Friday Jul 04, 2008

OpenSSO Build 4.5

It's been a while since Build 4 of OpenSSO, as we work towards an early access (EA) build of Sun Federated Access Manager 8.0, OpenSSO's commercial 'twin'. Our plan designates OpenSSO build 5 as the FAM 8.0 EA, but we still have some minor issues to iron out before we're ready for EA, hence the release of OpenSSO 1.0 Build 4.5.

Here are some of the new features in Build 4.5, compared to Build 4:

  • The Fedlet - quick and easy Federation for SP's, where you'd rather (slightly) modify your web app than deploy more infrastructure - much more on the Fedlet in the Sun blogosphere.
  • Federation Validator - test harness for checking single sign-on between a SAML 2.0 Identity Provider and Service Provider.
  • SiteMinder Integration - support for co-existence of OpenSSO and SiteMinder.

Many more enhancements are listed at the bottom of the Build 4.5 release notes. Watch the OpenSSO blogosphere for more details on these new features.

The more I work on OpenSSO, the more I realize the nuances of open source development. The fact that we released this 'interim' stable build between builds 4 and 5 is one example of this - the demand for build 4.5 has come from the OpenSSO community, which is now MUCH larger than the FAM team within Sun.

Friday Apr 11, 2008

OpenSSO - Download, Evaluate, Deploy!!!

A few days ago I was IMing with a guy that works for one of the large systems integrators. They have an opportunity to deploy OpenSSO with a large customer. They particularly want OpenSSO, rather than, say Sun Java System Access Manager 7.1, as they need some of the new features developed over the last few months, in advance of the upcoming Federated Access Manager 8.0 release. The SI discovered OpenSSO, found that it met the needs of their prospective customer, evaluated it for the specific requirement and decided that it was the right solution.

My correspondent mentioned something quite disturbing to me... "[sales person] told me it was 'forbidden' to use OpenSSO in commercial environment". Well, of course, nothing could be further from the truth! If you read my blog, The Aquarium, Jonathan Schwartz's blog, or just about any other channel of information from Sun, you'll know that our open source software (and in fact, most of our closed source software) is free for download, evaluation and deployment in any fashion that you see fit. We welcome folks deploying OpenSSO, Glassfish and even Solaris on their production systems, the point being that they often get in touch afterwards saying "We've evaluated and deployed X, now we'd like support, so how do we give you some money for that" (this actually really does happen!).

I mention this today because I was in a SEED meeting this morning where Jonathan was speaking (I was going to say that he was the star turn, but he'd be the first to disagree with me on that!). I told the above story to him, and his answer was to blog about it. Oh, and to email a couple of people in Sun on the need to educate our sales force. So here we are, dear reader. OpenSSO - available for deployment wherever, whenever it's needed.

Wednesday Apr 02, 2008

OpenSSO Build 4

It seems like only two minutes since Build 3, back in February, but OpenSSO v1 Build 4 was released today. Binaries are available at the OpenSSO download page, here are the release notes.

So, what have we been working on?

  • New OpenSSO configurator - let us know what you think about the new configuration UI (mailing lists are here).
  • WS-Trust Security Token Service (STS) is available on Glassfish, Sun Application Server, Sun Web Server, Geronimo, Tomcat and WebSphere - we've done a lot of trickery with classloaders to get this working across a wide range of containers. We're still working on support in Oracle Application Server, JBoss and WebLogic Server.
  • Simplified STS client sample
  • Configuration and/or user store replication across multiple OpenSSO instances where the embedded instance of OpenDS is in use.
  • Security/SSL related fixes
  • General bug fixes in all areas

Here's a full list of the more than 200 fixes in build 4. Go update your CVS or grab the binaries now and see how it works for you - and please, read the release notes for container-specific installation instructions - in particular if you're using Tomcat. There are some changes to Tomcat's cookie handling in releases 5.5.26 and 6.0.16 that cause problems for this build of OpenSSO.

Friday Feb 22, 2008

OpenSSO Build 3

Yay! OpenSSO v1 Build 3 was released yesterday - as already reported by Tatsuo and Michael. As ever, binaries are available at the OpenSSO download page.

