Thursday Jul 05, 2012
Wednesday Jan 04, 2012
By Scott Fehrman on Jan 04, 2012
Version 2.0 "shipped"
The Project Open Provisioning ToolKit (OpenPTK) http://www.openptk.org has released version 2.0. It has been "tagged" in the svn repository. See the project download page for access instructions ... https://sites.google.com/a/openptk.org/docs/release-2-x/v2-0-download
Release 2.0 of Project OpenPTK builds on the success of Release 1.x.
The goal ... enable developers to create custom interfaces to a variety of repositories....
Release 2.0 gives the developer more choices for how they want to create custom interfaces. Release 2.0 supports more back-end repositories: SPML 1 and 2, LDAP, JDBC, Oracle Identity Manager 11g.
Here is a summary of the major new features in version 2.0:
- Servlet-Based (Engine Architecture)
- RESTful-based Web Service
- Service / Operation Level Configuration
- Client-Side Java API
- Models, Views and Relationships
- Definition Functions
- Enhanced Search
For full details, see the OpenPTK version 2.0 Release Notes:
Monday Aug 25, 2008
By Scott Fehrman on Aug 25, 2008
Last week I got an email from a developer that is using Project OpenPTK. They want to use HTTPS/SSL to secure communications between the Sun Identity Manager and an OpenPTK-enabled application.
I was pretty sure this was "do-able" but I have not had a chance/need to configure OpenPTK using HTTPS/SSL. With that said, I did some research, contacted some co-workers, and set-up a little test lab. The process is relatively straight forward, I used two Glassfish domains (SPML-Server / SPML-Client) and self-signed certificates:
- Configure OpenPTK applications to use SSL/HTTPS
- Replace the default certificate on the SPML-Server (Sun Identity Manager)
- Add the certificate to the SPML-Client (OpenPTK-enabled Application)
The complete (detailed) process is documented in the Project OpenPTK Release 1.1 Installation Guide
Saturday Aug 23, 2008
By Scott Fehrman on Aug 23, 2008
This past Thursday evening we had our third meeting. Sun hosted the meeting in their Itasca, IL office. The attendees included the local Sun Identity team, partners (Laurus Technologies) and users (United Airlines, Motorola, Kraft Foods, Northeastern Illinois University).
To "kick-off" the meeting, the Sun Identity team asked the User Group community for help ... Leveraging the wikis.sun.com site, they started a new collaboration site focused at sharing Identity Manager knowledge. http://wikis.sun.com/display/sunidmdev is a wiki site where registered users can share their workflows, forms, and other artifacts with the community.
|6:00 - 6:30||Greetings and Catered Dinner|
|6:30 - 6:45||Introductions|
|6:45 - 7:30||What's New with Identity Manager and Role Manager|
|7:30 - 7:45||Break|
|7:45 - 8:30||Integrating Identity Manager and Access Manager (OpenSSO)|
|8:30 - 9:00||User Group business|
The first presentation was given by the Identity folks at Sun. They gave an overview of Identity Manager 8.0 and Role Manager 4.0. They covered the new features, integration points and a roadmap. The second presentation was given by Laurus Technologies. They gave a presentation and demonstration related to how you can integrate Identity Manager with Access Manager (they actually used OpenSSO, very cool).
During the "business" part of the meeting, we talked about how to improve the User Group. Here is what the members asked for:
- Want to hear customer stories
- Have meetings during business hours
- Allow remote attendance (webex)
|8:30 - 9:00||Greetings and Breakfast|
|9:00 - 9:45||Customer Story: Motorola|
|9:45 - 10:30||Customer Story: To Be Confirmed|
|10:30 - 11:00||User Group business|
Sun Microsystems, Inc. Two Pierce Place 15th Floor, Skyline Conference Room Itasca, IL 60143
- Sun Role Manager SOD and Compliance
- Sun Identity Manager and and Access Manager integration
- Directory Server non-people use
- Federated Access Manger 8 feature update
- Sun JavaCaps 6 feature update
- Password Sync with Active Directory
- Identity Manager to enable business growth
- PKI integration
- Customer Stories
- Panel of Customers for Role Manager
- Identity as a software service (SaaS)
- External facing deployments
- Role Rationalizaton: best practices, customer deployments
If you wish to be imformed (sent emails) of User Group activities, please send an email to RequestChicagoIdmLUG at Sun dot COM and you will be added to the mailing list.
Thursday May 01, 2008
By Scott Fehrman on May 01, 2008
Saturday Apr 26, 2008
By Scott Fehrman on Apr 26, 2008
Wednesday Apr 16, 2008
By Scott Fehrman on Apr 16, 2008
Extending OpenPTK, the User Provisioning Toolkit by Masoud Kalali -- Project Open Provisioning ToolKit (OpenPTK) is as an open source user provisioning toolkit exposing APIs, web services, HTML taglibs, and JSR-168 portlets with user self-service and administration examples. OpenPTK hides the implementation differences between different user stores, allowing developers to use multiple stores with a common API. Masoud Kalali shows how to use and extend the toolkit.
