Home › Monthly Archives › September 2009

Shrinking Windows Disk: A huge challenge!

Usually i don’t blog about Windows issues since i don’t use it. However recently i bought a Laptop for my father. It had Windows Vista Ultimate Home on it. The hard disk is 250GB in size so i wanted to partition it into smaller ones so that i could have “D” drive for data and possible slap Ubuntu on it too. The problem was that there was one cluster of data right at the end of the partition that could not be moved by defrag or any of the commercial available Defrags out there.

So first i did the usual tricks i.e. set page file to zero, disabled system restore, disabled dumps, disabled hibernation. Deleted all the related files etc.

Then i ran defrag. Still no joy. Then i ran defrag.exe from command line with -w switch. Still no joy.

Then i downloaded a commercial utility called O&O Defrag. This utility still did not move the file(s). But it did help to identify the name which was “$Extend/$UsnJrnl…”

Further research reveled that this journal file was actually being used by the windows indexing service. So naturally i disabled the indexing service. This did release/delete some of the journal file but a small cluster of them still remained. I could not figure out what application was using them.

Then i attempted to use “fsutil usn deletejournal /D C:” command from a System Administror command prompt. I would always get “Access Denied”.

So i downloaded PEbuilder and created a Windows XP SP3 BartPE disk. I booted from the disk and then i ran “fsutil usn deletejournal /D C:” again. This time the command worked since the journal was not opened by any process.

I rebooted and ran a free defrag utility called Auslogics Disk Defrag. Everthing now consolodated to my liking and i was able to resize the partition to my hearts content!

OpenSSO 8 & SAML v2 AttributeStatement

A very useful and essential feature of OpenSSO is to allow attribute mappings.  This enables you to send addtional attributes in the SAMLv2  assertion/response to the Service Provider.  Once the attribute mapping is defined (can be done either from the GUI under the entities “Assertion Processing” tab or in the metadata itself), the map is sent as a name-value pair to the Service Provider.  Also keep in mind that the mapping can and should be defined on the remote service provider so that if your hosted IDP is shared amongst multiple SP’s, each can have their own mapping.  For example here the map was defined from the GUI as USERID=employeeNumber for one of the remote SP’s.

<saml:AttributeStatement><saml:Attribute Name="USERID"><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">121898</saml:AttributeValue><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">007</saml:AttributeValue></saml:Attribute></saml:AttributeStatement>

Once the Service Provider receives the assertion and has been configured to look for the attribute name USERID, it will grab the value and do whatever it needs to.  One such real life example is SalesForce.com CRM.  In OpenSSO 8 Express Build 8, there is a wizard to support easy configuration of federation with SalesForce.com which results in a map definition automatically.

One problem that i ran into (not related to the product, phew..) was that however many maps i defined i could not see them in the assertion.  As a matter of fact i could not even see the <saml:AttributeStatement> tag.  Turns out that earlier i had modified the Authentication->Core setting from Profile=required to Profile=ignored.  Reverting back to Profile=required fixed the issue and the assertion started to pass the attributes.