OpenSSO/FAM and the Belgian Identity Card (EID)

People keep asking me whether Sun's identity management solution supports the EID card for authentication out-of-the-box.  The answer is YES.

OpenSSO/FAM can use the EID certificate via X509, leveraging the EID middleware and the browser' SSL backchannel.
In order to map the certificate to a local LDAP account/profile, you can either have that account created on the fly, use a transient session that only keeps the profile in memory and deletes it afterwards, or map it to an existing profile by adding the certificate public key as an attribute to the OpenSSO used LDAP repository.

For more information on how to configure the OpenSSO environment for use of EID, please look at Sebastien's article :
http://blogs.sun.com/sebsto/entry/use_your_eid_to_authenticate

Another way of dealing with is would be to use Federation (f.e. SAML 2) connecting OpenSSO to a SAML enabled identity provider using EID as a means of authentication.   That way, an assertion would be sent to OpenSSO that could be used to create a session for the intended account.
IDP's with this capability that do not currently have SAML 2 functionality embedded in the product may want to take a look at the newly added Fedlet and Federation Validator functionality added in OpenSSO. It is both intended for SP's and IDP's.
See : http://blogs.sun.com/sid/entry/fedlet



Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

Bert Van Beeck is a Senior Software Architect at Sun Microsystems, specialized in Sun's Identity Management portfolio. He's part of the Northern European pre-sales software team.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today