Thursday Jul 16, 2009

links for 2009-07-16

Wednesday May 06, 2009

The Fedlet - 'Best Innovation' Award Winner at the European Identity Conference

Sitting next to The Smoking Monkey here at Sun's Open IAM day in Brussels, I just got word that the Fedlet last night won the 'Best Innovation' award at the European Identity Conference 2009. In Kuppinger Cole's words:

In the category “Best innovation”, the award went to the OpenSSO initative, founded and supported by Sun Microsystems. Their project, OpenSSO Fedlet has provided a lean solution for the Identity Federation.

This capped a fantastic week for us at EIC2009 - our second OpenSSO Community Day, hosted here on Tuesday, was a great success, with about 50 attendees coming together for a full day of presentations and discussions centering on OpenSSO. I've started uploading slides to the event wiki page - more will arrive over the next few days as I receive them from the presenters.

Felix Gaehtgens managed to corner me on the Sun booth on Wednesday - here's what I had to say about the OpenSSO Community Day and the latest Fedlet news:

Friday Mar 13, 2009

OpenSSO Tab Sweep - Mar 13 2009

Lots of news over the last couple of weeks from the world of OpenSSO. Events in New York, new Fedlet innovations and more; read on...

That wraps things up for this week. Don't forget, if you're planning to attend the European Identity Conference 2009 in May, the second OpenSSO Community Day will be there on the Tuesday, May 5 2009. Register at Meetup and you can pick up a discount code for 20% off the cost of your EIC registration. Bargain!

Friday Dec 12, 2008

OpenSSO Tab Sweep - Dec 12 2008

It's been a while since the last tab sweep - lots of news since then, such as the OpenSSO Enterprise 8.0 release, that's kept me busy both here on the blog and 'in real life' (if there is such a thing any more!). Anyway, here are some of the titbits I've been saving for a tab sweep blog post:

Well - that wraps things up for this week. Don't forget to vote for OpenSSO in the SOA World Readers' Choice Awards!!!

Monday Oct 27, 2008

Script to Reset Fedlet Demo

If you find yourself demonstrating the Fedlet (and, let's face it, who doesn't?), you should find this script useful. Assuming you've deployed OpenSSO to Glassfish via the autodeploy directory and created and deployed the Fedlet, it undeploys both, restarts Glassfish (not that you should really need to, but it's good to start from a safe, known base) and removes the OpenSSO and Fedlet configuration directories. Now you'll be ready to go round the loop again, without any JavaOne 2008-style hiccups

Anyone working with OpenSSO and/or Glassfish might find some aspects of the script useful; particularly the way it waits until the apps are undeployed before restarting Glassfish. Autodeploy is one of my favorite Glassfish features. Here's the output from the script:

pat-pattersons-computer:~ pat$ ./
Undeploying the fedlet..Done
Undeploying OpenSSO........Done
Domain domain1 stopped.
Removing Fedlet config directory
Removing OpenSSO config directory
Starting Domain domain1, please wait.
Log redirected to /Applications/NetBeans/glassfish-v2ur2/domains/domain1/logs/server.log.
Redirecting output to /Applications/NetBeans/glassfish-v2ur2/domains/domain1/logs/server.log
Domain domain1 is ready to receive client requests. Additional services are being started in background. 
Domain [domain1] is running [Sun Java System Application Server 9.1_02 (build b04-fcs)] with its configuration and logs at: [/Applications/NetBeans/glassfish-v2ur2/domains].
Admin Console is available at [http://localhost:4848].
Use the same port [4848] for "asadmin" commands.
User web applications are available at these URLs:
[http://localhost:8080 https://localhost:8181 ].
Following web-contexts are available:
[/web1  /__wstx-services ].
Standard JMX Clients (like JConsole) can connect to JMXServiceURL:
[service:jmx:rmi:///jndi/rmi://pat-pattersons-computer.local:8686/jmxrmi] for domain management purposes.
Domain listens on at least following ports for connections:
[8080 8181 4848 3700 3820 3920 8686 ].
Domain does not support application server clusters and other standalone instances.

Tuesday May 20, 2008

Do Not Doubt The Power of The Fedlet!

The inimitable Paul Madsen writes on the Fedlet today, wondering

Would the fedlet, once deployed by an SP, be reusable with other IDPs (than the one that created it initially) and thereby be considered a quick and easy way to SAML enable an SP? I bet not.

On the contrary, my dear Madsen, it could indeed be reused with other IdPs. The Fedlet is configured via SAML 2.0 metadata, saved to a directory on disk. The very first time you visit the Fedlet's deployment URI, it offers to save configuration to disk:

At this point, as explained on the screen, you can expand the Fedlet WAR manually and copy the files yourself, or let the Fedlet do it for you. In either case, you can edit the SAML 2.0 metadata to use any SAML 2.0 identity provider (or providers). OpenSSO even includes an 'unconfigured' Fedlet for doing this all completely manually.

So, yes, the Fedlet is a quick and easy way to SAML enable an SP!

UPDATE (5/22/08) - Paul. Says. It. Was. All. Down. To. Misplaced. Punctuation.

Thursday May 01, 2008

The Fedlet Lives!!!

If you're following OpenSSO at all, you can't have failed to notice the recent buzz around the Fedlet - from Daniel (complete with screencast), Eve Mark D, Mark H, Tatsuo, Derrick, Marina and Daniel at Sun to Coté at RedMonk and Enrico at Tenthline.

Briefly, the 'Fedlet' is a package that a SAML 2.0 identity provider can create to quickly federation-enable a small service provider. The idea is that, if you're running a single web application, you're not going to want to deploy a whole 'nother server to run a standalone service provider. What you want is a little package of code and configuration to federation-enable your web app. You want the Fedlet.

I've been wrapped up in demos and travel for the past month or so, so I haven't had much of a chance to play with the Fedlet. Since I'm planning to demo it in my session at CommunityOne on Monday, I thought I'd better do so - I set aside this afternoon to get it working. Turns out I was a little pessimistic there - here's what I did, in less than an hour:

  • Update from OpenSSO CVS (cvs -q update -dP)
  • Cleaned out previous build detritus and built the WAR file (ant clean && ant server-war)
  • Deployed onto Glassfish (don't forget to change GF's -client JVM option to -server, as detailed in the release notes!)
  • Pointed Flock (my preferred web browser du jour) at the newly deployed OpenSSO at (I alias to in /etc/hosts), configured OpenSSO to use the embedded OpenDS instance for its configuration and user stores.
  • Logged in as amadmin, created a SAML 2.0 identity provider and a Fedlet.
  • Unzipped the Fedlet, deployed it into Glassfish.
  • Ran the Federation validator to check that SSO is operational.
  • And...

When you spend your time in the weeds of a project, you always half expect any given step to fail due to some issue or another. Perhaps some recent fix destabilized something; perhaps some errant process has eaten my laptop's memory; whatever. So it was extremely gratifying when all of the above passed off without a hitch. I won't tell you what I muttered under my breath as the federation validator completed and gave me the thumbs up, but the second word was "cool!"

Monday Apr 14, 2008

From the Trenches - Daniel Raskin on Simplifying Federated Access Management

Tech author Marina Sum over at Sun Developer Network continues her series of interviews; this time in the hot seat is Daniel Raskin, senior product line manager for access and federation management at Sun.

In the interview, Daniel lifts the lid on some of the cool new features coming up in Sun Federated Access Manager 8.0 (and, of course, available NOW in OpenSSO), including Fedlets, Virtual Federation, the Federation Validator and more. Exciting stuff!




« August 2016