Monday Jul 28, 2008

Cleaner Common Tasks Pages

Cleaned up the Common Tasks Pages after receiving an email from The Smoking Monkey. Basically, we reduced the page content by hiding the inline help for each field; and showing the help message only when user clicked on the information icon. In this manner, the pages are cleaner.

Thursday Jul 17, 2008

Configurator in Japanese Locale

Tuesday Jul 01, 2008

UI For Agent's property types

We are working on UI for complex agent property types namely unordered list, ordered list and map. Here is a preview.

Friday Apr 20, 2007

Securing Web Service - JavaOne Lab

We are fortunate to have to opportunity to attend the hands-on lab session (LAB-5410 : Using Identity to Secure Web Services) conducted by Dr Aravindan. This is a dry run session for JavaOne.

We learned how to use Sun Java System Access Manager and Glassfish Application Server to secure web services. It is very easy to setup and configure the profiles for securing web services. There are 5 exercises in the lab. Once we have completed them, we have a good understanding of how it works. Many things appear to be seamless when we are configuring and running the exercises because under the cover Glassfish and Access Manager are doing the heavylifting.

To have a glance of how we secure web service, download Java EE 5 SDK Update 3 Preview 1 With Tools Bundle; and more information here (This sample is using a calendar service as illustration, In JavaOne, LAB-5410 uses stock quote service.) I recommend that you attend LAB-5410 in JavaOne 2007 so that you can have a better understanding of how things work; and Aravindan will be there to answer your questions.

Thursday Apr 12, 2007

How to federate a user?

Someone asked this question. "How to federate a user?" Here is the sequence diagram.

  • User visits the Service Provider the first time, he/she authenticates with the SP.
  • Then SP presents a list of Identity Provider to user
  • He/She chooses one of them and authenticate with it
  • Name Identifier is created. Name ID is hide the real identity of user. For example, user is joesmith in SP and he/she is jsmith in IDP; and his/her name ID is xyz (xyz is only an illustration, name ID is much longer length-wise). He/She is only known to SP and IDP as xyz.
  • IDP registers the name Id and SP ID; and then redirect the request back to SP
  • SP registers the name Id and IDP ID.
Pretty Simple, right?

This is only the beginning of Liberty/SAML ........

Tuesday Apr 03, 2007

Auto Complete sub command names for amadm CLI for bash user

SuperPat, my dearest pal (cough, cough!) pointed me to this blog DSEE 6.0 CLI made easier for /bin/bash users

And hinted me that we need to have this for OpenSSO. And why not. But this can be done in a different manner.

Download the opensso.war from here, deploy and configure it.

Download the from here, unzip it in a temporary directory and run the ./setup script.

type <deployuri>/bin/amadm to check that CLI is up and running. Next

<deployuri>/bin/amadm | perl -e 'my $x; while (<>)
  { chomp; if (($_ =~ /\^   ( [a-z][\\S]+)/) && ($_ !~ /amadm/))
  {$x .= $1; }} print $x;'
to get the list of sub commands. Then
complete -W "<paste the output of previous command>" amadm
Then you can do <deployuri>/bin/amadm add-<TAB><TAB> thingy.

Saturday Mar 24, 2007

OpenSSO: Configuration Data Store - You choose

If you have deployed the OpenSSO WAR file, do you know that the OpenSSO configuration data can be stored in three different type of data stores?

And, if you do. Do you know that you can export the data to a XML file? Do you know that you can import the XML back to a different type of data store ? :-) - Open Access . Open Federation

Wednesday Mar 14, 2007

Bulk Federation

I have just completed the implementation for bulk federation. The code is under review now. Here is an abstract of a paper that I have written with the help of my co-workers
A typical process of federating a user between an identity provider and a
service provider is

   1. The user authenticates to his service provider;

   2. He/she chooses an identity provider and authenticates with it.

    Once this is done, a name identifier is created and it is used to
identify this user in both providers. Both providers keep this name identifier
in the user's profiles to make the federation non transient. This name
identifier is removed from the user's profiles when defederation happens.
In this paper, we describe two sub commands in Command Line tool that
helps an organization to federate users between an identity provider (IDP) and
a service provider (SP) on their behalf.

