Tuesday Sep 15, 2009

Easier Microsoft Active Directory Connectivity in OpenSSO Express 8

It's nice to see your RFE's implemented, and that's exactly what happened with OpenSSO issue # 4053: Active Directory configuration should use AD domain name rather than LDAP host/port. I saw Kohsuke's blog entry on More Active Directory integration in Java a little while ago and realized that we could take exactly the same approach in OpenSSO - prompt the admin for the Active Directory domain name rather than a host name and port number.

As Kohsuke mentions, this has a number of advantages - every AD admin knows the domain name, while many would likely have to go look up an individual host name, not to mention the LDAP port number. Since we use the domain name to look up an individual AD controller via DNS, it also means that the admin doesn't need to update OpenSSO's configuration as AD controllers come and go - OpenSSO will always get a valid host name from DNS.

So, when configuring OpenSSO Express 8, you can now just specify the AD domain name. As improvements go, this one is pretty small, but, as I think everyone agrees, the cumulative effect of all these little improvements in OpenSSO over the past two or three years has been HUGE...

Friday Sep 11, 2009

OpenSSO Tab Sweep - Sep 11 2009

Wow - it's been months since the last OpenSSO tab sweep. Anyway - here's a collection of the latest news from the world of OpenSSO:

Now I can close a few Firefox tabs and relax. Have a good weekend, everyone!

Friday Sep 04, 2009

OpenSSO Express Build 8 Released

A few weeks ago, I blogged about the impending release of OpenSSO Express Build 8; well, the OpenSSO engineers have been hard at work since then, and Express 8 was officially released yesterday.

Among the new features:

Much more detail in the OpenSSO Express 8 release notes. If you're wondering just what an 'Express Build' of OpenSSO is, the FAQ reveals all.

Download OpenSSO Express 8 now!

Wednesday Aug 19, 2009

OpenSSO, Jack Adams and me

At OSCON a few weeks ago, I spent a little time with OpenSolaris enthusiast Jack Adams (who doesn't seem to have his own page, but is often in the company of Bruno Souza and Deirdré Straughan), chatting about the basics of OpenSSO, single sign-on and federation. Luckily, it was all caught on video...

Tuesday Aug 18, 2009

Free Webinar: OpenSSO Express for Improved SSO

Daniel Raskin

Short notice, but if you have a spare hour tomorrow (Wednesday August 19th 2009) morning, Daniel Raskin, Sun's Chief Identity Strategist, and I will be presenting a webinar titled OpenSSO Express for Improved SSO. Join us at 10am PDT/1pm EDT/7pm CET for an update on the very latest features in OpenSSO Express 8 and beyond, such as mobile one-time passwords, the Fedlet for .Net, SalesForce.com integration and OAuth.

Monday Aug 17, 2009

Securing REST Web Services With OAuth

It's been a while since the last OpenSSO article at Sun Developer Network (the excellent, three-part, Troubleshooting OpenSSO with Firefox Add-Ons), but Malla and Rick have come up trumps with Securing REST Web Services With OAuth.

The article recasts the tried and true 'stock quote sample' as a RESTful web service with access protected by OAuth via OpenSSO and Jersey (Sun's open source implementation of JAX-RS, aka JSR 311). This is technology that has hitherto only been demonstrated in a demo at JavaOne 2009, so it's great to see it being successfully applied here.

Go read the article and discover how OpenSSO, Jersey and OAuth combine to secure RESTful web services!

Saturday Aug 01, 2009

OpenSSO Single Sign-on Plugin for Joomla

I was lucky enough to be able to spend some time at Burton Catalyst this last week with Pamela Dingle, looking at how to get started writing an OpenSSO plugin for Joomla to complement the plugins I recently wrote for Drupal and Wordpress. Pamela, well known for her work on PHP Information Card plugins at The Pamela Project, quickly pointed me in the right direction, and it didn't take me long after that to get something working - thanks, Pam!

