SSOCircle Full GlassFish adoption questionnaire responses from SSOCircle's Hu Liu.

Date : October 2008

Can you tell us about the application, site, or service in which you have adopted OpenSSO?

SSOCircle is an open identity provider that supports multiple protocols. It is the first stop if you are interested in federation and you want to see it working in real life. If attracted your interest, get a single sign on impression without the hassle of installation and configuration (although OpenSSO is easy and quick to install - typing is unbeatable fast )

You can use SSOCircle as your personal identity provider for SAML, OpenID and other protocols. As a Service Provider you are able to integrate your service and offer Single Sign On comfort to your users.

Our new offering "IDPee" is a white label identity provider hosting service, which offers private IDPs to small and medium sized businesses.

One of our goal always was to improve security through better authentication mechanism. Signing in with X.509 certificate (software and hardware based tokens) or one time password tokens (OTP) allow you to protect your users from phishing attacks or people stealing passwords, especially at public internet spots. By using the SAML2 authentication context, service providers can determine a minimum level of security the user authentication must comply with.

For more information please read the Liberty Alliance case study on SSOCircle published this year.

How and when did you first find out about OpenSSO?

We followed OpenSSO since its beginning. The time Sun decided to open source its access manager product

Did you go through an evaluation process before selecting OpenSSO?
If so, can you tell us a little bit about the process and results?

Due to the nature of SSOCircle as a free offering, we needed a free and adaptable open source software product. For us OpenSSO is more than just open source software.

We call it an open source product and in the identity subject it is a unique offering.

What specific version of OpenSSO are you using?

One of the earlier builds, as we started the project at the end of 2006 

On what container (application server/web server) do you run OpenSSO?
Do you use the same container for both development and production deployment?

Apache tomcat.

On what operating system do you run OpenSSO?
Do you use the same OS for both development and production deployment?

Linux ( Debian and OpenSuse ) 

Have you purchased a OpenSSO license? If not, have you thought about doing so and do you know it includes support for both the commercial OpenSSO Enterprise release and OpenSSO Express builds?
(more details from

Not at that point.

What specific features or modules of OpenSSO are you using?

Federation modules ( mainly SAMLv2 ), authentication modules for Certificate, OneTimePassword and MSISDN authentication.

OpenID extension.

Site configuration for running OpenSSO on geographically distributed servers.

Are you using any other commercial or open source access management solutions?
(Examples include JA-SIG CAS, Tivoli Access Manager, CA SiteMinder)


What do you like most about OpenSSO?

It is the most feature rich and scalable access management solution.

What would you most like to see improved in or added to OpenSSO?

Oauth integration

Are there any figures about the scale of your adoption which you would like to share (such as how many users are you supporting, how many applications have you SSO-enables, how many partners are you federating to, how much traffic is being handled, how many servers are used, how much admin/developer time went into your OpenSSO deployment)?

We have now >1000 users and some beta customers for IDPee. As SSOCircle is an open Identity Provider, we see many people integrating their own SPs for development, testing use and even started to integrate the configuration in their software distribution. Summing up to a number of 73 integrated federation partners. 

How has OpenSSO performed since your application went live?  Have you run into any production issues which you would attribute to OpenSSO?

No problems

Would you recommend OpenSSO to others? Why?

Yes, it is more than just open source software. It is a well documented and mature open source product and comes with a fully scalable architecture.

How does OpenSSO figure in your future plans?
(For example, using additional functionality like federation or web services, or expanding the scope of single sign-on from employees to customers)

OpenSSO is the core of our IDP offerings and will continue to play a key role in our service.

How would your describe your participation in the OpenSSO project
(e.g. user only, submitter of bug reports and RFEs, developer who has contributed code)?

User and submitter of bug reports and RFEs. We have been the first to show how OpenSSO can work together with "Google Apps for your Domain".

We consider ourselves as a professional opensso power deployer.