Thursday Aug 13, 2009

SAML2 SSO to using OpenSSO

Now it is so simple to use OpenSSO as an Identity Provider to SSO
with applications using the SAMLv2 protocol. Out of the
box OpenSSO supports an easy to use work flow feature that enable the
customers to integrate applications to their existing
authentication infrastructure. More you can read it from my new url

[Read More]

moving to wordpress

It is time for me to move to I like the editor and it is so easy to upload an image/file. You can find my new posts at 

[Read More]

Sunday Jun 14, 2009

Using Oracle Internet Directory (OID) as Identity store for OpenSSO

The postings I made in the past seem to be very useful to the OpenSSO community I conclude this based on the private mails that I have received periodically. This time I am venturing out to see how the Oracle Internet Directory (OID) could be massaged to store the OpenSSO User and Group information. I dont  claim to be an expert in Oracle Directory Server nevertheless what I provide here is a validated procedure that is expected to work.  Though I am part of the  OpenSSO enterprise product team,  in no means I imply this particular identity store is  a official part of the supported OpenSSO release.  

[Read More]

Monday Jun 08, 2009

How To Determine LDAP persistent search support

How To Determine whether the given LDAP server support persistent search

the persistent search draft version control 2.16.840.1.113730.3.4.3 is implemented by many of the LDAP servers including

  • IBM(Tivoli Directory)

  • Novell(eDirectory)

  • Sun(DSEE)

  • OpenDS(OpenDS Directory Server 1.0.0-build007)

  • Fedora-Directory/1.0.4 B2006.312.1539

perform the following search for the persistent search control 2.16.840.1.113730.3.4.3
ldapsearch -p 389 -h ds_host -s base -b '' "objectclass=\*" supportedControl | grep 2.16.840.1.113730.3.4.3

Active Directory

AD implements in a different form using the LDAP control 1.2.840.113556.1.4.528

ldapsearch  -h AD_HOST -p PORT  -D"CN=Administrator,CN=Users,dc=test,dc=com" -w secret12 -s base  -b '' "objectclass=\*" supportedControl | grep 1.2.840.113556.1.4.528

Thursday Apr 09, 2009

Password Reset with OpenDS

This blog is an addendum  to my earlier entry on the password reset application.
This article specifically addresses the steps involved in configuring
the OpenDS as the user store for the OpenSSO and enabling password
reset that works  in association with OpenDS Password policy. 

[Read More]

Monday Mar 09, 2009

Using OpenDS as user store for OpenSSO

I have been receiving email constantly about questions that regard to configuring OpenDS as user store for OpenSSO. In  my earlier post I have detailed a hack to configure OpenDS with OpenSSO.  Starting from Express build 7 of OpenSSO , OpenDS is officially supported as the user store with some known limitation regards to support for OpenDS password policies. These shortcomings will be resolved in the forth coming Express builds.  

[Read More]

Monday Nov 10, 2008

How to get debug logs of opensso Configurator

It is easy to configure  an already existing  opensso system to run in 'debug' mode, but what if the system is being configured and you want to view the debug traces of opensso? There is a way to do that in OpenSSO. 

[Read More]

Friday Nov 07, 2008

Configuring multiple OpenSSO servers with Configuration store as Directory Server Enterprise Edition

This document specifically addresses the workaround for the
opensso issue 4094, yet this document can be used to configure the
Opensso Server against an existing Sun Java System Directory Server
Enterprise Edition. (DSEE)

[Read More]

Thursday Nov 06, 2008

Configuring Access Manager Repository Plug-in in OpenSSO

Out of the box Access Manager Repository Plug-in datastore plugin cannot be created in the OpenSSO server, This is not a bug rather it is intentional to configure it manually depending up on the customer requirement.   Access Manager Repository Plug-in data store may be applicable in the co-existence and/or upgrade scenarios with its predecessors like Sun Java System Access Manager.  For the fresh deployments customers should be using the Identity Repository Datastore Plugins. 

[Read More]

Tuesday Jul 01, 2008

REST based Identity Services in OpenSSO

People who love programming in the interpretive languages would love the OpenSSO  REST based Identity Services, OpenSSO offers decently powerful REST interfaces to manipulate the idenity information stored in any supported OpenSSO identity store. I strongly encourage to read  Aravindan Ranganathan's  article on Identity Servic

This document is generated based on the  article

[Read More]

Friday Feb 08, 2008

Configuring OpenSSO - The CURL'y way

The simplest way to configure the OpenSSO system is to use the browser just to fill four test fields, it is that simple. However there are scenarios where you want to script the configuration on multiple machines or when you can not reach out to a browser, let us say all you've got is a dumb terminal access. In these scenarios what you do?

[Read More]

Wednesday Mar 21, 2007

Using OpenDS as a user data store for OpenSSO

Latest version of this article is available here

This is a follow up posting to may original post about OpenSSO and OpenDS. I have tested the OpenSSOOpenDS is used as both configuration and user data store. For this I need to adapt the existing user schema to a form which is acceptable to OpenDS(which more strictly enforcing the schema,spec and DIT content rules). system with OpenDS(bld 30)

[Read More]

Monday Dec 04, 2006

Building and Installing OpenSSO J2EE agents on Glassfish Application Server

In this article I am going show you how to build and install OpenSSO J2EE agents on Glassfish Application server. I assume the opensso war is already been built and installed somewhere which can be used while installing the agents on glassfish. It consists following steps which needs to be carried on the same workspace where the OpenSSO server was built.[Read More]

Friday Dec 01, 2006

Solaris|OpenDS|GlassFish|OpenSSO - A Perfect Union

With reference to my earlier post some people asked me why not use Glassfish as the servlet container instead of Tomcat. I think they made sense to me. When I tried the glassfish, to my surprise the configuration of glassfish was as simple as Tomcat. Few simple well documented steps got me a working Application server in place. I have documented those simple steps to save few minutes of your time.[Read More]

Wednesday Nov 29, 2006

OpenSSO with OpenDS for the impatient

I have been waiting for the day when OpenDS and OpenSSO can work together. I think that day is here now. I was able to configure OpenDS as a configuration datastore for the OpenSSO with little hacks. I am sure in future these hacks may not be required as the OpenSSO configurator itself will support openDS. [Read More]

Indira Thangasamy, I manage the OpenSSO Quality engineering team.


« June 2016