The Joomla plugin alters the standard process so that, on clicking the 'Login' button, users are redirected first to OpenSSO to authenticate, then back to Joomla for the plugin to retrieve the user's name from OpenSSO and create a session. I got a little bit more creative this time round; there's JavaScript to alter the Joomla login form - see the screen cap next to this paragraph.

As always, there is a README and source code - also available via CVS, and I've added the new provider plugin to the list on the OpenSSO Extensions page. Note that none of these plugins are supported by Sun, and all should be considered 'proof of concept' quality - they likely need a bit more polish (and lots more testing!) before being deployed into production.

So, that's the Drupal/Wordpress/Joomla open source PHP CMS trifecta covered... I see Pam has a MediaWiki plugin too - maybe I'll look at that next...

Monday Jul 27, 2009

OpenSSO Single Sign-on Plugin for WordPress

Encouraged by a comment on my post about the OpenSSO module for Drupal, and the amount of OpenSSO/Drupal buzz on Twitter, I decided to attack WordPress next. Although WordPress has a very different plugin model from Drupal, I was able to reuse much of the code from the Drupal module and get a basic single sign-on plugin working quite quickly. As with the Drupal module, there are certainly bugs in the WordPress plugin - in particular, I just noticed that, if you log in to OpenSSO as a user without a corresponding WordPress account, you can get into a redirect loop if you try to go to a protected page at WordPress.

As usual, there is a README and source code - also available via CVS, and I've added the new provider plugin to the list on the OpenSSO Extensions page.

So... That's two thirds of the Drupal/Joomla/Wordpress CMS trifecta covered... A competent Joomla hacker should be able to take the Drupal/WordPress work and adapt it pretty easily... Anyone want to try while I'm at Catalyst this week?

Saturday Jul 25, 2009

OpenSSO Single Sign-on Module for Drupal

Drupal is one of the leading open source content management systems - some would say the leading open source CMS. We've had a few requests over the years for OpenSSO/Drupal integration, but no one has hitherto stepped forward. Finding myself with a few spare hours over the last few days, I decided to investigate.

It turns out that, thanks to Drupal's extensibility through modules and OpenSSO's identity services, it's pretty straightforward to get something working. So I did. There is now an OpenSSO module for Drupal [ README | Source - also available via CVS]. I'm no expert in either PHP or Drupal, so there may well be bugs, but it seems to work well, checking for the OpenSSO cookie when users attempt to access Drupal, redirecting them to OpenSSO to authenticate if necessary, and retrieving a Drupal username from the user's OpenSSO profile before setting up the user's Drupal session.

If there's sufficient demand, I'll look at going through the process to contribute this to Drupal under GPL, until then, it's available under CDDL as an OpenSSO Extension.

Thursday Jul 16, 2009

New and Updated OpenSSO Extensions - CAS, Information Cards and VALid

I've written many times over the past couple of years on OpenSSO's Extensions - modules, mainly contributed from the wider community, that extend or interoperate with OpenSSO in interesting ways - from a Ruby SAML 2.0 service provider to authentication modules for Yubikey, Hitachi Finger Vein Biometric and more.

I just got done adding an authentication module for JA-SIG CAS, kindly contributed by Qingfeng Zhang, so it seems like a good time to have a round up of recent extensions news...

If you have an idea for an OpenSSO Extension, just leave a comment or <script type="text/javascript" language="javascript"> </script> and I'll fix you up with a directory in the OpenSSO CVS tree and appropriate access.

Friday Jun 26, 2009

Slides from Javali and FISL 2009

As I blogged the other day, I'm in Brazil this week, speaking at the Javali and FISL conferences in Porto Alegre. I'm all done with my sessions now, and, as promised, here are the slides:

The Javali presentation is a fairly deep dive into OpenSSO's brand new OAuth implementation, while the FISL slides are a higher level overview of identity services in OpenSSO. Grab one or both and mix yourself a caipirinha for the full Brazilian experience

Thursday Jun 18, 2009

opensso.br - Javali and FISL 10.0 next week

I just got confirmation that I'm on the bill at the Javali event next Tuesday, June 23, in Porto Alegre, Brazil. Javali, organized by SouJava and RSJUG, focuses on Java and free software, and is held immediately prior to FISL (on which more below). I'll be doing quite a deep dive on the secure RESTful web services (via OAuth) work we have going on right now, which was first seen in public a few weeks ago at CommunityOne West and JavaOne. Javali will be at the Porto Alegre Serpro offices, Av. Augusto de Carvalho, 1133, from 09:00 to 20:00. I'm on at 18:30 in the Bill Joy Room, just before the pizza, assuming I make my 1 hour layover in Buenos Aires!

