Workaround ADFS errors when using certificates with CNG Keys


I can describe ADFS (Active Directory Federation Services) as the de-facto standard service to extend Active Directory as an Identity provider to inside or outside the organisation in order to achieve the Single-Sign-On (SSO) experience and Security that modern systems/users needs and expects.

The first version of ADFS was an additional download of Windows 2003 R2, but started to get popular and used as a service in Windows Server 2008/2008 R2.

Microsoft Azure AD Connect with Azure AD or products offered by Okta or  Auth0 (just to name a few) started to make of ADFS federation redundant in the past 3-4 years, but a lot of functionalities have been added in the last version of ADFS with Windows  Server 2019 which made it still relevant.

In my humble opinion, ADFS is not dead yet! Continue reading “Workaround ADFS errors when using certificates with CNG Keys”

How to sign a PowerShell script


As a DevOps engineer, I frequently come across talented developers that underestimate some security aspects of the deployments, for instance, just to name a couple:  integrity and authenticity of the code or artefacts that we deploy.

Python and Powershell are powerful languages to develop quick and robust solutions that are extremely popular among attackers, for this reason, our ecosystem should take security very seriously.

Security is now far beyond the (old) perimeter of the company’s premises and infrastructure, indeed network or systems is abstracted away with or without cloud/hybrid deployments and just the enforcing identity is not enough in most cases.

In my opinion, white-listing applications around code-signing and checking the integrity of our code it’s more effective and less painful than you can think a good habit to build on a daily basis.

Continue reading “How to sign a PowerShell script”