Category: Technology

Python: Partition and RPartition

Found a neat pair of methods that were added in Python 2.5 — it’s like split/index except it handles breaking the string into two elements for you. A tuple is returned with the part before the separator, the separator, and the part after the separator. If the separator is not found, element 0 and 1 are empty strings.

 

C:\Users\lisa> python
Python 3.13.3
Type “help”, “copyright”, “credits” or “license” for more information.
>>> test = “This is a string | with pipe characters as | delimiters in the string”
>>> print(test.rpartition(“|”)[0])
This is a string | with pipe characters as
>>> print(test.partition(“|”)[0])
This is a string
>>>

Blender – Applying The Scale

We were playing with Blender this evening to modify a 3d model to mount the mirror on our Ranger — it reminds me a lot of learning vim where there’s just a lot of hidden “type this character and it does magic stuff“. Which, ironically, I love vim because of this … however I’ve also been using vi and vim since 1994. So I know the random character to type. Blender … not so much yet.

Oddity of the day — after scaling an object, you need take an additional step otherwise it’s not really scaled and measurements show up with unexpected values. To reset the scale:

Hit Ctrl + A
Select Scale in Object Mode to apply the current dimensions as the new scale of 1

 

They call this applying the scale. Which … I expected it did when I entered the scale factor and stuff changed size on the screen. But now I know!

Getting Cert Info From Host

An OpenSSL command to retrieve the cert chain from a host and parse out the CN and expiry info

[lisa@linux05 ~]# openssl s_client -connect 10.5.5.75:443 -servername lisa.rushworth.us -showcerts </dev/null 2>/dev/null | sed -n ‘/BEGIN CERTIFICATE/,/END CERTIFICATE/p’ | openssl x509 -noout -subject -startdate -enddate -nameopt RFC2253
subject=CN=lisa.rushworth.us
notBefore=Sep 2 03:28:34 2025 GMT
notAfter=Dec 1 03:28:33 2025 GMT

Ender 6

We finally have the Ender 6 printing – you need to keep the fan on any time the hot end is heating (or it clogs up), low retraction (2mm), and adjust the z offset as it prints the skirt (or brim, we’ve switched to using a brim to ensure adhesion)

AI and the Entry Level Employee

I’ve long hypothesized that, as companies adopt AI (more accurately LLM’s) in their processes, the skillset required to enter the job market will change. You don’t need an entry level team member – that role is filled by the AI. You need a senior level person who can manage, direct, and oversee the junior “team members”. What that looks like varies by industry – in software development, you don’t need junior developers. You need a senior dev who does quality control on the generated code, integration, and debugging.

There’s now research backing up my expectation — https://papers.ssrn.com/sol3/papers.cfm?abstract_id=5425555

While the number of senior employees has continued to increase, the number of junior employees has actually decreased in the past few years.

PingFederate – OGNL Customization of AuthnContext

After a recent merger, we have added federated authentication in our PingFederate environment that allows the incoming company to continue to use their Entra (ADFS) logon process to authenticate through PingFederate. All of the IDs exist in our directory, and contract attributes are populated based on the local account. But the authentication is handled by their existing system. It’s really cool, and works for 99.9% of the applications. One, however, was not happy with the resultant attribute contract. It worked fine for me, logging in directly with PingFederate. Anyone who authenticated through Entra, however, got a very specific error:

AuthenticatingAuthority array contains a value which is not a wellformed absolute uri

And, yes, I concur – there is absolutely an element in the AuthenticatingAuthority array that is not a well-formed absolute URI

Luckily, there appears to be a solution. On the ACS URL tab, select “Show Advanced Customizations”

A screenshot of a computer AI-generated content may be incorrect.

Use the drop-down to select the message type of “AssertionType” and the expression provided at https://support.pingidentity.com/s/article/OGNL-Examples-Message-Customization#rm-authauthority to remove authenticating authority values when multiple are present (which also works when only one is present)

A close-up of a computer screen AI-generated content may be incorrect.

Now I no longer have authenticating authorities but the AuthnContextClassRef is “urn:oasis:names:tc:SAML:2.0:ac:classes:Telephony” … so, in the assertion creation, we need to add SAML_AUTHN_CTX to the attribute contract

A screenshot of a computer AI-generated content may be incorrect.

In the attribute contract fulfillment, map this to a static TEXT string – I am using “urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified” which is used as the default in PingFederate

Final Answer! I have an AuthnContext that does not contain any invalid URI strings and a AuthnContextClassRef that is expected.

 

Quickref: tmux

Our newer servers don’t have screen – and you cannot install it – so I’ve had to start using tmux:

# list running sessions
tmux ls

# Start a new session or reattach to an existing session named LJR
tmux new-session -A -s LJR

# In session, detach
ctrl+b d Detach

# attach to an existing session named LJR
tmux attach-session -t LJR

Did you know … you can import accounts into Cyberark?

Adding one account to CyberArk takes about a dozen clicks. Adding fourteen was going to take me half the day!

Luckily, I discovered that the “Add account” button is actually a drop-down menu that also offers the ability to Add accounts from file

A screenshot of a computer AI-generated content may be incorrect.