As I mentioned above, Javali precedes FISL, now in its 10th year, South America's biggest open source conference with, according to the FISL home page, over 6000 attendees registered. I spoke at FISL 9.0 last April, and, I have to say, had a GREAT time. I saw an incredible display of energy and enthusiasm for all things open source, from kernel hacking to Ruby on Rails via every application of Java, although I think our evening expeditions in search of churrasco and caipirinhas probably also contributed to my positive recollections

My session this year, 'Open Source Identity Services with OpenSSO', on Friday June 26 at 09:00 in room 40T, looks at the three different approaches we take to identity services in OpenSSO - insulating applications from identity via container plugins, support for standards such as SAML, and lightweight SOAP and REST for interacting directly with OpenSSO. I'll be covering the secure RESTful web services demo again, but it will be a much higher level view than the Javali presentation.

So - probably not enough notice for anyone to book a trip to Brazil, but, if you're going to be there anyway, drop in one one or both sessions and say "Hi"! And bring the cachaça!

UPDATE - slides posted.

Friday Jun 12, 2009

OpenSSO and Identity Federation in Downtown Chicago

If you're in the Chicago area next week you might be interested in attending the Chicago Java Users Group (CJUG) meeting on Tuesday (June 16 2009) - Kiran Ramineni, Principal at Ramp Info, will be presenting on OpenSSO and Identity Federation. The event starts at 6pm in the Lewis Towers Ballroom, Beane Hall at Loyola University of Chicago, and is free to CJUG members and first time guests. Sounds like a bargain to me, so get yourself down there next Tuesday night and then leave a comment here to let us know how it went!

Thursday Jun 11, 2009

OpenSSO enables 30,000 new Google Apps business users at Valeo

Among the OpenSSO-related news items that popped up while I had my head down over the past few weeks, I noticed the Google Blog entry and Valeo press release concerning the global industrial group's Google Apps deployment - 30,000 Valeo employees now have access to a new communication and collaborative working platform based on Google Apps Premier Edition and supported by Capgemini, one of the largest enterprise deployments of Google Apps to date.

It's not mentioned in either story, but, if you a regular reader of Superpatterns, you'll already know that Capgemini deployed OpenSSO at Valeo to handle single sign-on, allowing Valeo employees to access their email at Google via their Valeo credentials, without having to manage a separate Google username/password.

If you're looking at Google Apps, click here to download the 'starter kit' we recently produced, which explains exactly how to set up single sign-on to Google Apps using OpenSSO.

Wednesday May 06, 2009

The Fedlet - 'Best Innovation' Award Winner at the European Identity Conference

Sitting next to The Smoking Monkey here at Sun's Open IAM day in Brussels, I just got word that the Fedlet last night won the 'Best Innovation' award at the European Identity Conference 2009. In Kuppinger Cole's words:

In the category “Best innovation”, the award went to the OpenSSO initative, founded and supported by Sun Microsystems. Their project, OpenSSO Fedlet has provided a lean solution for the Identity Federation.

This capped a fantastic week for us at EIC2009 - our second OpenSSO Community Day, hosted here on Tuesday, was a great success, with about 50 attendees coming together for a full day of presentations and discussions centering on OpenSSO. I've started uploading slides to the event wiki page - more will arrive over the next few days as I receive them from the presenters.

Felix Gaehtgens managed to corner me on the Sun booth on Wednesday - here's what I had to say about the OpenSSO Community Day and the latest Fedlet news:

About

superpat

Search

Archives
« April 2014
MonTueWedThuFriSatSun
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
    
       
Today