Monday Aug 31, 2009
So you want to copy session attributes and set them to a SAMLv2 assertion? Simply modify the attribute mapping for the identity provider or the remote service provider (you can do it using the OpenSSO console). The default OpenSSO SAMLv2 attribute mapper will find the appropriate attributes in the session and set them in the SAMLv2 assertion. Now how about Puretone (aka Josh Abrahams featuring Amiel Daemion) and Addicted to Bass?
Wednesday Jul 01, 2009
By docteger on Jul 01, 2009
After a successful SAMLv2 single sign-on, sessions are created on both the identity provider side and the service provider side. The sessions are independent from each other with their own maximum session time out and idle time out values so if one session times out or is destroyed locally, the other will not be notified. This results in an inconsistent session state between the two providers. For the upcoming Express Build 8 release, OpenSSO has added a new configuration property to support session synchronization between the two providers. The service provider will notify the identity provider when a session is refreshed (by access) or at a fixed interval. The Session Synchronization attribute (available only in builds later than OpenSSO Enterprise 8.0) is displayed only after creating a SAMLv2 hosted identity or service provider configuration first. See Part II Federation, Web Services, and SAML Administration in the OpenSSO Enterprise 8.0 Administration Guide. Following that, under the Federation tab, click the name of the appropriate provider to display its attributes. Under the Advanced tab is the Session Synchronization attribute which can be enabled for a hosted SAMLv2 provider. If session synchronization is enabled for the hosted identity provider and a session times out (due to hitting a maximum idle time out value or maximum session time value), the identity provider will send a SOAP logout request to all affected service providers. If session synchronization is enabled for the hosted service provider, it will send a SOAP logout request to all affected identity providers. A few weeks back, I posted an article on one time password authentication with a musical clip of The Beautiful South. The Beautiful South was one fork that grew after the breakup of The Housemartins. (The other was Fatboy Slim.) In that vein, here is an excellent live clip of The Housemartins performing Anxious from their debut LP. I miss The Housemartins.
Thursday Jun 18, 2009
- Eyes Only: OpenSSO Express 9 Documentation
- Sun & Oracle: EU Has No More Tears
- Using OpenSSO with Microsoft Geneva Server
- Managing OpenSSO Entitlements Using REST: The End
- Evaluating OpenSSO Entitlements Using REST
- Listening for the OpenSSO Entitlements Service Using REST
- Authenticating for the OpenSSO Entitlements Service REST Interfaces
- Born To Change a Configured OpenSSO Host Name
- Happy New Year Authenticating to OpenSSO Monitoring Service
- Importing the Root CA Certificate for Secure OpenSSO Rainbow Connections