Friday Feb 08, 2008

Configuring OpenSSO - The CURL'y way

The simplest way to configure the OpenSSO system is to use the browser just to fill four test fields, it is that simple. However there are scenarios where you want to script the configuration on multiple machines or when you can not reach out to a browser, let us say all you've got is a dumb terminal access. In these scenarios what you do?

[Read More]

Monday Sep 24, 2007

Access Manager 7.1 support on Application Server 9.1

 Sun Java System Access Manager Support on Application Server 9.1

Sun has recently released the Application Server 9.1, Access Manager server ver 7.1 is supported on this version. Access Manager 7.1 can be installed on Application server 9.1 in two ways.

1. Single WAR deployment of Access Manager

2. Installing Access Manager using the Java ES 5 update 1 installer 


You can find the document on how to achieve the same 


Sun Java System Access Manager Policy Agents for Application Server 9.1


There is an agent that is also made available for Application Server 9.1,

You can download the agent from this location

This agent can be  configured by following this documentation

Tuesday Aug 21, 2007

Configuring Sun Java ES Access Manager Password Reset Application

Sun Java Enterprise System Access Manager provides a way to reset forgotten user passwords by simply configuring secret customizable questions and answers. This does not involve any administrator intervention except a one time system wide password reset application service configuration. 
[Read More]

Tuesday Jul 31, 2007

Configuring Sun Java System Access Manager Policy Agents on IBM WebSphere 6.0 Cluster


In this article I am going to discuss how to configure the Sun Java System Access Manager Policy agents on to websphere cluster. For this exercise it is assumed the WebSphere Network Deployment Server (WNDS) has one cell with two clusters in it.(CARE and IS ) Each cluster has exactly two Application Server instances belonging to the same profile, hosting one or more applications. The cluster member Application Servers instances are distributed among two physical nodes as depicted in the diagrams below. The WNDS profile is located in one of the nodes. The clusters are already created before installing the agents. This document will not cover the procedures for creating WebSphere clusters or configuring the IBM HTTP Server for load balancing. Additionally no custom SSL key store is used. The Application Server and Access Manager traffic happens over HTTP.

To deploy the policy agents on the WebSphere clusters there is no need to defederate the nodes.

[Read More]

Thursday Jul 26, 2007

Sun Java System Access Manager Policy Agents - Fetching Header/Response Attributes

Web Applications protected by the Sun Java System Access Manager Policy Agents version 2.2 can obtain the authenticated identity's attributes as well as the resource specific attributes by the following means

  • Set in as HTTP Header values

  • Set in the Browser Cookie as name value pairs.

In this part of doc, only the HTTP header option is discussed. The end application protected by the agents can obtain the authenticated identity's attributes as the HTTP header name value pairs in the following three ways:

  • Retrieve from authenticated identity's profile

  • Retrieve from authenticated identity's Session

  • Retrieve from policy resource response providers

[Read More]

Wednesday Mar 21, 2007

Using OpenDS as a user data store for OpenSSO

Latest version of this article is available here

This is a follow up posting to may original post about OpenSSO and OpenDS. I have tested the OpenSSOOpenDS is used as both configuration and user data store. For this I need to adapt the existing user schema to a form which is acceptable to OpenDS(which more strictly enforcing the schema,spec and DIT content rules). system with OpenDS(bld 30)

[Read More]

Saturday Dec 16, 2006

Should QA do security testing?

"Gartner states that the cost to fix a security vulnerability found in production is 6.5 times higher than one found in QA. A single security defect that may have cost only $150 if found in QA could easily cost an organization $975 if found in production."   

Should the QA team perform the security testing , how much that would cost extra? to find out read more on  here

[Read More]

Friday Dec 15, 2006

Dynamically enabling/disabling debug mode in the Access Manager Server

In the previous versions of Access Manager servers, to enable the server to debug message mode from the default error mode, one needs to set the in the That is not it, the webcontainer on which the Access Manager is deployed needs to be restarted. This is almost impossible in a production scenario, customers do not want to stop the server or sometimes the anamoly that is being experienced by the customer may not show up if the server is restarted. So there has to be a mechanism to dynamically enable/disable the server's debug level.[Read More]

Wednesday Dec 06, 2006

Know the Personality - Thiruvalluvar

Thirukural : (திருக்குறள்) is an important work of Tamil literature by Thiruvalluvar written in a poetic form called Kural or couplets expounding various aspects of life. While most scholars place him during 100-300 BCE, there are a few who consider him to have lived c. 30 BCE. Thirukural contains 1330 couplets divided into 133 chapters of 10 couplets each. Each couplet consists of seven words, with four words on the first line and three on the second. It is sometimes claimed that Thiruvalluvar wrote more than 1330 couplets, and that the rest of the work has gone missing and also that some of the verses were later included in the compilation.[Read More]

Monday Dec 04, 2006

Building and Installing OpenSSO J2EE agents on Glassfish Application Server

In this article I am going show you how to build and install OpenSSO J2EE agents on Glassfish Application server. I assume the opensso war is already been built and installed somewhere which can be used while installing the agents on glassfish. It consists following steps which needs to be carried on the same workspace where the OpenSSO server was built.[Read More]

Friday Dec 01, 2006

Solaris|OpenDS|GlassFish|OpenSSO - A Perfect Union

With reference to my earlier post some people asked me why not use Glassfish as the servlet container instead of Tomcat. I think they made sense to me. When I tried the glassfish, to my surprise the configuration of glassfish was as simple as Tomcat. Few simple well documented steps got me a working Application server in place. I have documented those simple steps to save few minutes of your time.[Read More]

Wednesday Nov 29, 2006

OpenSSO with OpenDS for the impatient

I have been waiting for the day when OpenDS and OpenSSO can work together. I think that day is here now. I was able to configure OpenDS as a configuration datastore for the OpenSSO with little hacks. I am sure in future these hacks may not be required as the OpenSSO configurator itself will support openDS. [Read More]

Thursday Nov 23, 2006

Automating the creation of Authentication instances in Sun Java ES Access Manager

I always like configuring the servers and its configuration in a scriptical way. It is not that I dont trust the browser interface, scripting offers more flexibility than the browser interface, Besides the parameterized scripts can be applied to any environment not just a particular domain or host[Read More]

Sunday Nov 05, 2006

OpenSSO deployment on tomcat requires server restart after configuration

I checked out the latest opensso codebase, after building the singlewar deployed on tomcat 5.5 on solaris. I could access the configurator page after configuring the opensso I am not able to access the server. Though I can access the login page after submitting the amadmin credentinals server just hangs. Tomcat server has to be restarted to access the opensso console. This is with 11/03/06 build An update on this[11/06/06], my friend and opensso project lead Dennis told me that if the browser's cache is cleared then it works fine there is no need to restart the tomcat. Though I did not yet redeployed opensso but when Dennis say he means it:.

Friday Nov 03, 2006

Using OpenLDAP as user data store for the OpenSSO

I have tried to use the account expiry and account lockout features of openSSO with OpenLDAP as my user data repository. The problem is these features heavily rely on the Access Manager specific schema , so unless you extend the Access manager schema to OpenLDAP these features cannot be used in the OpenSSO.[Read More]

Indira Thangasamy, I manage the OpenSSO Quality engineering team.


« July 2016