Monday Jul 28, 2008

Cleaner Common Tasks Pages

Cleaned up the Common Tasks Pages after receiving an email from The Smoking Monkey. Basically, we reduced the page content by hiding the inline help for each field; and showing the help message only when user clicked on the information icon. In this manner, the pages are cleaner.

Thursday Jul 17, 2008

Configurator in Japanese Locale

Tuesday Jul 01, 2008

UI For Agent's property types

We are working on UI for complex agent property types namely unordered list, ordered list and map. Here is a preview.

Thursday Apr 12, 2007

How to federate a user?

Someone asked this question. "How to federate a user?" Here is the sequence diagram.

  • User visits the Service Provider the first time, he/she authenticates with the SP.
  • Then SP presents a list of Identity Provider to user
  • He/She chooses one of them and authenticate with it
  • Name Identifier is created. Name ID is hide the real identity of user. For example, user is joesmith in SP and he/she is jsmith in IDP; and his/her name ID is xyz (xyz is only an illustration, name ID is much longer length-wise). He/She is only known to SP and IDP as xyz.
  • IDP registers the name Id and SP ID; and then redirect the request back to SP
  • SP registers the name Id and IDP ID.
Pretty Simple, right?

This is only the beginning of Liberty/SAML ........

Tuesday Apr 03, 2007

Auto Complete sub command names for amadm CLI for bash user

SuperPat, my dearest pal (cough, cough!) pointed me to this blog DSEE 6.0 CLI made easier for /bin/bash users

And hinted me that we need to have this for OpenSSO. And why not. But this can be done in a different manner.

Download the opensso.war from here, deploy and configure it.

Download the from here, unzip it in a temporary directory and run the ./setup script.

type <deployuri>/bin/amadm to check that CLI is up and running. Next

<deployuri>/bin/amadm | perl -e 'my $x; while (<>)
  { chomp; if (($_ =~ /\^   ( [a-z][\\S]+)/) && ($_ !~ /amadm/))
  {$x .= $1; }} print $x;'
to get the list of sub commands. Then
complete -W "<paste the output of previous command>" amadm
Then you can do <deployuri>/bin/amadm add-<TAB><TAB> thingy.

Saturday Mar 24, 2007

OpenSSO: Configuration Data Store - You choose

If you have deployed the OpenSSO WAR file, do you know that the OpenSSO configuration data can be stored in three different type of data stores?

And, if you do. Do you know that you can export the data to a XML file? Do you know that you can import the XML back to a different type of data store ? :-) - Open Access . Open Federation

Wednesday Mar 14, 2007

Bulk Federation

I have just completed the implementation for bulk federation. The code is under review now. Here is an abstract of a paper that I have written with the help of my co-workers
A typical process of federating a user between an identity provider and a
service provider is

   1. The user authenticates to his service provider;

   2. He/she chooses an identity provider and authenticates with it.

    Once this is done, a name identifier is created and it is used to
identify this user in both providers. Both providers keep this name identifier
in the user's profiles to make the federation non transient. This name
identifier is removed from the user's profiles when defederation happens.
In this paper, we describe two sub commands in Command Line tool that
helps an organization to federate users between an identity provider (IDP) and
a service provider (SP) on their behalf.

Thursday Feb 22, 2007

WAR Configurator

OpenSSO has a very cool and convenient way on setup-ing up its WAR (Web Archive) file i.e. deploy the WAR in your favorite web container (caution: some web contains like WebSphere an d WebLogic requires some prior permissions setting); visit the deployed URI; enter a some basic information; hit the Configure button; and the WAR is configured.

You can choose to have the configuration datastore as OS file system; Sun Directory Server; or Microsoft's Active Directory. The latter is recently added. (thanks to our contributors, goodearth and Dr. Aravindan).

You will be redirected to the Login page and you log in as the default super administrator, "amadmin" (this is not clearly documented that "amadmin" is the one, we will fix it). And it is done (configured).

The major issue is when the WAR configurator fails, it is difficult to figure out what went wrong. Because the configurator JSP does not provide an installation log.

we are working on fixing this (please bear with us :-))

Friday Dec 08, 2006

OpenSSO: JDK 1.4

The sources in OpenSSO workspace is altered to compile with the source and target levels set to "1.4" (with some exceptions\*) because there is an requirement to support WebSphere which does not have JDK 1.5 suppport yet.

\*Exception Developer's unit test continues to be compiled with 1.5 target because annotation is used. Hence we need to have JDK 1.5 compile for the OpenSSO workspace.

Tuesday Dec 05, 2006

Cross Domain Single Sign On

I have just added the code to support Cross Domain Single Sign On. I have a summary on how things are done. [PDF].

Next shall be cookie hijacking prevention piece (under code review now) For information, please a document on [HTML]

Wednesday Nov 22, 2006

OpenSSO: Nightly and Stable Builds

There was a question on the stability of OpenSSO nightly bits. "Are they stable?" "Can we tag one of the builds as stable build?"

There are some answers.

It took us about 9 months to open source the Access Manager code base, We did code clean up; move to an open source test framework; add more comments to our code (so that external parties can understand the logic better); etc. During this 9 months, we are also committed to ship Sun Java Enterprise System's Access Manager 7.1. So, we have two CVSes, one for Access Manager 7.1 (which is private to our team) and other for OpenSSO (which is public to all). We are constantly sync-ing up these CVSes. i.e. whatever got fix in private CVS goes to OpenSSO CVS.

Much of our QA effort are spent on Access Manager 7.1. Theoretically, OpenSSO code base is stable because it is based on Access Manager 7.1. However, we cannot be certain because we did code clean and minor refactoring on OpenSSO code base.

Now, we are almost done with Access Manager 7.1, and soon we will have a QA certified nightly build and we will tag it as "stable".

Wednesday Nov 15, 2006

OpenSSO: Development Process Docs and template

Development Process Docs and template

Pat has posted the OpenSSO Development Process Document and a set of document templates.

Our engineering team is following this process (internally) before we open source the code base. Now, we open it to all OpenSSO contributors.

And, we have also published a set of coding guidelines. [Here]

Tuesday Nov 14, 2006

Open Federation

We have just open sourced the Federation and Web Services code base under the OpenSSO project. As of today, OpenSSO has the following products
  • Access Manager
  • Open Federation
  • J2EE Agents for Sun Application Server 8.x
  • Web Agents for Apache Server

The nightly builds for Open Federation are at and

Note: You may need to get more jar files into opensso/products/extlib after you sync up your workspace with OpenSSO CVS and after building your workspace. Please read the README under opensso/products directory.

Tuesday Oct 24, 2006

Nightly build for J2EE Agents

Nightly build for J2EE Agents is posted at

Currently, we only have agents for Sun Application Server v81 and v82. And, this is the README

Wednesday Oct 04, 2006

OpenSSO: Life of a Session

This is a simplistic view of a session in OpenSSO. <script language="Javascript"> function sessionview(img) { document.all.sessionimg.src = '' + img; } </script>

+ Session Creation [View]
+ Session Validation [View]
+ Session Failover View]
+ Session Recovery View]
+ Session Termination View]




« July 2016
Blog friends

No bookmarks in folder