Friday Nov 02, 2007

Access Manager FAQs and Identity Services at Sun Developer Network

It's been a busy couple of weeks, what with a trip to Tokyo, a typhoon on the day I flew out, an earthquake at home and the usual backlog of 1000 emails that follows any trip away from the office, so please excuse the recent dearth of blog entries!

On returning, I was pleased to see Sun Developer Network's identity pages have continued their expansion. The latest additions are:

Kudos to Marina and Aravindan for their tireless work on the Sun Developer Network identity pages - if you're working with Sun Java System Access Manager and related products, you should definitely subscribe to the feed .

Friday Oct 05, 2007

New Sun Developer Network Goodies

The Sun Developer Network elves have been hard at work at the cobbler's bench, publishing new articles in the identity section and creating a whole new resource center for scripty folk.

First up, Installing, Configuring, and Deploying Sun Java System Access Manager the Simple Way, by Sun engineer (and techno buff!) Anant Kadam and regular SDN tech author Marina Sum, shows how Access Manager's WAR deployment mechanism allows you to install the product on any of a variety of containers in just a few minutes. <whisper>It works on Tomcat and Glassfish as well as the officially supported containers - just don't tell anyone </whisper>.

Also, the very first article on OpenDS just hit SDN, Trey Drake and the ubiquitous Marina present an introduction to OpenDS. In case you hadn't heard, OpenDS is Sun's open source directory server project, written in Java and fully compliant with LDAP v3. Check out the article and OpenDS itself!

Finally, we have the new Scripting Resource Center - all sorts of goodies here - JavaScript, Ajax, Ruby, JavaFX, jMaki, PHP, Python, C, DTrace, and more. Set aside a couple of hours before following this link

Monday Oct 01, 2007

FAM 8.0 Build 1 is here!

Last Friday we declared 'build 1' of Sun Java System Federated Access Manager 8.0. This is the initial build (from the OpenSSO code) that we (engineering) handed off to QA to start the official countdown to FAM 8.0. Congratulations to both the FAM engineering team and the wider OpenSSO community on this huge milestone.

You might have seen Daniel's outline of the new features in FAM 8.0 - some of these goodies, such as WS-Federation and web services security, are in build 1; others, such as centralized server and agent config, will arrive later. As Daniel mentions, heterogeneity is a big focus in this release - the release notes cover installation on a host of containers - Glassfish v2/Sun Java System Application Server 9.1, Sun Java System Web Server 7.0 U1, BEA WebLogic Server 9.2 and 10.0, IBM Websphere Application Server 6.1, Oracle Application Server 10g, and Apache Tomcat 5.5.x.

So, grab the zip, throw it on your favorite container and let us know of any issues! (You'll need to be a project member to file an issue - join OpenSSO here.)

Thursday Sep 20, 2007

Sun Java System Federated Access Manager Architecture Overview

The eagle eyed amongst you might have noticed references to something called Sun Java System Federated Access Manager 8.0. Simply stated, we are bringing together the Access Manager and Federation Manager products in the next version, together with some exciting new features. I'll leave it to Daniel to bring you the full product roadmap story, but I will stress this important point: FAM 8.0 will be OpenSSO; that is, the commercial product will be built from, and identical to, OpenSSO, in exactly the same way that Sun Java System Application Server 9.1 is built from, and identical to, Glassfish v2.

As part of this process, fellow architect and occasional blogger Rajeev Angal has writted an excellent overview of the OpenSSO/Federated Access Manager architecture on the new Federated Access Manager wiki.

The architecture document moves from a 30,000 ft 'elevator pitch' (now there's an interesting mixed metaphor!) to detail the various FAM services, extension points and dependencies. Absolutely required reading for anyone working with OpenSSO, Access Manager and Federation Manager or looking forward to the upcoming Federated Access Manager - OpenSSO/Federated Access Manager architecture

Monday Sep 17, 2007

Glassfish v2 / Sun Java System Application Server 9.1 - it's here!

As you've almost certainly already noticed, Glassfish turned v2 today, with commercial support available from Sun in the form of Sun Java System Application Server 9.1. New features target the enterprise, with clustering support, improved performance and, arguably most interesting, web services support from Metro. We're building OpenSSO's WS-Trust security token service (STS) on Metro.

OpenSSO and Sun Java System Access Manager have supported GFv2 and AS 9.1 for some time now both as a deployment container (recall, OpenSSO/Access Manager is a standard J2EE web application) and via a Java EE policy agent - available here in source form and here as a supported policy agent for Access Manager. It's also worth pointing out that Access Manager ships with the NetBeans Enterprise Pack - NetBeans, Glassfish, Access Manager and much, much more in one hit. Heady stuff!

Thursday Sep 13, 2007

SSO from Sun Java System Access Manager to Outlook Web Access 2003

Completing our trilogy of articles on integrating Sun Java System Access Manager with Microsoft web applications is Sun and Microsoft Interoperate for Web Authentication, Part 3 - Sun Java System Access Manager and Microsoft Outlook Web Access for Exchange Server 2003. This time, Marina Sum, our resident technical author, and Madan Ranganath, Access Manager policy agent engineer, focus on single sign-on from Access Manager to OWA 2003.