Here's a full list of fixes in build 3; the big new features in this release are issue 1375: SAML2 Attribute Query and issue 1533: SAML2 Authentication Query and NameID Mapping profile, rounding out our industry-leading support of SAML 2.0, plus support for JBoss 4.x and Geronimo 2.0.2. See the release notes for more.

While we're on the subject of OpenSSO and the forthcoming FAM 8.0, Michael has put together a nice little series of articles derived from the recent FAM 8.0 'transfer of information' (TOI) from engineering to other stakeholders like QA, docs and training:

Michael's blog is well worth the subscription - handy hints on OpenSSO and the Federated Access Manager product line accompanied by classic choonz. What more could you want?

Thursday Feb 07, 2008

FAMTalk 02: Federation

I just uploaded the second FAMTalk podcast - this time, I have the host's seat, presenting 'Federation', with a particular focus on SAML 2.0. You can download a PDF plus MP3 or AAC files from, or simply subscribe to FAMTalk via iTunes or RSS.

We had some frustrating technical problems recording this episode - the Sony USB headset (UAB-260) I was using developed an annoying crackle about halfway through the program. Unplugging, replugging, rebooting - nothing made it work for more than a few minutes at a time. After wrestling with it for an hour, we decided to just record the outro segment together and I ordered a Griffin iMic to replace the Sony USB Audio box (the headset itself seemed ok) to fill in the gap on my own.

The funny thing was, I got a bit of a cold between the first recording and the second, so the transitions between the different segments are quite obvious - you can hear me get sick and recover, all within an hour

Tuesday Dec 18, 2007

Introducing FAMTalk

As Terry Sigle blogs today, FAMTalk (feed) went live this week. FAMTalk is a monthly podcast focusing on federation and access management (the FAM of the title) and their implementation in Sun Java System Federated Access Manager (the forthcoming next version of Access Manager) and OpenSSO. Your regular hosts will be Tim Campbell (Sun Partner Enablement), Steven Jarosz (Sun Americas Software SE - Federal), Terry (Sun Americas Software SE - Telco) and me (OpenSSO 'community guy').

In episodes 1a and 1b (we split the original 1hr 40mins or so in two), Tim presents Access Manager 101. You can download a PDF plus MP3 or AAC files from, or simply subscribe to FAMTalk via iTunes or RSS. Apparently the AAC files include the slides, which should play in sync with the audio on many iPods. I need to go check it out on my iPhone and see how it looks...

FAM 8.0 Puts the 'Full' in 'Full-Matrix SAML 2.0 Interoperability Testing'

As you might have just read, Liberty Alliance recently completed its first 'full matrix' SAML 2.0 interoperability test. Not only was Sun amongst the successful participants with its upcoming Federated Access Manager 8.0 product, we were the only participant to successfully test every conformance mode. Daniel, of course, beat me to the punch on this one, though I like to think my entry is laid out a little more neatly

I'll also take this opportunity to point out that, although Federated Access Manager 8.0 is scheduled for release next year, you can get the code and binaries right now via the OpenSSO project - in fact, we just released 'build 2' of OpenSSO v1, which includes the tested code.

Thursday Dec 13, 2007

OpenSSO Build 2 Hits The Street!

OpenSSO v1 Build 2 hit the wire this morning (CET) - you can grab the binaries for OpenSSO itself and the new agents (see below) at the OpenSSO download page.

Here's a full list of fixes in build 2, but the two highlights are:

  • Issue 1093: Server configuration is now consolidated into the directory-based configuration system and exposed via the admin console and CLI - previously, several configuration parameters were set in the file. now contains the minimum information required to start OpenSSO.
  • Issue 1099, issue 1103: configuration for Java EE and web agents respectively is also now consolidated into the central configuration system. Previously, all agent configuration was via a properties file on the local file system - now all configuration can be centrally stored and managed via the admin console.

So... go grab the new bits and work through Michael's quick install guide. Think of it as an early Christmas present




« June 2016