_src js { "scopes": [ "integration", "private-intel", "admin", "profile", "inspect", "iroh-master", "iroh-auth", "sse", "users", "casebook", "orbital", "enrich", "oauth", "global-intel", "collect", "response", "ui-settings", "openid", "ao" ], "description": "PROD APJC Environment for Security Services Exchange Admin Console", "approved?": true, "redirects": [ "http://localhost:*/*", "https://localhost:*/*/*/*", "https://localhost:*/*/*", "https://admin.apj.sse.itd.cisco.com/*/*", "https://admin.apj.sse.itd.cisco.com/*/*/*", "https://admin.apj.sse.itd.cisco.com/*", "https://admin.apj.sse.itd.cisco.com/*/*/*/*", "https://localhost:*", "http://localhost:*/*/*/*", "https://localhost:*/*", "http://localhost:*/*/*", "http://localhost:*" ], "availability": "everyone", "access-token-lifetime-in-sec": 86400, "id-token-aliases": [ { "alias": "spId", "case-value": { "sxso": "SXSO", "idb-tg-staging": "TG", "idb-amp-staging": "AMP" }, "default-value": "AMP", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/idp/id" }, { "alias": "companyId", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/id" }, { "alias": "companyName", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/name" }, { "alias": "user_name", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/name" }, { "alias": "user_email", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/email" }, { "alias": "role", "case-value": { "admin": "admin", "master": "admin" }, "default-value": "admin", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/role" } ], "password": "$s0$f0801$1oB9uodlfkUpACx2HNnVcQ==$eLNMiORI5R4jCWZp40fGyQvU59bqigGtwoYr8f7cVzU=", "id-token-lifetime-in-sec": 86400, "name": "sse-ui-dev-client", "org-id": "63489cf9-561c-4958-a13d-6d84b7ef09d4", "enabled?": true, "grants": [ "auth-code" ], "client-type": "confidential", "id": "client-92258bc0-196a-4f6c-a0b5-fe105de5f505", "approval-status": "approved", "owner-id": "6ee52ee9-2e3a-4e1b-977d-961facb5fd84", "created-at": "2020-02-03T13:48:54.758Z" } #+end_src PATCH #+begin_src js { "id-token-aliases": [ { "alias": "spId", "case-value": { "sxso": "SXSO", "idb-tg-staging": "TG", "idb-amp-staging": "AMP" }, "default-value": "AMP", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/idp/id" }, { "alias": "spId", "case-value": { "sxso": "SXSO", "idb-tg-staging": "TG", "idb-amp-staging": "AMP" }, "default-value": "AMP", "claim-to-alias": "old-idp-mapping-idp" }, { "alias": "companyId", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/id" }, { "alias": "companyId", "claim-to-alias": "old-idp-mapping-organization-id" }, { "alias": "companyName", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/name" }, { "alias": "user_name", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/name" }, { "alias": "user_email", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/email" }, { "alias": "role", "case-value": { "admin": "admin", "master": "admin" }, "default-value": "admin", "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/role" } ]} #+end_src **** DONE CSA Migration: merge user by email :work: :LOGBOOK: CLOCK: [2021-02-16 Tue 09:07]--[2021-02-16 Tue 15:22] => 6:15 :END: [2021-02-16 Tue 09:07] *** 2021-02-17 Wednesday **** IN-PROGRESS clients SSE :work: :LOGBOOK: CLOCK: [2021-02-17 Wed 17:25]--[2021-02-18 Thu 09:18] => 15:53 :END: [2021-02-17 Wed 17:25] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/Cisco.org.gpg::*TEST][TEST]] **** MEETING weekly meeting :work:meeting: :LOGBOOK: CLOCK: [2021-02-17 Wed 16:02]--[2021-02-17 Wed 17:25] => 1:23 :END: [2021-02-17 Wed 16:02] - ref :: **** IN-PROGRESS Update SSE client 2nd pass :work: :LOGBOOK: CLOCK: [2021-02-17 Wed 14:52]--[2021-02-17 Wed 16:02] => 1:10 :END: [2021-02-17 Wed 14:52] *** 2021-02-18 Thursday **** IN-PROGRESS debug claim aliases :work: :LOGBOOK: CLOCK: [2021-02-18 Thu 09:18]--[2021-02-18 Thu 10:38] => 1:20 :END: [2021-02-18 Thu 09:18] - ref :: [[file:~/dev/iroh/services/iroh-auth/src/iroh_auth/oauth2_service/schemas.clj::{:claim-to-alias s/Str]] *** 2021-02-19 Friday **** IN-PROGRESS Device Grant analysis :work: [2021-02-19 Fri 15:41]