Thursday Mar 20, 2008
By Scott Fehrman on Mar 20, 2008
OpenPTK is an open source project that provides a collection of tools and sample applications that Web and Java developers can use to integrate custom applications with user provisioning systems. Using industry standard interfaces, developers can build flexible user management applications that support Enterprise-class, department/group level and Web 2.0 type user provisioning environments.
Most intranet and Internet applications require user authentication. Applications either have an intergrated data store (e.g. RDBMS) or leverage an network service (e.g. LDAP) for validating users. Managing the "life cycle" of user data has become challenging. There are different user provisioning strategies:
- An enterprise typically implements a provisioning solution such as Sun's Identity Manager to manage user data across multiple applications and services.
- Departments (or group level) many only have a single application that has a dedicated user data store. The volume of user management activities is usually small.
- Web 2.0, Internet facing, applications typically leverage a scaleable / available network service for storing user information.
Organizations need to implement a set of basic user management capabilities. For End Users, a solution needs to provide; "Forgotten Password" and "Self Service" functionality. For User Administration, a solution needs to provide fundemental Create, Read, Update, Delete and Password operations. Provisioning solutions and user data stores most likely provide these basic user management capabilities through their native interfaces. The problem is that these native interfaces may not meet the organization's requirements. Organizations have expressed the need to intergrate user management systems with different custom "End User" experiences/interfaces. Commonly requested interfaces include:
|Remote Web Interface:||Organizations need a Web interface, for user provisioning, that can be deployed remotely from the system that host the provisioning solution.|
|Command Line Interface:||Administrators need an interface that allows them to perform provisioning from a comamnd-line interface, either interactively or from a shell script.|
|Portal / Portlet Interface:||Enterprise and Departmental organizations may have to provide user provisioning interfaces into an existing Portal infrastructure.|
|WSDL-based Web Service:||Developers need to integrate user provisioning into a SOA environment and are requiring Web Services that can be used by SOA development tools.|
Because of these requirements for custom end-user experiences, organizations will build applications that leverage different types of development environments. The "End User" application (experience) may need to support a rich-native desktop interface, a browser-based interface, a Web Service or a command-line interface. Developers will design solutions that integrate an orgaization's interface experience with the various user data stores. Developers will most likely have to learn the details related to interacting with the various user data stores. Web developers may not be prepared to deal with Java APIs that are need to access the data store(s).
Project OpenPTK is a three-tier architecture which enables developers to focus on the business application interface, not on the underlying user data store. There's a number of "Consumer Tier" interfaces which address various development options. The "back-end" user data store is abstracted through the "Service Tier". The "Framework Tier" integrates the Consumer and Service tiers while also managing configurations, logging/debugging and provisioning operations.
Project OpenPTK Architecture
Consumer Tier interfaces/examples:
|User Management Lite (UML):||A JSPs/Taglib-based web application which provides basic user administration, and self-service functions.|
|Command Line Interface (CLI):||Provides basic provisioning operations. The CLI can be part of custom scripts that administrators can use to automate provisioning tasks.|
|JSR-168 Portlets:||Provides "Forgotten Password", "Self Service" and "User Administration" capabilities. These portlets can be integrated into a customers existing JSR-168 compliant Portal server.|
|WSDL-based Web Service:||Provides User provisioning operations. Web Service clients (e.g. Java CAPS and soapUI) can reference the WSDL from this service and create custom integration solutions.|
Service Tier implementations:
|SPML:||The Service Provisioning Markup Language is the external interface used by Sun's Identity Manager user provisioning solution.|
|SPE:||Sun's Identity Manager, user provisioning solution, contains a Service Provider Edition interface for user provisioning.|
|JNDI:||The Java Naming and Directory Interface API is used to access LDAP-based (e.g. OpenDS) user data stores.|
|JDBC:||The Java Database Connectivity API is used to access Relational Database user data stores (e.q. MySQL).|
Developers can use Project OpenPTK's interfaces and APIs to handle user provisioning operations without having to worry about the back-end user data stores. User provisioning applications that leverage Project OpenPTK can easily support multiple different user data stores through the use of its flexible configuration mechanism.
Project OpenPTK is a formal open source project hosted on Java.net and is part of the Identity Management community. Project OpenPTK founders: Scott Fehrman, Derrick Harcey and Terry Sigle are Pre-Sales Systems Engineers supporting Sun's Identity Management products.
The Project OpenPTK site contains source code (via svn), documentation, distributions and tracks issues. Anyone is welcome to join the community as an Observer and please subscribe to the "user" and "announce" mailing lists.
