Tuesday Mar 18, 2008

From the Trenches - Jamie Nelson on Web Access Management

Sun Developer Network tech author Marina Sum starts a new series of interviews this week with OpenSSO's benevolent dictator and Sun's director of engineering for access and federation management, Jamie Nelson (my boss, so I'd better be careful here!).

In the interview, Jamie explains how web developers need to consider security, but, at the same time, avoid hard-coding it into their apps. Some great tips and useful links for any web developer - read the article here!

Thursday Feb 07, 2008

FAMTalk 02: Federation

I just uploaded the second FAMTalk podcast - this time, I have the host's seat, presenting 'Federation', with a particular focus on SAML 2.0. You can download a PDF plus MP3 or AAC files from FAMTalk.org, or simply subscribe to FAMTalk via iTunes or RSS.

We had some frustrating technical problems recording this episode - the Sony USB headset (UAB-260) I was using developed an annoying crackle about halfway through the program. Unplugging, replugging, rebooting - nothing made it work for more than a few minutes at a time. After wrestling with it for an hour, we decided to just record the outro segment together and I ordered a Griffin iMic to replace the Sony USB Audio box (the headset itself seemed ok) to fill in the gap on my own.

The funny thing was, I got a bit of a cold between the first recording and the second, so the transitions between the different segments are quite obvious - you can hear me get sick and recover, all within an hour

Wednesday Jan 23, 2008

Holed up in Vegas at FAMFest

At the Tropicana in Las Vegas, hard at work on a new generation of product demos for Federated Access Manager 8.0. Lots of folks here from Sun's SE community and the product group. Lots of bloggers, too - looking around the room I can see Terry, Rajeev, Derrick, Daniel, Sidharth, Wajih, Mark, Scott, Nick and Jeff - nearly half the attendees, in fact.

Friday Jan 18, 2008

Fine-Grained Authorization with Sun Java System Access Manager

Following on from last June's Sun Developer Network article on Basic Authorization with Sun Java System Access Manager, Robert Skoczylas of Indigo Consulting and Sun tech author Marina Sum recently published a second article, Developing Secure Applications with Sun Java System Access Manager, Part 2: Advanced Authorization.

This time, Robert and Marina look at how Sun Java System Access Manager can be used as a general purpose policy store, and, with some customization, can provide fine-grained authorization for UI elements rendered by both Java and .NET web applications. This is a great article to read if you've wondered how Access Manager can be used to authorize access to resources other that the usual web page URLs.

Tuesday Dec 18, 2007

Introducing FAMTalk

As Terry Sigle blogs today, FAMTalk (feed) went live this week. FAMTalk is a monthly podcast focusing on federation and access management (the FAM of the title) and their implementation in Sun Java System Federated Access Manager (the forthcoming next version of Access Manager) and OpenSSO. Your regular hosts will be Tim Campbell (Sun Partner Enablement), Steven Jarosz (Sun Americas Software SE - Federal), Terry (Sun Americas Software SE - Telco) and me (OpenSSO 'community guy').

In episodes 1a and 1b (we split the original 1hr 40mins or so in two), Tim presents Access Manager 101. You can download a PDF plus MP3 or AAC files from FAMTalk.org, or simply subscribe to FAMTalk via iTunes or RSS. Apparently the AAC files include the slides, which should play in sync with the audio on many iPods. I need to go check it out on my iPhone and see how it looks...

FAM 8.0 Puts the 'Full' in 'Full-Matrix SAML 2.0 Interoperability Testing'

As you might have just read, Liberty Alliance recently completed its first 'full matrix' SAML 2.0 interoperability test. Not only was Sun amongst the successful participants with its upcoming Federated Access Manager 8.0 product, we were the only participant to successfully test every conformance mode. Daniel, of course, beat me to the punch on this one, though I like to think my entry is laid out a little more neatly

I'll also take this opportunity to point out that, although Federated Access Manager 8.0 is scheduled for release next year, you can get the code and binaries right now via the OpenSSO project - in fact, we just released 'build 2' of OpenSSO v1, which includes the tested code.

Monday Nov 12, 2007

I'm the Leader, I'm the Leader...

...I'm the Leader of the Gang (I Am)!!! I know - Gary Glitter has fallen long and hard, but it's still a great song and appropriate for today - Gartner has placed Sun Java System Access Manager in the leader quadrant of their Magic Quadrant for Web Access Management, 2H07 [PDF]. I happen to think that they have under-rated us somewhat on our completeness of vision, but I can't argue with the rating on ability to execute.

One thing worth mentioning is that one of the 'cons' listed for Sun - "Sun does not support ADFS/WS-Federation in its federation tools" - will be addressed in the next release - Federated Access Manager 8.0 - and is already in OpenSSO. So, if your existing infrastructure leans to the MS side, but you need world-class web access management, federation, identity web services and more, scoot on over to OpenSSO and take a look.

Friday Nov 02, 2007

Access Manager FAQs and Identity Services at Sun Developer Network

It's been a busy couple of weeks, what with a trip to Tokyo, a typhoon on the day I flew out, an earthquake at home and the usual backlog of 1000 emails that follows any trip away from the office, so please excuse the recent dearth of blog entries!