Create a CSV file with the following columns:

userName address safeName platformID secret automaticManagementEnabled manualManagementReason groupName logonDomain
user1 server1 OURSAFE Generic Unmanaged abc123 FALSE Platform does not support automatic password management
user2 server2 OURSAFE Generic Unmanaged bcd234 FALSE Platform does not support automatic password management
user3 server3 OURSAFE Generic Unmanaged cde345 FALSE Platform does not support automatic password management
user4 server4 OURSAFE Generic Unmanaged def456 FALSE Platform does not support automatic password management
user5 server5 OURSAFE Generic Unmanaged efg567 FALSE Platform does not support automatic password management

Then browse to select the CSV file. It will show you how many accounts are included in the file – 6 here

A screenshot of a computer AI-generated content may be incorrect.

Click “Upload”. The accounts will be created, and you will see a banner at the top of the site

 

Did you know … you can view just your favorite accounts in CyberArk?

Is your CyberArk account view an overwhelming list of accounts? You are constantly using “Search for accounts” to find one of the three accounts you regularly use because they are buried somewhere in this list?

A screenshot of a computer AI-generated content may be incorrect.

There’s a better way! The star at the left-hand side of each line allows you to mark an account as a “Favorite”. There’s a link under “Views” to just display your favorite accounts. Even better, though, if you click on the ellipsis button to the right of the “Favorites” link, you can select “Set as default”.

A screenshot of a computer AI-generated content may be incorrect.

Now, when you log into CyberArk, you immediately see your curated list of accounts instead of all of them!

A screenshot of a computer AI-generated content may be incorrect.

 

Authenticating WebLogic Admin Console with SAML 2.0 and PingID

Log into your console. Navigate to “Security Realms” and click on your admin console’s realm – here “myrealm”

A screenshot of a computer AI-generated content may be incorrect.

From the first row of tabs, select “Providers”. On the second row of tabs, ensure you are on “Authentication”. Click “New” to create a new identity asserter.

A screenshot of a computer AI-generated content may be incorrect.

Provide a name – here, it is called SAML_IA – and ensure the type is “SAML2IdentityAsserter”

A screenshot of a computer AI-generated content may be incorrect.

Click OK to create the item. Then click the “New” button again to create a new SAML Authenticator

A screenshot of a computer AI-generated content may be incorrect.

Restart the WebLogic server, then navigate to “Environment” => “Servers” and select the AdminServer

A screenshot of a computer AI-generated content may be incorrect.

On the first row of tabs, select “Configuration”, on the second row of tabs, select “Federation Servies”, and on the third row of tabs select “SAML 2.0 General”

The published site URL will be your WebLogic host base followed by /saml2

Provide a unique entity ID that needs to match up with what we configure in PingID. Here, I used “LJRWebLogic”

A screenshot of a computer AI-generated content may be incorrect.

Save the changes and then use the “Publish Metadata” button to save a metadata file that I will use with PingID. You will be saving an XML file

A close up of a text AI-generated content may be incorrect.

Now select the “SAML 2.0 Service Provider” tab on the third row of tabs. Click “Enabled” to enable the service provider. POST binding should be enabled, but we do not need Artifact binding enabled. Click “Save” to save the changes.

A screenshot of a computer AI-generated content may be incorrect.

Navigate back to “Security Realms” and select your realm. On the first row of tabs, select “Providers”; on the second row of tabs, select “Authentication”. Click the hyperlink for “SAML_IA”

A screenshot of a computer AI-generated content may be incorrect.

Click the “Management” tab

A screenshot of a computer AI-generated content may be incorrect.

You will be provided a metadata file from PingID. Place that somewhere on your server (I used /tmp). Click “New” and then select “New Web Single Sign-On Identity Provider Partner”

A screenshot of a computer AI-generated content may be incorrect.

Navigate to the metadata file and select it. Provide a name for the identity provider – here, I used PingID. Cilck “OK” to import the PingID details.

A screenshot of a computer AI-generated content may be incorrect.

Click on the new entry to configure it

A screenshot of a computer AI-generated content may be incorrect.

Click “Enabled” to enable the Identity Provider. The redirect URIs should be /console/*

A screenshot of a computer AI-generated content may be incorrect.

Finally, on the WebLogic Server Admin Console, navigate to the domain name -> [Configuration] -> [General] and expand the [Advanced] link

Update cookie name in WLS admin console to be JSESSIONID.

A screenshot of a computer AI-generated content may be incorrect.

Save the changes and restart the WebLogic server. Navigating to the console, here https://docker.rushworth.us:7001/console, will direct the user to PingID for authentication and then redirect the user’s browser back to the WebLogic server. Looking in the upper right corner of the screen, they will see they are logged in with their directory ID.

A close-up of a computer code AI-generated content may be incorrect.

Note: You can still access the local authentication dialog by navigating directly to console/login/LoginForm.jsp – e.g. http://docker.rushworth.us:7001/console/login/LoginForm.jsp — but the “normal” URL will redirect users to PingID

Note Also: There needs to be some step here to map PingID users to a role in WebLogic

Failing to do so, you will complete the PingID authentication but be denied access to the WebLogic Admin Console:

A white box with black text AI-generated content may be incorrect.