分类目录归档:Software

Grafana使用Azure Active Directory的OAuth2登录

首先在Azure Portal创建应用。

Azure AD -> App registrations -> New application registration,Display name 随便填,Reply URL 填http://example.com/login/generic_oauth(域名部分根据你的真实情况填写)。点创建。创建完成后,前往Settings -> Keys,在Password表中随便填一个description,expires选Never expires,点保存,value中会显示一个随机字符串key,记下这个字符串。

然后你需要复制:

  • Azure AD的GUID(点击Portal右上角Directory + subscription后可以看到)
  • 你刚创建的应用的Application ID(在Registered app页面可以看到)
  • Secret,即你刚创建的Key

接着编辑Grafana配置文件/etc/grafana/grafana.ini

#################################### Generic OAuth ##########################
[auth.generic_oauth]
enabled = true
name = Azure AD
allow_sign_up = true
client_id = <Application GUID>
client_secret = <Secret>
scopes = openid email name
auth_url = https://login.microsoftonline.com/<Directory GUID>/oauth2/authorize
token_url = https://login.microsoftonline.com/<Directory GUID>/oauth2/token
api_url = 
team_ids =
allowed_organizations =
;tls_skip_verify_insecure = false
;tls_client_cert =
;tls_client_key =
;tls_client_ca =

; Set to true to enable sending client_id and client_secret via POST body instead of Basic authentication HTTP header
; This might be required if the OAuth provider is not RFC6749 compliant, only supporting credentials passed via POST payload
;send_client_credentials_via_post = false

重启Grafana,大功告成。

Enlighter语法高亮插件对Crayon Syntax Highlighter的兼容性设置

我用了很多年的Crayon Syntax Highlighter早已不再维护,WordPress 5.0带来新的Gutenberg编辑器后,因为API的变更,这一古老的插件已经事实上完全无法使用了。今天我在插件目录搜索了一下新的语法高亮插件,就看到了更新相当及时的Enlighter。经过对插件设置的研究,我发现它提供的自定义CSS Selector功能可以让之前用Crayon Syntax Highlighter创建的代码块也带上高亮功能。以下是设置方法。

继续阅读

AD DS允许外部用户访问本域Users and Computers的方法

近日给一个Forest级别Trust的Domain设置了Selective Trust,然后跨域访问开始爆炸。AD Administrative Center(dsac.exe)打开就报错(System.Security.Authentication.AuthenticationException )退出;几个MMC Snap-in则不是报告莫名其妙的local error就是提示Logon Failure: The machine you are logging onto is protected by an authentication firewall. The specified account is not allowed to authenticate to the machine. 。用Delegation of Control Wizard给外部用户分配所有权限也没有用。

继续阅读

在HiDPI Windows系统下正确运行Cisco ASDM(以及其它Java 8图形界面程序)

创建注册表项来允许外部manifest文件覆盖exe程序内的设置:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide]
"PreferExternalManifest"=dword:00000001

然后对每个需要patch的可执行程序,创建一个对应的文件名.exe.manifest 放在同一目录下。对于Java 8的默认安装,需要patch的是C:\Program Files\Java\jre1.8.0_181\bin 下的java.exe 和javaw.exe 。

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">

<dependency>
  <dependentAssembly>
    <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*">
    </assemblyIdentity>
  </dependentAssembly>
</dependency>

<dependency>
  <dependentAssembly>
    <assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.21022.8" processorArchitecture="amd64" publicKeyToken="1fc8b3b9a1e18e3b">
    </assemblyIdentity>
  </dependentAssembly>
</dependency>

<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
  <security>
    <requestedPrivileges>
      <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
    </requestedPrivileges>
  </security>
</trustInfo>

<asmv3:application>
  <asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
    <ms_windowsSettings:dpiAware xmlns:ms_windowsSettings="http://schemas.microsoft.com/SMI/2005/WindowsSettings">false</ms_windowsSettings:dpiAware>
  </asmv3:windowsSettings>
</asmv3:application>

</assembly>

对于Cisco ASDM,如果你的系统里还安装了Java 10或者其它版本,它是没法正确运行的。打开C:\Program Files (x86)\Cisco Systems\ASDM\run.bat ,在最后一行start javaw.exe… 前面添加一行:

set PATH=C:\Program Files\Java\jre1.8.0_181\bin\;%PATH%

参考: