OpenSSO Webstart Prototype : QuickSetup


Here is a prototype for a Java Web Start based OpenSSO installation built with Embedded GlasshfishV3 early builds and Embedded OpenDS.

The idea is that no separate installation of a app server and directory is necessary to start exercising OpenSSO features.

Although initially targeted for people new to OpenSSO, clearly there are several interesting possibilities going forward for such a delivery mechanism in the future. Some initial thoughts are listed below :
  • Quick evaluation of OpenSSO samples, Fedlet, Virtual Federation Proxy
  • Developer tooling : test executions
  • Pre configured OpenSSO - for demos, training
  • Upgrading / Patching of OpenSSO bits

    Please feel free to add any other suggestions you may think of.

    Initial Steps
    Step 1 : Click here to invoke QuickSetup



    Choose Java Web Start option and click OK.

    Step 2: Accept the certificate : Make sure it looks something like :

    Note : The certificate will not be self signed in later releases.

    Step 3 : Wait about 25 seconds until the the following windows show up one after another:

    This is the QuickStart main user interface. Do not close this window!

    Step 4 : No action - just be patient and wait another 25 seconds for a browser window like the following shows up :



    Thats it - simply choose the appropriate configuration option - the configurator wizard will guide thru rest of the steps.

    Trying out Federation

    You must have already noticed that the steps above automatically start a OpenSSO instance : http://localhost:28080/opensso.
    For exercising Federation functionality (Eg : SAML2) you need at least two opensso instances in two different domains.

    Initial Preparation : Setup /etc/hosts (or equivalent) to add fully qualified hostnames to represent a Service Provider and Identity Provider respectively : eg :
    127.0.0.1 localhost www.idp1.com, www.sp1.com
    Install two instances using The QuickSetup Web Start UI.
    For example :
    Enter sp , click "Deploy" - wait 25 seconds for a configrator widow similar to the one in Step 4 above to show up. Change the URL to your SP installation. E.g. : http://www.sp1.com:28080/sp.
    Configure using this OpenSSO instance configurator wizard and the use Service Provider task flow to set this instance as a Service Provider.
    Back to Webstart window - enter "idp" and click "Deploy". Same steps above, except this time change url to : http://www.idp1.com:28080/idp and configure this instance as a Identity Provider.

    Stopping OpenSSO

    CLick "Exit OpenSSO" button on Webstart window. This will shutdown all opensso instances.

    Re-starting OpenSSO

    Invoking QuickSetup again restarts the default opensso instances - it will all use the configuration setup earier. Ie you dont need to configure it again. To restart other OpenSSO instaces configured earlier, use the QuickSetuo UI to enter the deploy uri and click "Deploy". To unconfigure a given instance, stop OpenSSO, remove the configuration directory provided during setup and reinvoke webstart.

    Misc Notes/Known Issues

  • QuickSetup creates and uses $HOME/OpenSSOQuickSetup on your desktop - and for a single instance may use up as much as 256MB disk space.
  • QuickSetp needs Java SE 1.5+ installed.
  • Linux 64bit x86 does not support Java Web Start
  • There are some issues reported on come Windows Vista and MAC systyems in that QuickSetup fails to start. Debug dumps can be found under : $HOME/OpenSSOQuickSetup directory.
  • Limiting WebSetup permissions to report and sandbox within $HOME/OpenSSOQuickSetup is being worked on.
  • Currently the jars are signed with a self signed certificate. This issue will be resolved.
  • Comments:

    Great article.

    Posted by hgh on February 05, 2009 at 11:21 PM PST #

    The Open Web SSO project (OpenSSO) provides core identity services to simplify the implementation of transparent single sign-on (SSO) as a security component in a network infrastructure. OpenSSO provides the foundation for integrating diverse web applications that might typically operate against a disparate set of identity repositories and are hosted on a variety of platforms such as web and application servers. This project is based on the code base of Sun JavaTM System Access Manager, a core identity infrastructure product offered by Sun Microsystems.

    Posted by Donna Ramirez on January 04, 2011 at 06:34 PM PST #

    Post a Comment:
    • HTML Syntax: NOT allowed
    About

    rajeev

    Search

    Categories
    Archives
    « April 2014
    SunMonTueWedThuFriSat
      
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
       
           
    Today