Wednesday Nov 28, 2007

Authorization with OpenSSO's Identity Services

One new area of work in OpenSSO is Identity Services, allowing a developer to easily write code to authenticate users, check if those users are authorized to access resources, retrieve those users' attributes etc. While all of this functionality has long been available in different forms, the new Identity Services work collects common identity tasks into an easy-to-use set of web services accessible via SOAP and REST. Now developers working in just about any language can join the identity party

Last month, Aravindan and Marina published a Sun Developer Network article showing how to use OpenSSO's identity services for authentication. This month, Lakshman Abburi joins them to cover authorization with identity services. The identity services client from part 1 is extended to check whether the authenticated user should be allowed access to a given resource, in this example, a URL. Although the article focuses on Java and NetBeans, as I mention above, you can invoke identity services from just about anywhere. Go read the articles, have a play, and leave a comment here or there if you do something really cool.

Friday Nov 02, 2007

Access Manager FAQs and Identity Services at Sun Developer Network

It's been a busy couple of weeks, what with a trip to Tokyo, a typhoon on the day I flew out, an earthquake at home and the usual backlog of 1000 emails that follows any trip away from the office, so please excuse the recent dearth of blog entries!

On returning, I was pleased to see Sun Developer Network's identity pages have continued their expansion. The latest additions are:

Kudos to Marina and Aravindan for their tireless work on the Sun Developer Network identity pages - if you're working with Sun Java System Access Manager and related products, you should definitely subscribe to the feed .

Friday Oct 05, 2007

New Sun Developer Network Goodies

The Sun Developer Network elves have been hard at work at the cobbler's bench, publishing new articles in the identity section and creating a whole new resource center for scripty folk.

First up, Installing, Configuring, and Deploying Sun Java System Access Manager the Simple Way, by Sun engineer (and techno buff!) Anant Kadam and regular SDN tech author Marina Sum, shows how Access Manager's WAR deployment mechanism allows you to install the product on any of a variety of containers in just a few minutes. <whisper>It works on Tomcat and Glassfish as well as the officially supported containers - just don't tell anyone </whisper>.

Also, the very first article on OpenDS just hit SDN, Trey Drake and the ubiquitous Marina present an introduction to OpenDS. In case you hadn't heard, OpenDS is Sun's open source directory server project, written in Java and fully compliant with LDAP v3. Check out the article and OpenDS itself!

Finally, we have the new Scripting Resource Center - all sorts of goodies here - JavaScript, Ajax, Ruby, JavaFX, jMaki, PHP, Python, C, DTrace, and more. Set aside a couple of hours before following this link

Thursday Sep 13, 2007

SSO from Sun Java System Access Manager to Outlook Web Access 2003

Completing our trilogy of articles on integrating Sun Java System Access Manager with Microsoft web applications is Sun and Microsoft Interoperate for Web Authentication, Part 3 - Sun Java System Access Manager and Microsoft Outlook Web Access for Exchange Server 2003. This time, Marina Sum, our resident technical author, and Madan Ranganath, Access Manager policy agent engineer, focus on single sign-on from Access Manager to OWA 2003.

If you work your way through the first two installments, covering IIS and SharePoint Portal Server 2003, and this final article, you'll know pretty much all there is to know about single sign-on between Access Manager and Microsoft's web applications.

Monday Aug 27, 2007

Apply Web Services Security to EJB Applications

At JavaOne 2007 earlier this year, Aravindan Ranganathan and Malla Simhachalam presented a hands-on lab titled Securing Identity Web Services. The lab showed how to provide different levels of stock quote service according to the identity of an end-user - authenticated users see real-time stock data while 'guests' see delayed quotes.

Since then, Malla, Mrudul Uchil and Marina Sum have written up the lab tutorial as a three-part series of articles showing how identity can be carried from an incoming web services request right through to an EJB. The sample application shows the request and response messages graphically, and provides links to the XML message data - a particularly nice feature that shows exactly what is going on.

Highly recommended for anyone putting together the pieces of web services, identity and EJB apps.

Thursday Jul 26, 2007

SSO from Sun Java System Access Manager to SharePoint Portal Server 2003

Back in December of last year, Marina Sum and I co-wrote the article Sun and Microsoft Interoperate for Web Authentication, Part 1. In that article we examined how Sun Java System Access Manager's policy agents work with Microsoft Internet Information Server (IIS) to provide single sign-on and authorization in a heterogeneous environment. At the end of the piece, we promised further articles on integration with SharePoint Portal Server 2003 and Outlook Web Access in Microsoft Exchange 2003.

