Tuesday Oct 16, 2007

OpenPTK UML and OpenSSO configuration

The User Management Lite sample application was designed to provide a way to integrate user provisioning services into a remote java application. It uses the OpenPTK's provisioning tag library to provide a simple way to add user provisioning services to a java application.

The OpenPTK User Management Lite (UML) was designed to showcase user provisioning and self service functions. Authentication and Authorization are necessary for a complete solution deployment. The UML provides an interface for user authentication. The UML was designed to be protected by a web single signon infrastructure like Sun Acccess Manager or OpenSSO. If a web single signon infrastructure is not configured with the UML, it provides simulated authentication screens to enable the sample application's features to be used. In a real world deployment, it is expected that the authentication will be implemented in many different ways and is out of scope of the core OpenPTK framework features. The instructions below describe the steps to protect the UML application with OpenSSO. The same steps would be required with Sun Access Manager or another web single signon infrastructure.

Configuring OpenSSO to protect the OpenPTK User Management Lite (UML)

The UML was designed to be protected by a web single signon infrastructure. Once it is deployed to an application server, it can be protected by an agent for integration with the web single signon infrastructure. The following high level tasks will enable authentication of the UML to be provided by an external infrastructure:
  • Deploy UML .war file
  • Deploy OpenSSO infrastructure and Agent to protect UML's application server
  • Create a policy for UML access in OpenSSO (or Sun Access Manager)
  • Protect the UML application (if deployed on Application Server, this step is not required if deploying on Sun Web Server) in web.xml
  • Configure the agent to insert an HTTP header named: openptkid
  • Configure the agent to not enforce the UML welcome page
More details will be available in the Open PTK Samples User's Guide which will be available soon.

Wednesday Oct 10, 2007

Project OpenPTK launched!

Project Open Provisioning ToolKit (OpenPTK) provides a bridge between Identity Solutions and specialized user interfaces or access points. It is hosted on the Identity Management community on java.net.

Project Open Provisioning ToolKit (OpenPTK) is an open source User Provisioning Toolkit exposing API's, Web Services, HTML Taglibs, JSR-168 Portlets with user self-service and administration examples. The architecture supports several pluggable back-end services including Sun's Identity Manager, Sun's Access Manager and LDAPv3.

Available now are several sample applications which demonstrate the features of the OpenPTK. These samples are preconfigured to connect to a hosted Identity Management infrastructure. This infrastructure includes Sun Identity Manager and it's SPML interface. The applications include:
  • User Management Lite - a sample java web application which provides simple User Management in a remote interface, user self service, and user registration / forgotten password services. This leverages the OpenPTK's provisioning tag library.
  • Provisioning Web Service - This JAX-RPC web service provides the a .wsdl interface to define specific user management tasks. This leverages the OpenPTK's java api.
  • OpenPTK Command line interface - this provides a command line interface to access a remote provisioning infrastructure . This leverages the OpenPTK's java api.
  • Coming soon: JSR 168 Portlets for User Admnistration, Self Service, and Forgotten Password services. This leverages the OpenPTK's provisioning tag library and the java api.

Coming soon will be documentation to deploy these sample applications to connect to your Identity infrastructure, followed closely by full access to the source code for the OpenPTK framework.

This project was started last year by 3 Sun Systems Engineers (Scott Fehrman, Terry Sigle, and myself) to demonstrate the power and flexibility of Sun's Identity Management suite of products in new and flexible ways. Due to the demand and flexibility of the solution, this open source project was launched to enable others to extend the value of their Identity Management infrastructures. It is designed to be completely complementary to existing deployments of Identity Management infrastructures.




« February 2015