Thursday Feb 22, 2007

WAR Configurator

OpenSSO has a very cool and convenient way on setup-ing up its WAR (Web Archive) file i.e. deploy the WAR in your favorite web container (caution: some web contains like WebSphere an d WebLogic requires some prior permissions setting); visit the deployed URI; enter a some basic information; hit the Configure button; and the WAR is configured.

You can choose to have the configuration datastore as OS file system; Sun Directory Server; or Microsoft's Active Directory. The latter is recently added. (thanks to our contributors, goodearth and Dr. Aravindan).

You will be redirected to the Login page and you log in as the default super administrator, "amadmin" (this is not clearly documented that "amadmin" is the one, we will fix it). And it is done (configured).

The major issue is when the WAR configurator fails, it is difficult to figure out what went wrong. Because the configurator JSP does not provide an installation log.

we are working on fixing this (please bear with us :-))

Thursday Jan 04, 2007

Monster in my room

Dec 24, 2006. My 4 years old damaged my keyboard.

He thought that it was fun to remove the keys. Amazingly, it happened within a few minutes.

I got a replacement from Dell store. Cost of damage

  • 8 dollars for the keyboard panel; and
  • 16 dollars for 2 days shipping

Thursday Dec 21, 2006

Five Things about Me

Got tagged by Pat!

Here are mine

  1. Dennis is not my real name. "Vei Ming" is. Dennis ("sinned", if you read dennis backward) was given to me by a teacher. In high school, I never behaved myself in class and was a C student. So ... (so what! :-))
  2. I am allergic to seafood. I will have skin rash and itch if I eat seafood. None of my family members have this allergy. Hmmm... where do I get it from?
  3. I was a vehicle mechanic in the Singapore Armed Forces. I can only repair diesel trucks. I can help you to fix yours if you happen to have one :-)
  4. I lived in a Taoist template from birth till 8 years old. I witnessed many things that I cannot explain until today.
  5. I am a Singaporean, my wife is a Malaysian and my son is an American. We carry passports from different countries ;-)
Indira, Aravindan, Rajeev, Micheal and David. You're it!

Friday Dec 08, 2006

OpenSSO: JDK 1.4

The sources in OpenSSO workspace is altered to compile with the source and target levels set to "1.4" (with some exceptions\*) because there is an requirement to support WebSphere which does not have JDK 1.5 suppport yet.

\*Exception Developer's unit test continues to be compiled with 1.5 target because annotation is used. Hence we need to have JDK 1.5 compile for the OpenSSO workspace.

Tuesday Dec 05, 2006

Cross Domain Single Sign On

I have just added the code to support Cross Domain Single Sign On. I have a summary on how things are done. [PDF].

Next shall be cookie hijacking prevention piece (under code review now) For information, please a document on [HTML]

Wednesday Nov 22, 2006

OpenSSO: Nightly and Stable Builds

There was a question on the stability of OpenSSO nightly bits. "Are they stable?" "Can we tag one of the builds as stable build?"

There are some answers.

It took us about 9 months to open source the Access Manager code base, We did code clean up; move to an open source test framework; add more comments to our code (so that external parties can understand the logic better); etc. During this 9 months, we are also committed to ship Sun Java Enterprise System's Access Manager 7.1. So, we have two CVSes, one for Access Manager 7.1 (which is private to our team) and other for OpenSSO (which is public to all). We are constantly sync-ing up these CVSes. i.e. whatever got fix in private CVS goes to OpenSSO CVS.

Much of our QA effort are spent on Access Manager 7.1. Theoretically, OpenSSO code base is stable because it is based on Access Manager 7.1. However, we cannot be certain because we did code clean and minor refactoring on OpenSSO code base.

Now, we are almost done with Access Manager 7.1, and soon we will have a QA certified nightly build and we will tag it as "stable".

Wednesday Nov 15, 2006

Dell owes me money :-)

User paid to uninstall Windows XP

I am not using WindowsXP on my Dell. I am running Fedora. Now, where is my refund :-)




« October 2016
Blog friends

No bookmarks in folder