Friday Sep 18, 2009

Leaving Here

They say that all good things come to an end; today, that's true for both Superpatterns at blogs.sun.com and my nearly ten year tenure at Sun. It's certainly been a wild ride, and I've enjoyed (almost!) every minute of it! My blog will move to blog.superpat.com (If you've been using the FeedBurner feed, there's no need to make any changes) at some point in the next day or so, and I'll be starting a new job on Monday.

I'm setting up the new blog right now (thanks to Arun Gupta for his suggestion of WordPress hosting at GoDaddy), and I'll be blogging on my new gig next week. In the meantime, here's 'Leaving Here' from the mighty Motörhead:

By the way, fellow pedants, it's 'Leaving Here' (with a 'g') - the YouTube caption is wrong. Evidence.

Tuesday Sep 15, 2009

Easier Microsoft Active Directory Connectivity in OpenSSO Express 8

It's nice to see your RFE's implemented, and that's exactly what happened with OpenSSO issue # 4053: Active Directory configuration should use AD domain name rather than LDAP host/port. I saw Kohsuke's blog entry on More Active Directory integration in Java a little while ago and realized that we could take exactly the same approach in OpenSSO - prompt the admin for the Active Directory domain name rather than a host name and port number.

As Kohsuke mentions, this has a number of advantages - every AD admin knows the domain name, while many would likely have to go look up an individual host name, not to mention the LDAP port number. Since we use the domain name to look up an individual AD controller via DNS, it also means that the admin doesn't need to update OpenSSO's configuration as AD controllers come and go - OpenSSO will always get a valid host name from DNS.

So, when configuring OpenSSO Express 8, you can now just specify the AD domain name. As improvements go, this one is pretty small, but, as I think everyone agrees, the cumulative effect of all these little improvements in OpenSSO over the past two or three years has been HUGE...

Friday Sep 11, 2009

OpenSSO Tab Sweep - Sep 11 2009

Wow - it's been months since the last OpenSSO tab sweep. Anyway - here's a collection of the latest news from the world of OpenSSO:

Now I can close a few Firefox tabs and relax. Have a good weekend, everyone!

Friday Sep 04, 2009

OpenSSO Express Build 8 Released

A few weeks ago, I blogged about the impending release of OpenSSO Express Build 8; well, the OpenSSO engineers have been hard at work since then, and Express 8 was officially released yesterday.

Among the new features:

Much more detail in the OpenSSO Express 8 release notes. If you're wondering just what an 'Express Build' of OpenSSO is, the FAQ reveals all.

Download OpenSSO Express 8 now!

Wednesday Aug 19, 2009

OpenSSO, Jack Adams and me

At OSCON a few weeks ago, I spent a little time with OpenSolaris enthusiast Jack Adams (who doesn't seem to have his own page, but is often in the company of Bruno Souza and Deirdré Straughan), chatting about the basics of OpenSSO, single sign-on and federation. Luckily, it was all caught on video...

Tuesday Aug 18, 2009

Free Webinar: OpenSSO Express for Improved SSO

Daniel Raskin

Short notice, but if you have a spare hour tomorrow (Wednesday August 19th 2009) morning, Daniel Raskin, Sun's Chief Identity Strategist, and I will be presenting a webinar titled OpenSSO Express for Improved SSO. Join us at 10am PDT/1pm EDT/7pm CET for an update on the very latest features in OpenSSO Express 8 and beyond, such as mobile one-time passwords, the Fedlet for .Net, SalesForce.com integration and OAuth.

Monday Aug 17, 2009

Securing REST Web Services With OAuth

It's been a while since the last OpenSSO article at Sun Developer Network (the excellent, three-part, Troubleshooting OpenSSO with Firefox Add-Ons), but Malla and Rick have come up trumps with Securing REST Web Services With OAuth.

The article recasts the tried and true 'stock quote sample' as a RESTful web service with access protected by OAuth via OpenSSO and Jersey (Sun's open source implementation of JAX-RS, aka JSR 311). This is technology that has hitherto only been demonstrated in a demo at JavaOne 2009, so it's great to see it being successfully applied here.

Go read the article and discover how OpenSSO, Jersey and OAuth combine to secure RESTful web services!

Thursday Aug 13, 2009

A Dedication to Don Bowen at LIVESTRONG Action

Reformatted from the 'tell-a-friend' email provided by the LIVESTRONG website:

I just joined Don Bowen's dedication page at LIVESTRONG Action. Don Bowen inspired someone close to me to commit to end cancer, and now I've joined with them.

This page is a part of the world's largest dedication book that LIVESTRONG Action will use to pressure world leaders to do more to fight cancer. If we can collect enough names in the book, it will have a real impact when Lance Armstrong delivers it - but we need more signatures.

Can you take a moment to add your name to the dedication page?

http://www.livestrongaction.org/dedication/don-bowen

Lance Armstrong recently dedicated his ride in the Tour de France to the fight against cancer. Now that the race is over, he'll send this dedication book - with your signature - to world leaders and pressure them to make cancer a priority in their own countries. It's our best chance to push for better treatment, more funding for cancer research and access to care for everyone around the world.

But if people like us don't stand up, these leaders won't pay attention.

Will you check out the dedication page? Don Bowen inspired me to take action - hopefully they'll inspire you to do the same:

http://www.livestrongaction.org/dedication/don-bowen

Great idea, Melanie!!!

Tuesday Aug 11, 2009

OpenSSO Single Sign-on Extension for MediaWiki

Following the recent trio of OpenSSO Extensions targeting PHP CMS applications (see my previous entries covering the extensions for Drupal, WordPress and Joomla), I decided to look at MediaWiki, the PHP application powering Wikipedia and many other wikis across the web.

