The value of OpenSSO to build Access Manager prototypes and PoCs !
By joachimandres on Oct 11, 2007
Over the last couple of months I built various prototypes and PoCs for customers to evaluate Sun Access Manager. The fact that the Access Manager source code repository is public provided and provides significant advantages in this process. And here's how.
\* Rapid and controlled customization
Situation: Before authenticating a user against an LDAP authentication module, it needs to be verified with the identity management system in place if the user is active. This translates into a custom authentication module with an API call to the external identity management system.
The value of OpenSSO: Developping a custom LDAP authentication module with the additional functionality is the traditionally supported way. However this introduces the risk that comes with re-writing a core piece of the security infrastructure (the LDAP authentication module). OpenSSO provides the source code of the standard LDAP authentication module (along with a build environment). Adding 10 lines of code and rebuilding the module from OpenSSO is not only a rapid but more importantly a low risk approach to customization here.
\* Technology Partner Integration
Situation: For a prototype a custom authentication module for a particular strong authentication provider was build. Following this exercise, various parties volunteered to own and maintain the element. However we quickly figured that the right way to maintain this is inside OpenSSO. The technology partner gets great visibility within OpenSSO and to the community. The commity gets the obvious benefit of more functionality.
\* Prototypes with "Early Access" software
With OpenSSO and a community strongly backed by Sun engineering, we build prototypes with much better early access bits (than before) while still getting some level of support (through the community).
I'll bump across further elements - and will post them here.