Well, it's been a while, but the planets finally aligned for Robertis Tongbram, Access Manager policy agent engineer, and Marina to create the second article (deep breath): Sun and Microsoft Interoperate for Web Authentication, Part 2 - Sun Java System Access Manager and SharePoint Portal Server 2003. The article works from the basics of authentication and authorization in SharePoint to configuring single sign-on between Access Manager and SharePoint via the policy agent. If you're wrestling with SharePoint, I recommend you go take a look.

Monday Jun 25, 2007

Basic Authorization with Sun Java System Access Manager

As I reported yesterday at The Aquarium, Robert Skoczylas of Indigo Consulting and Sun tech author Marina Sum just published Developing Secure Applications with Sun Java System Access Manager, Part 1: Basic Authorization at Sun Developer Network. This article, part 1 of a series, presents a case study of implementing authentication, single sign-on, and authorization at a fictional health-care insurance company.

There's some really good stuff in there - Robert and Marina work from a high-level description of the problem right down to specific Access Manager customizations. In particular, the detailed description of customizing Access Manager's policy framework is well worth the read for anyone working with, or evaluating, Sun Java System Access Manager.

Tuesday Jun 19, 2007

Single Logout with SAML 2.0 and PHP

Back in February, Marina Sum and I co-wrote an article on the OpenSSO SAML 2.0 PHP Extension, or Lightbulb, as it was then known. The sequel to that article - Single Logout: A Demo just went live at Sun Developer Network: Marina and I provide an update on Project Lightbulb's evolution into an OpenSSO Extension as well as a look at circles of trust and single logout in SAML 2.0. As before, we look at a simple example message flow, then delve down into the PHP code to see how it all works. Click here for the article.

Tuesday Apr 24, 2007

SSO from Sun Java System Access Manager to SAP via SAML

I'm in Brussels this week for the Liberty Alliance Plenary Meeting and IOS Brussels, but, back at the ranch in California, the Sun Developer Network folks have released another technical article on Access Manager: Achieving SSO With Sun Java System Access Manager and SAML, a look at how to integrate Access Manager with a third party application - in this case SAP NetWeaver Enterprise Portal 2004s - via SAML.

Tuesday Feb 06, 2007

Switch on SAML for PHP with Project Lightbulb

Marina Sum and I just published an article over on the Sun Developer Network (SDN) - Switch on SAML for PHP with Project Lightbulb. The article walks through some of the Project Lightbulb code, following the single sign-on process. If you want to work with the Lightbulb code, or you just want a better idea of how SAML 2.0 works, this article is for you.

As I mention in the conclusion, we'll look at SAML 2.0 single logout and the circle-of-trust in a future article.

Monday Dec 04, 2006

Sun and Microsoft Interoperate for Web Authentication, Part 1

In between all the talk of federation, PHP and web services, we sometimes lose sight of the fact that bread-and-butter single sign-on and access control still has huge value in improving both security and the user experience. Over at the Sun Developer Network, Marina Sum and I just published an article - Sun and Microsoft Interoperate for Web Authentication, Part 1 - focusing on how Sun Java System Access Manager and its policy agents integrate with Microsoft IIS to provide both single sign-on and access control - right down to Windows ACLs on files on disk.

As the article mentions, some functionality (specifically, the basic authentication plugin - from the 'Configuration of the Policy Agent for HTTP Basic Authentication' heading to the end - sorry, there is no handy name anchor in there to link to) will be released in AM Policy Agent for IIS 2.2-Hotpatch6 sometime in the next few weeks. I'll post here as soon as this is available; at that point you will be able to work through the entire article. In the meantime, much of it works with the current policy agent, so you can get started straight away.

Wednesday Sep 06, 2006

Sun Developer Network Channel - Identity Management Month

Sun Developer Network's SDN Channel this month focuses on Identity Management. There's a cool video featuring my esteemed colleague - Identity Guru Aravindan Ranganathan. Aravindan looks at some of the latest web services security features in Sun Java System Access Manager 7.1, bringing a new twist to that old staple web service sample - the stock ticker - by allowing only authenticated users to obtain real-time quotes. If you want to try this at home, the beta of Access Manager 7.1 is available now in the Java EE SDK download.

There's a whole load more useful information (and a link to a short article I wrote on open source identity at Sun) in the SDN Show Notes.

About

superpat

Search

Archives
« April 2014
MonTueWedThuFriSatSun
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
    
       
Today