Return-Path: <dev-return-12314-archive-asf-public=cust-asf.ponee.io@syncope.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id B4E32200BFA
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Thu, 12 Jan 2017 22:48:47 +0100 (CET)
Received: by cust-asf.ponee.io (Postfix)
	id B383A160B40; Thu, 12 Jan 2017 21:48:47 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 06AC3160B29
	for <archive-asf-public@cust-asf.ponee.io>; Thu, 12 Jan 2017 22:48:46 +0100 (CET)
Received: (qmail 23226 invoked by uid 500); 12 Jan 2017 21:48:41 -0000
Mailing-List: contact dev-help@syncope.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@syncope.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@syncope.apache.org>
List-Post: <mailto:dev@syncope.apache.org>
List-Id: <dev.syncope.apache.org>
Reply-To: dev@syncope.apache.org
Delivered-To: mailing list dev@syncope.apache.org
Received: (qmail 23198 invoked by uid 99); 12 Jan 2017 21:48:41 -0000
Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 12 Jan 2017 21:48:40 +0000
Received: from auth2-smtp.messagingengine.com (auth2-smtp.messagingengine.com [66.111.4.228])
	by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id 78F6B1A00C5;
	Thu, 12 Jan 2017 21:48:40 +0000 (UTC)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43])
	by mailauth.nyi.internal (Postfix) with ESMTP id 0467020C95;
	Thu, 12 Jan 2017 16:48:39 -0500 (EST)
Received: from frontend1 ([10.202.2.160])
  by compute3.internal (MEProxy); Thu, 12 Jan 2017 16:48:39 -0500
X-ME-Sender: <xms:tvl3WD3rYR9cxBVfK_P-CHyacUypHv2eKTdRGN-JfPuc-wzmJppeNA>
X-Sasl-enc: nxqFMqLZPaWJB8tLpbL0nX2J+dtPg+hIibHy9APhno1b 1484257718
Received: from [17.228.10.221] (unknown [17.228.10.221])
	by mail.messagingengine.com (Postfix) with ESMTPA id 779B87E352;
	Thu, 12 Jan 2017 16:48:38 -0500 (EST)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Subject: Re: [IAM PoC] Starting with implementation
From: Tony Stevenson <pctony@apache.org>
In-Reply-To: <CADPkm84XaBjgQ07Kc7z6MjWqaxGy63AZQ+Dbq4DhvJ9oFA3WeA@mail.gmail.com>
Date: Thu, 12 Jan 2017 13:48:37 -0800
Cc: =?utf-8?Q?Francesco_Chicchiricc=C3=B2?= <ilgrosso@apache.org>,
 dev@syncope.apache.org,
 users@infra.apache.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <4284B5A4-51E8-4D51-B74B-3B5E0961926D@apache.org>
References: <567825DE.9080405@apache.org>
 <da0889c0-5b24-4af0-ebf2-0146fb6c4f52@tirasa.net>
 <a6b11fcf-6029-59a7-498a-823f4be5996b@apache.org>
 <f98c51e1-06a7-5c63-3857-e23df8a272e4@apache.org>
 <E6ED8D80-DBCF-45C3-B715-B095AB8D79E7@apache.org>
 <9567c3b1-accb-3d84-2249-20fe2f55fff6@apache.org>
 <d64add0b-d352-a1ce-af37-6412156cc220@apache.org>
 <01a19bc7-a398-e475-ed0e-0c8f1675b9be@apache.org>
 <CADPkm84h9o7Q7oz0dBh57iEt2zSxskK0ePFAAvU_Uke2f1Xw3g@mail.gmail.com>
 <6330B824-36AE-4DF2-B993-CF5C5D36A56D@apache.org>
 <CADPkm84XaBjgQ07Kc7z6MjWqaxGy63AZQ+Dbq4DhvJ9oFA3WeA@mail.gmail.com>
To: Pierre Smits <pierre.smits@gmail.com>
X-Mailer: Apple Mail (2.3259)
archived-at: Thu, 12 Jan 2017 21:48:47 -0000



> On Jan 12, 2017, at 1:22 PM, Pierre Smits <pierre.smits@gmail.com> =
wrote:
>=20
> Please do not use the syncope implementation via the unencrypted =
tomcat port 8080/
>=20

Then configure tomcat to only listen on loopback, or only allow access =
from the local interface then.  Better yet change the firewall rules. Or =
do both. ;)=20

Assuming the VM is in puppet the firewall rules should be a few lines of =
config.=20




--
Cheers,
Tony

-----------------------
http://www.pc-tony.com
GPG - 3072D/2543E323
-----------------------