If you work your way through the first two installments, covering IIS and SharePoint Portal Server 2003, and this final article, you'll know pretty much all there is to know about single sign-on between Access Manager and Microsoft's web applications.

Monday Aug 27, 2007

Apply Web Services Security to EJB Applications

At JavaOne 2007 earlier this year, Aravindan Ranganathan and Malla Simhachalam presented a hands-on lab titled Securing Identity Web Services. The lab showed how to provide different levels of stock quote service according to the identity of an end-user - authenticated users see real-time stock data while 'guests' see delayed quotes.

Since then, Malla, Mrudul Uchil and Marina Sum have written up the lab tutorial as a three-part series of articles showing how identity can be carried from an incoming web services request right through to an EJB. The sample application shows the request and response messages graphically, and provides links to the XML message data - a particularly nice feature that shows exactly what is going on.

Highly recommended for anyone putting together the pieces of web services, identity and EJB apps.

Thursday Jul 26, 2007

SSO from Sun Java System Access Manager to SharePoint Portal Server 2003

Back in December of last year, Marina Sum and I co-wrote the article Sun and Microsoft Interoperate for Web Authentication, Part 1. In that article we examined how Sun Java System Access Manager's policy agents work with Microsoft Internet Information Server (IIS) to provide single sign-on and authorization in a heterogeneous environment. At the end of the piece, we promised further articles on integration with SharePoint Portal Server 2003 and Outlook Web Access in Microsoft Exchange 2003.

Well, it's been a while, but the planets finally aligned for Robertis Tongbram, Access Manager policy agent engineer, and Marina to create the second article (deep breath): Sun and Microsoft Interoperate for Web Authentication, Part 2 - Sun Java System Access Manager and SharePoint Portal Server 2003. The article works from the basics of authentication and authorization in SharePoint to configuring single sign-on between Access Manager and SharePoint via the policy agent. If you're wrestling with SharePoint, I recommend you go take a look.

Monday Jun 25, 2007

Basic Authorization with Sun Java System Access Manager

As I reported yesterday at The Aquarium, Robert Skoczylas of Indigo Consulting and Sun tech author Marina Sum just published Developing Secure Applications with Sun Java System Access Manager, Part 1: Basic Authorization at Sun Developer Network. This article, part 1 of a series, presents a case study of implementing authentication, single sign-on, and authorization at a fictional health-care insurance company.

There's some really good stuff in there - Robert and Marina work from a high-level description of the problem right down to specific Access Manager customizations. In particular, the detailed description of customizing Access Manager's policy framework is well worth the read for anyone working with, or evaluating, Sun Java System Access Manager.

Wednesday Jun 20, 2007

Lost my Wikipedia Virginity

I was nosing about on Wikipedia the other day when I noticed a link to a page for Sun Java System Access Manager. The link went to the standard 'editing' page, so I decided to register at Wikipedia and create my first entry. Quite painless. The entry is a stub, and I'm not sure how much I can add without falling foul of Wikipedia's policy on spam. As it stands, I think the stub is useful context, particularly as the link was already present in a couple of pages. I guess I'll sit back and see if anyone posts a request for expansion.

Thursday Jun 14, 2007

Slides on Feide, SAML 2.0, OpenID and more

Andreas over at Feide has just published a bunch of presentations he, um, presented the other day in Oslo. Great stuff - and I really like the sparse, clean look. I HATE slides with 15 bullets in 10 point text. The presentations cover the basics of SSO, SAML 2.0, OpenID and a look at Nordic/European collaboration in the education sector. Check them out.

Tuesday Apr 24, 2007

SSO from Sun Java System Access Manager to SAP via SAML

I'm in Brussels this week for the Liberty Alliance Plenary Meeting and IOS Brussels, but, back at the ranch in California, the Sun Developer Network folks have released another technical article on Access Manager: Achieving SSO With Sun Java System Access Manager and SAML, a look at how to integrate Access Manager with a third party application - in this case SAP NetWeaver Enterprise Portal 2004s - via SAML.

Friday Mar 09, 2007

Welcome, Mrudul!

A big shout down the corridor to Mrudul Uchil, lead engineer on Web services security and Java EE SDK/NetBeans Enterprise Pack integration in the Access Manager team. Mrudul just started blogging - anyone working with the new Web services security features in Access Manager 7.1 or looking forward to this technology appearing in OpenSSO needs to subscribe to Mrudul's blog.

Thursday Mar 01, 2007

Sun Java System Access Manager 7.1 is here!

You might have seen the news today that Sun just released Java Enterprise System 5. While it's not called out in the press release, Sun Java System Access Manager 7.1 is part of Java ES 5. Although it's been widely previewed in beta in the Netbeans Enterprise Pack and Java EE SDK, it's still worth calling out the new features:

So, go to the download page, grab Access Manager 7.1 and give it a whirl. It's in all of the system/suite downloads except the availability suite.


"Another OpenSSO/Access Manager/Federation Manager Blogger"

Added Warren Strange, Senior IT Architect up in Calgary, Alberta, to the list. Warren has just written a fascinating entry on integrating OpenSSO with JBoss SEAM. Well worth a read, particularly if you are working with SEAM and wondering about authentication.

Welcome, Warren!




« June 2016