SHRI VAISHNAV VIDYAPEETH VISHWAVIDYALAYA

Shri Vaishnav Institute of Information Technology

Department of Computer Science and Engineering
(Session: - Jan - Jun 2022)

PRACTICAL FILE

Name Himanahu Patil

Enrolment No. 19100BTCMCI05527

Course Name Cloud Security

Year/Semester 4th / 7th

Section E

PRACTICAL - 1
Objective: Create Cloud Foundry Application and deploy the application on
IBM cloud.

Step 1 – Login in to your IBM cloud account.

Step 2 – Click on Catalog.

Step 4 – Click on the Cloud foundry application and click on Create.
Select Node.js and give name to your application and click on create.

Step 5 – Click on Overview and scroll down and click on Enable Continuous Delivery.
Step 6 – Click on Delivery Pipeline and Click on New to create new API Key
Step 7 – Click on Eclipse Orion Web IDE editor to open your app editor.

Step 8 – Click on Create new app configuration.

Select London in the Target and Click on Save
Click on Deploy and Click open in browser. You will see the below webpage.
 PRACTICAL – 2

Objective: Deploy your application using GIT.

Step 1: Open the Eclipse Orion Web IDE editor of your application.

Step 2: Click on the Git icon on the left side.

Step 3: Write your commit message.

Step 4: Click on Commit and Sync.

Step 5: Click on Push and select Push all.
 PRACTICAL – 3

Objective: Deploy your application using IBM Cloud CLI.

Step 1: Create a Clone application using Cloud foundry as above and click on Eclipse editor.
We have to create three files 1) package.json 2) manifest.yml 3) app.js
Step 2: Create app.js file and write the code below.
Code: -
var http = require("http");
var port = process.env.VCAP_APP_PORT || 8080;
http.createServer(function(request, response){ response.writeHead(200,{'content-
Type':'text/plain'});
response.end('Hello Everyone!');
}).listen(port);
Step 3: Create manifest.yml file and write the below code.
Code: -
applications:
- path: .
memory: 128M
instances: 1
name: privatecloud
host: cloud
disk_qutta: 1024M
Step 4: Create package.json file and write the below code.
Code: -
{
"name": "NodejsStarterApp",
"version":"0.0.1",
"discription":"Hello World Nodejs example",
"scripts":{
"start":"node app.js"
}}

Step 5: Click on the File and select export to zip and download the zip file.
Step 6: Extract the zip file and open command prompt in the extracted folder. In order to use
IBM CLI we have to install it from the link - https://github.com/IBM-Cloud/ibm-cloud-cli-
release/releases/
Step 7

Step 8: Use command ibmcloud login.

Login using your credentials.

Step 9: Use command: ibmcloud target –cf

Step 10: Use command ibmcloud target -g Default.
Step 11: Use command ibmcloud cf push appname
 PRACTICAL – 4

Objective: Text to speech using Node-Red.

Step 1 - Click on Catalog and search Text to Speech and click on it.

Step 2- Click on create

Step 3 – Now the text-to-Speech instance is created now open the node-red instance and click
on Visit App Url.
Step 4- Drag and drop text input node, text to speech node and audio out node and connect
everyone as below.
Step 5 – Configure text input node by double clicking on it.

Step 6 – Configure text to speech node by double clicking on it

Step 7 – Configure audio out node by double clicking on it.

Step 8 - https://node-red-sqsvu-2022-03-15.eu-gb.mybluemix.net/ui

Copy the url and type ui after net/ in the url.

You will hear the sound of your text.
 PRACTICAL –5

Objective: Implementation of containerization using Docker.

Step-1: Building the docker Image

Step 2: check for your image

Step-3: Check port of your server

Step-4: This will start up a Docker container
based off simran052/cu1 docker image and
expose it on port 9000 on the machine.

Step5: Check the container ID for your Image

Step6: Verify the console log of the container
using the command

Step7: Do login in your docker hub account

Step8: Pushing image to docker hub

Step9: Do logout (As the image is now publicly

available anyone can download it from Docker
Hub)

• Check on port on 9000 for output

 PRACTICAL – 6
Objective: Language Translator

Step 1: Click on catalog and select Language Translator.

Step 2: Click on Create.

Step 3: Now create Node-RED app instance by searching it on catalog
Step 4: Click on Create.

Step 5: Drag and Drop inject node, translator node and debug node and connect everyone as
below.
Step 6 – Configure Inject node.

Step 7 – Configure Language translator util node.