Wednesday Jan 09, 2008
By Scott Fehrman on Jan 09, 2008
The Project OpenPTK team had their first meeting of the year. We posted the notes on openptk.dev.java.net as a new Forum called Meeting Minutes. We talked about ope issues and new ideas. Here's a summary of ideas for new features:
- JDBC Service
- RESTful Web Service
- Solaris Naming Service
Monday Dec 03, 2007
By Scott Fehrman on Dec 03, 2007
Today we posted an announcement related to a new feature that was just added to Project OpenPTK. The new feature is a Service that enables OpenPTK-based applications to provision users to LDAP-based directory servers.
Why is this important? The new LDAP/JNDI Service demonstrates that User Provisioning applications (which leverage Project OpenPTK consumer interfaces) can be abstracted from the back-end user repository. Prior to this announcement, OpenPTK-based applications could only leverage the SPML Service. Developers can now build User Provisioning interfaces that could use LDAP for Search and
Read operations while SPML would be used for
The Test Samples and Example applications provided in the Project OpenPTK source download have been tested with both LDAP/JNDI and SPML. The Command Line and User Management Lite examples can easily switch between back-end user repositories by either updating a configuration file or by specifying a context at run-time.
This is just the beginning of what the Project OpenPTK team has planned for this new LDAP/JNDI Service.
Monday Nov 12, 2007
By Scott Fehrman on Nov 12, 2007
Last Friday the Project OpenPTK team (Derrick, Terry and I) did an initial check-in of the source code. You can download the pre-built samples and browse the source code. Details related to the source code can be found on http://www.ohloh.net. Our initial check-in was about 120 files and included over 15,000 lines of code (that's minus blank lines and comments). The Javadocs for the Java API are available on http://www.openptk.org.
Friday Oct 12, 2007
By Scott Fehrman on Oct 12, 2007
In addition to my co-founders (Derrick and Terry), i'd like to thank lots of other people that helped make this project possible. The three of us put in a lot of evenings and weekends.
- My wife: I spent a few weekends and evenings writing code and having conference calls. I woke her up sometimes while dicsussing issues during 1:00 AM conference calls.
- My two boys: while they were either at swimming lessons or at Tae Kwon Do classes, I would occasionally bring my laptop to write code or read technology books for research.
- My management supported this project since day one. Thanks for supporting our vision.
- Sun's engineering, marketing, open source and legal teams.
Being a member of Project OpenPTK has allowed he to see, first hand, that Sun believes in and supports open source projects.
Friday Aug 26, 2005
By Scott Fehrman on Aug 26, 2005
Recently I had a need to configure the Sun Java System Identity Manager for provisioning users to Solaris. Identity Manager uses Resource Adapters to communicate with resources (Solaris). When you configure a Resource Adapter, you need to specify a userid/password that has the ability to execute user and group management commands. One of the options is to use the sudo utility. Solaris has a far better solution to this problem ... Role Based Access Control (RBAC).
I documented the process of setting up a new Solaris Role (Identity Management) and the creation of a "proxy user" (idmadm). This step-by-step process is available as an article from the BigAdmin Feature Article site.
Wednesday Aug 10, 2005
By Scott Fehrman on Aug 10, 2005
I use Solaris 10 to demonstrate the Sun Java System Identity Manager. Setting up Identity Manager on Solaris 10 was easy, it had everything I needed ... a JSP/Servlet container and an RDBMS. Solaris 10 had Apache/Tomcat and MySQL already installed.
By default, Apache/Tomcat and MySQL used traditional start-up scripts. I decided to create a Solaris 10 SMF service for Identity Manager. I ended up creating two services, one for the MySQL database and the other for Apache/Tomcat. The Identity Manager service (idmgr) has a dependancy on the MySQL service (mysql).
Documenting my Solaris 10 SMF experiences evolved from my journal "chicken scratchings" to emailed notes to finally a technical whitepaper. The whitepaper was an internal only document. Thanks to a bunch of great co-workers we got it posted as a BigAdmin Feature Article. You can get it here.
If you're thinking about creating your own Solaris 10 service, take a look at the article. It includes step-by-step instructions and manifests that can be modified for your specific service.
- Adding RESTful Web Services to Oracle Identity Manager 11g
- Project OpenPTK Release 2.1 Available
- Programmatically Provisioning Users via Oracle Identity Manager's Java API
- CAPTCHA and Identity Manager
- Project OpenPTK v2.0 released
- One Year Later
- Project OpenPTK 2.0.0 development has started
- Secure SPML communications
- Third Meeting: Chicago-Area Identity Management User Group
- wikis.sun.com a perfect fit
No bookmarks in folder
No bookmarks in folder
No bookmarks in folder