Identity and Access Management, Identity Governance

  I recently ran sysprep command on ec2 vm running windows server. (sysprep.exe /oobe /generalize /shutdown which was provided by one of the popular AI/chat tools). The sysprep command ran fine. The initial intent was to create an AMI from this instance.  After sysprep command completed the ec2 instance stopped and next followed steps for creating an AMI. Steps were straight forward no issues. After I started this ec2 vm via AWS console, it showed as successfully started- however I could not rdp into this server. Looks like sysprep command has caused this issue. I got the system log for this ec2 instance (it is available via the AWS console) and it shows as below Windows is being configured. 'SysprepState=IMAGE_STATE_UNDEPLOYABLE' This means that rdp into this instance will not be possible. Essentially when you run Sysprep (especially with the /generalize and /oobe switches) on an EC2 instance, you are resetting Windows back to a state where it’s expecting to run first-boot co...

When doing a git commit on two different versions of git I noticed that the commit message generated by git was different. In the newer versions, post 2024 versus older git versions like 2.30.x from 2020/2021 the merge strategy in git is different. Git Merge Commit uses a Recursive Strategy algorithm for performing merges. In newer versions of Git, e.g., 2.47.0 in November 2024 uses Optimized Recursive strategy (ORT). In earlier version of Git, e.g., 2.30.1 used Recursive Strategy. Example: The git message would be like "Merge made by 'ort' strategy (version 2.47.0) ORT strategy in git merge is an optimized version of the Recursive strategy where it identifies a merge base but employs an enhanced or more efficient algorithm for applying changes and resolving conflicts.  Recursive strategy in git merge can sometimes lead to complex conflict resolutions, especially when branches have diverged significantly.  Recursive strategy may also be slower due to its more extensive co...

Tools to Trace OIDC Artifacts and Flows Browser Developer Tools : The Network tab in your browser's developer tools (DevTools) is one of the easiest ways to trace HTTP requests, including those involved in OIDC authentication. You can see: The request to Okta's authorization endpoint (for the /authorize request). The redirect back to your app with the code (authorization code). The request to Okta's token endpoint (to exchange the authorization code for an access token and ID token). The response that contains the tokens (JWTs). If you look at the network activity during login, you'll see the various redirects, HTTP requests, and responses. This is helpful for understanding the different stages of the OIDC flow. Postman : Postman can be very useful for manually simulating the OIDC flow. You can configure requests for: The /authorize endpoint to initiate the login flow. The /token endpoint to exchange the authorization code for tokens. This allows you to interact w...

When downloading the JDK (Java Development Kit), one is presented by different types of installers, e.g., MSI installer, or the compressed archive version or the plain Installer version. See screenshot that shows the three types of installers available. Which one you would choose depends on whether you want the JDK for your personal Development environment or for your team/enterprise. See below brief explanations for the type of installer. Note, the screenshot shows the versions available for Windows Operating System. URL to download the JDK , Java SE Development Kit  https://www.oracle.com/java/technologies/downloads/#jdk21-windows (a) If you are an individual developer then choose the second option of "x64 Installer". This is an exe file (for Windows as shown in below screenshot) that launches the installation wizard which is straight forward. (b) However, if you need an installer for your team environment or enterprise then choose the "x64 MSI Installer". This in...

Account in Active Directory (AD) and account in Azure AD (AAD) Here AD is being referred to as the on-premise AD and  Azure AD (AAD) is the cloud based Active Directory. Here are two scenarios of user accounts.   The AAD user accounts are called as M365 accounts that are required to access MS services in the cloud, like M365 tenants, Exchange online mailboxes etc. Scenario: You only have Azure AD account, and an Exchange online mailbox. In this scenario how are the credentials synced. There is no syncing. Azure AD account acts as the single identity source for accessing both Azure AD and Exchange Online. The Azure AD account is the authoritative source for your identity and credentials. When you are assigned an Exchange Online mailbox, it is linked to your existing Azure AD account. Your Azure AD credentials (username, password) are used to authenticate and access both  Azure AD and your Exchange Online mailbox. There is no synchronization of credentials happening because...