Step 8 – Configure Debug node.
Insert your message in the inject node and you will see the translated text in the debug
window

PRACTICAL – 7

Objective: Creating account in SalesForce.

Step 1 – Fill all the personal details and in company name fill [email protected].

Step 2 – Login using your credentials.

 PRACTICAL – 8

Objective: Creating object in SalesForce.

Click on Objects and Fields and click on Object Manager.

Click on Create and select Custom object
 PRACTICAL – 9

Objective: Securing a web application with single sign-on

Authentication request side

from xml.etree import cElementTree

from datetime import datetime as dt

from django.http.response import HttpResponseRedirect

from base64 import b64encode

def signin(request):

if not request.session.session_key:

request.session.create()

session_key = request.session.session_key

identity_provider_url = 'https://identity-provider.com/sso/saml'

provider_entity_id = 'https://service-provider.com/metadata'

assertion_consumer_service_url = 'https://service-provider.com/acs'

root = cElementTree.Element('samlp:AuthnRequest', attrib={

'xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol',

'xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion',

'ProtocolBinding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',

'Version': '2.0',

'ID': session_key,

'ProviderName': provider_entity_id,

'IssueInstant': dt.now().isoformat(),

'Destination': identity_provider_url,

'AssertionConsumerServiceURL': assertion_consumer_service_url

})

issuer = cElementTree.SubElement(

root,

'saml:Issuer',

text='http://sp.example.com/demo1/metadata.php'

name_id_policy = cElementTree.SubElement(

root,

'samlp:NameIDPolicy',

attrib={

'Format': 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',

'AllowCreate': 'true'

}
)

authentication_context = cElementTree.SubElement(

root,

'samlp:RequestedAuthnContext',

attrib={

'Comparison': 'exact'

authentication_context_class_ref = cElementTree.SubElement(

authentication_context,

'saml:AuthnContextClassRef',

text='urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'

authentication_request = cElementTree.tostring(root, encoding='utf-8',

method='xml')

base64_encoded_authentication_request = b64encode(authentication_request)

return HttpResponseRedirect(f'{identity_provider_url}?
AuthNRequest={base64_encoded_authentication_request}’)

SAML Response side

import binascii

from signxml import XMLVerifier

from django.http.response import HttpResponseBadRequest, HttpResponse,

HttpResponseNotFound

from django.contrib.auth import login

from django.contrib.auth.models import User

from base64 import b64decode

from django.views.decorators.csrf import csrf_exempt

@csrf_exempt

def validate_saml_response(request):

try:

saml_response = request.POST['SAMLResponse']

except KeyError:
 return HttpResponseBadRequest()

try:

saml_response_xml = b64decode(saml_response)

except binascii.Error:

return HttpResponseBadRequest()

namespaces = {

'ns1': "urn:oasis:names:tc:SAML:2.0:assertion",

'ns2': http://www.w3.org/2000/09/xmldsig#

xml_verifier = XMLVerifier()

try:

verified_xml = xml_verifier.verify(

saml_response_xml, x509_cert=open('app/data/idp.crt', 'r').read()).signed_xml

email = verified_xml.find('.ns1:Assertion/ns1:Subject/ns1:NameID', namespaces).text

except:

return HttpResponseBadRequest()

try:

user = User.objects.get(email=email)

except User.DoesNotExist:

return HttpResponseNotFound()

login(request, user)

return HttpResponse(f'<h1>Logged in as {user.email}</h1>',

content_type='text/html')

PRACTICAL – 10

Objective: Configuring Identity and Access management service on

cloud environment.

Create vpc
While creating Subnet choose vpc

Check the availability zone of your public subnet and

create private subnet in different zone

Created 2 subnets
Create two route tables for public and private
Subnet

Go to subnet association and associate the

subnets to route tables
What we have done till now

Create an internet gateway for public subnet

Attach this internet gateway to your VPC

Go to edit routes option in your public

Subnet
Elastic IP
• Elastic IP(EIP) is an IP address that you can reserve from
AWS for your account.
• Once you've created an Elastic IP, you can assign it to any
instance of your choice. Once you reserve an Elastic IP,
nobody else can use that IP address. Elastic IPs are unique
because they are dynamically remappable IP addresses
that make it easier to manage servers and make global
changes in the cloud.
• Whereas static IPs are associated to a particular machine,
EIPs can be reassigned to different instances when
necessary as you launch and terminate servers.

Create two instances one for public and

another for private subnet
Connect to your public machine

Try to connect your private machine from

here.