On returning, I was pleased to see Sun Developer Network's identity pages have continued their expansion. The latest additions are:

Kudos to Marina and Aravindan for their tireless work on the Sun Developer Network identity pages - if you're working with Sun Java System Access Manager and related products, you should definitely subscribe to the feed .

Monday Oct 01, 2007

FAM 8.0 Build 1 is here!

Last Friday we declared 'build 1' of Sun Java System Federated Access Manager 8.0. This is the initial build (from the OpenSSO code) that we (engineering) handed off to QA to start the official countdown to FAM 8.0. Congratulations to both the FAM engineering team and the wider OpenSSO community on this huge milestone.

You might have seen Daniel's outline of the new features in FAM 8.0 - some of these goodies, such as WS-Federation and web services security, are in build 1; others, such as centralized server and agent config, will arrive later. As Daniel mentions, heterogeneity is a big focus in this release - the release notes cover installation on a host of containers - Glassfish v2/Sun Java System Application Server 9.1, Sun Java System Web Server 7.0 U1, BEA WebLogic Server 9.2 and 10.0, IBM Websphere Application Server 6.1, Oracle Application Server 10g, and Apache Tomcat 5.5.x.

So, grab the zip, throw it on your favorite container and let us know of any issues! (You'll need to be a project member to file an issue - join OpenSSO here.)

Thursday Sep 13, 2007

SSO from Sun Java System Access Manager to Outlook Web Access 2003

Completing our trilogy of articles on integrating Sun Java System Access Manager with Microsoft web applications is Sun and Microsoft Interoperate for Web Authentication, Part 3 - Sun Java System Access Manager and Microsoft Outlook Web Access for Exchange Server 2003. This time, Marina Sum, our resident technical author, and Madan Ranganath, Access Manager policy agent engineer, focus on single sign-on from Access Manager to OWA 2003.

If you work your way through the first two installments, covering IIS and SharePoint Portal Server 2003, and this final article, you'll know pretty much all there is to know about single sign-on between Access Manager and Microsoft's web applications.

Monday Aug 27, 2007

Apply Web Services Security to EJB Applications

At JavaOne 2007 earlier this year, Aravindan Ranganathan and Malla Simhachalam presented a hands-on lab titled Securing Identity Web Services. The lab showed how to provide different levels of stock quote service according to the identity of an end-user - authenticated users see real-time stock data while 'guests' see delayed quotes.

Since then, Malla, Mrudul Uchil and Marina Sum have written up the lab tutorial as a three-part series of articles showing how identity can be carried from an incoming web services request right through to an EJB. The sample application shows the request and response messages graphically, and provides links to the XML message data - a particularly nice feature that shows exactly what is going on.

Highly recommended for anyone putting together the pieces of web services, identity and EJB apps.

Thursday Jul 26, 2007

SSO from Sun Java System Access Manager to SharePoint Portal Server 2003

Back in December of last year, Marina Sum and I co-wrote the article Sun and Microsoft Interoperate for Web Authentication, Part 1. In that article we examined how Sun Java System Access Manager's policy agents work with Microsoft Internet Information Server (IIS) to provide single sign-on and authorization in a heterogeneous environment. At the end of the piece, we promised further articles on integration with SharePoint Portal Server 2003 and Outlook Web Access in Microsoft Exchange 2003.

Well, it's been a while, but the planets finally aligned for Robertis Tongbram, Access Manager policy agent engineer, and Marina to create the second article (deep breath): Sun and Microsoft Interoperate for Web Authentication, Part 2 - Sun Java System Access Manager and SharePoint Portal Server 2003. The article works from the basics of authentication and authorization in SharePoint to configuring single sign-on between Access Manager and SharePoint via the policy agent. If you're wrestling with SharePoint, I recommend you go take a look.

Monday Jun 25, 2007

Basic Authorization with Sun Java System Access Manager

As I reported yesterday at The Aquarium, Robert Skoczylas of Indigo Consulting and Sun tech author Marina Sum just published Developing Secure Applications with Sun Java System Access Manager, Part 1: Basic Authorization at Sun Developer Network. This article, part 1 of a series, presents a case study of implementing authentication, single sign-on, and authorization at a fictional health-care insurance company.

There's some really good stuff in there - Robert and Marina work from a high-level description of the problem right down to specific Access Manager customizations. In particular, the detailed description of customizing Access Manager's policy framework is well worth the read for anyone working with, or evaluating, Sun Java System Access Manager.

Wednesday Jun 20, 2007

Lost my Wikipedia Virginity

I was nosing about on Wikipedia the other day when I noticed a link to a page for Sun Java System Access Manager. The link went to the standard 'editing' page, so I decided to register at Wikipedia and create my first entry. Quite painless. The entry is a stub, and I'm not sure how much I can add without falling foul of Wikipedia's policy on spam. As it stands, I think the stub is useful context, particularly as the link was already present in a couple of pages. I guess I'll sit back and see if anyone posts a request for expansion.

Tuesday Apr 24, 2007

SSO from Sun Java System Access Manager to SAP via SAML

I'm in Brussels this week for the Liberty Alliance Plenary Meeting and IOS Brussels, but, back at the ranch in California, the Sun Developer Network folks have released another technical article on Access Manager: Achieving SSO With Sun Java System Access Manager and SAML, a look at how to integrate Access Manager with a third party application - in this case SAP NetWeaver Enterprise Portal 2004s - via SAML.




« July 2016