In common with the CMS apps, MediaWiki has a very pluggable architecture, making implementation of a single sign-on extension very straightforward, and I was able to get an initial implementation done in a few hours. The user interface is very like the WordPress plugin: just click on the regular 'log in' link to be sent to OpenSSO to authenticate; on returning to MediaWiki, the extension validates the OpenSSO cookie and uses it to retrieve the username from OpenSSO, setting up the MediaWiki session.

There is a README and source code - also available via CVS, and I've added the new provider plugin to the list on the OpenSSO Extensions page. As always, note that none of these extensions are supported by Sun, and all should be considered 'proof of concept' quality - they likely need a bit more polish (and lots more testing!) before being deployed into production.

I think that about wraps up the PHP extension story for the time being - we now have plugins for the four most common PHP web apps. Do leave a comment if you think there is another we should cover.

Tuesday Aug 04, 2009

links for 2009-08-04

Monday Aug 03, 2009

links for 2009-08-03

Saturday Aug 01, 2009

OpenSSO Single Sign-on Plugin for Joomla

I was lucky enough to be able to spend some time at Burton Catalyst this last week with Pamela Dingle, looking at how to get started writing an OpenSSO plugin for Joomla to complement the plugins I recently wrote for Drupal and Wordpress. Pamela, well known for her work on PHP Information Card plugins at The Pamela Project, quickly pointed me in the right direction, and it didn't take me long after that to get something working - thanks, Pam!

The Joomla plugin alters the standard process so that, on clicking the 'Login' button, users are redirected first to OpenSSO to authenticate, then back to Joomla for the plugin to retrieve the user's name from OpenSSO and create a session. I got a little bit more creative this time round; there's JavaScript to alter the Joomla login form - see the screen cap next to this paragraph.

As always, there is a README and source code - also available via CVS, and I've added the new provider plugin to the list on the OpenSSO Extensions page. Note that none of these plugins are supported by Sun, and all should be considered 'proof of concept' quality - they likely need a bit more polish (and lots more testing!) before being deployed into production.

So, that's the Drupal/Wordpress/Joomla open source PHP CMS trifecta covered... I see Pam has a MediaWiki plugin too - maybe I'll look at that next...

Monday Jul 27, 2009

OpenSSO Single Sign-on Plugin for WordPress

Encouraged by a comment on my post about the OpenSSO module for Drupal, and the amount of OpenSSO/Drupal buzz on Twitter, I decided to attack WordPress next. Although WordPress has a very different plugin model from Drupal, I was able to reuse much of the code from the Drupal module and get a basic single sign-on plugin working quite quickly. As with the Drupal module, there are certainly bugs in the WordPress plugin - in particular, I just noticed that, if you log in to OpenSSO as a user without a corresponding WordPress account, you can get into a redirect loop if you try to go to a protected page at WordPress.

As usual, there is a README and source code - also available via CVS, and I've added the new provider plugin to the list on the OpenSSO Extensions page.

So... That's two thirds of the Drupal/Joomla/Wordpress CMS trifecta covered... A competent Joomla hacker should be able to take the Drupal/WordPress work and adapt it pretty easily... Anyone want to try while I'm at Catalyst this week?

OpenSSO Express Build 8 and OpenDS SE 2.0

Flashing through the ether this morning was a press release covering OpenSSO Express 8 and OpenDS SE 2.0. Since OpenDS SE 2.0 was released a week or two ago, my colleague Ludo Poitou has documented its arrival and some of its new features in a series of blog posts:

Ludo calls out assured replication, an extension to the existing loose consistency multi-master replication feature that brings tighter consistency of data between replicas, as the biggest innovation in OpenDS 2.0; I know it's making an impact because, the very next day after OpenDS 2.0 was released I was approached by an attendee at the Community Leadership Summit singing its praises!

Over in OpenSSO-land, we're putting the finishing touches to OpenSSO Express Build 8, due for release in a couple of weeks time. This release will include our new Mobile One Time Password feature, the Fedlet for .Net and a new task flow for enabling single sign-on to Salesforce.com and a whole host of other goodies, so watch this space for its availability!

So, what's an Express Build? Well, as I mentioned when we released OpenSSO Express Build 7, back in April, Express Builds are supported 'snapshots' of development between full 'OpenSSO Enterprise' releases, allowing customers to get support on new features without waiting months for the full release. The key difference between Express builds and Enterprise builds is that fixes to Express builds are rolled into the next Express build, along with new features, while Enterprise builds have 'bug fix only' service packs and hot patches available for paying customers. Obviously, Express builds aren't for everybody, but we're finding that they work well for a lot of folks. There's lots more information and a FAQ at the OpenSSO wiki.

Saturday Jul 25, 2009

OpenSSO Single Sign-on Module for Drupal

Drupal is one of the leading open source content management systems - some would say the leading open source CMS. We've had a few requests over the years for OpenSSO/Drupal integration, but no one has hitherto stepped forward. Finding myself with a few spare hours over the last few days, I decided to investigate.

It turns out that, thanks to Drupal's extensibility through modules and OpenSSO's identity services, it's pretty straightforward to get something working. So I did. There is now an OpenSSO module for Drupal [ README | Source - also available via CVS]. I'm no expert in either PHP or Drupal, so there may well be bugs, but it seems to work well, checking for the OpenSSO cookie when users attempt to access Drupal, redirecting them to OpenSSO to authenticate if necessary, and retrieving a Drupal username from the user's OpenSSO profile before setting up the user's Drupal session.

If there's sufficient demand, I'll look at going through the process to contribute this to Drupal under GPL, until then, it's available under CDDL as an OpenSSO Extension.

About

superpat

Search

Archives
« April 2014
MonTueWedThuFriSatSun
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
    
       
Today