Wednesday Aug 19, 2009

OpenSSO, Jack Adams and me

At OSCON a few weeks ago, I spent a little time with OpenSolaris enthusiast Jack Adams (who doesn't seem to have his own page, but is often in the company of Bruno Souza and Deirdré Straughan), chatting about the basics of OpenSSO, single sign-on and federation. Luckily, it was all caught on video...

Tuesday Aug 11, 2009

OpenSSO Single Sign-on Extension for MediaWiki

Following the recent trio of OpenSSO Extensions targeting PHP CMS applications (see my previous entries covering the extensions for Drupal, WordPress and Joomla), I decided to look at MediaWiki, the PHP application powering Wikipedia and many other wikis across the web.

In common with the CMS apps, MediaWiki has a very pluggable architecture, making implementation of a single sign-on extension very straightforward, and I was able to get an initial implementation done in a few hours. The user interface is very like the WordPress plugin: just click on the regular 'log in' link to be sent to OpenSSO to authenticate; on returning to MediaWiki, the extension validates the OpenSSO cookie and uses it to retrieve the username from OpenSSO, setting up the MediaWiki session.

There is a README and source code - also available via CVS, and I've added the new provider plugin to the list on the OpenSSO Extensions page. As always, note that none of these extensions are supported by Sun, and all should be considered 'proof of concept' quality - they likely need a bit more polish (and lots more testing!) before being deployed into production.

I think that about wraps up the PHP extension story for the time being - we now have plugins for the four most common PHP web apps. Do leave a comment if you think there is another we should cover.

Monday Aug 03, 2009

links for 2009-08-03

Saturday Aug 01, 2009

OpenSSO Single Sign-on Plugin for Joomla

I was lucky enough to be able to spend some time at Burton Catalyst this last week with Pamela Dingle, looking at how to get started writing an OpenSSO plugin for Joomla to complement the plugins I recently wrote for Drupal and Wordpress. Pamela, well known for her work on PHP Information Card plugins at The Pamela Project, quickly pointed me in the right direction, and it didn't take me long after that to get something working - thanks, Pam!

The Joomla plugin alters the standard process so that, on clicking the 'Login' button, users are redirected first to OpenSSO to authenticate, then back to Joomla for the plugin to retrieve the user's name from OpenSSO and create a session. I got a little bit more creative this time round; there's JavaScript to alter the Joomla login form - see the screen cap next to this paragraph.

As always, there is a README and source code - also available via CVS, and I've added the new provider plugin to the list on the OpenSSO Extensions page. Note that none of these plugins are supported by Sun, and all should be considered 'proof of concept' quality - they likely need a bit more polish (and lots more testing!) before being deployed into production.

So, that's the Drupal/Wordpress/Joomla open source PHP CMS trifecta covered... I see Pam has a MediaWiki plugin too - maybe I'll look at that next...

Monday Jul 27, 2009

OpenSSO Single Sign-on Plugin for WordPress

Encouraged by a comment on my post about the OpenSSO module for Drupal, and the amount of OpenSSO/Drupal buzz on Twitter, I decided to attack WordPress next. Although WordPress has a very different plugin model from Drupal, I was able to reuse much of the code from the Drupal module and get a basic single sign-on plugin working quite quickly. As with the Drupal module, there are certainly bugs in the WordPress plugin - in particular, I just noticed that, if you log in to OpenSSO as a user without a corresponding WordPress account, you can get into a redirect loop if you try to go to a protected page at WordPress.

As usual, there is a README and source code - also available via CVS, and I've added the new provider plugin to the list on the OpenSSO Extensions page.

So... That's two thirds of the Drupal/Joomla/Wordpress CMS trifecta covered... A competent Joomla hacker should be able to take the Drupal/WordPress work and adapt it pretty easily... Anyone want to try while I'm at Catalyst this week?

Saturday Jul 25, 2009

OpenSSO Single Sign-on Module for Drupal

Drupal is one of the leading open source content management systems - some would say the leading open source CMS. We've had a few requests over the years for OpenSSO/Drupal integration, but no one has hitherto stepped forward. Finding myself with a few spare hours over the last few days, I decided to investigate.

It turns out that, thanks to Drupal's extensibility through modules and OpenSSO's identity services, it's pretty straightforward to get something working. So I did. There is now an OpenSSO module for Drupal [ README | Source - also available via CVS]. I'm no expert in either PHP or Drupal, so there may well be bugs, but it seems to work well, checking for the OpenSSO cookie when users attempt to access Drupal, redirecting them to OpenSSO to authenticate if necessary, and retrieving a Drupal username from the user's OpenSSO profile before setting up the user's Drupal session.

If there's sufficient demand, I'll look at going through the process to contribute this to Drupal under GPL, until then, it's available under CDDL as an OpenSSO Extension.

Friday Jul 17, 2009

links for 2009-07-17

Friday Jun 19, 2009

links for 2009-06-19

Thursday Jun 11, 2009

OpenSSO enables 30,000 new Google Apps business users at Valeo

Among the OpenSSO-related news items that popped up while I had my head down over the past few weeks, I noticed the Google Blog entry and Valeo press release concerning the global industrial group's Google Apps deployment - 30,000 Valeo employees now have access to a new communication and collaborative working platform based on Google Apps Premier Edition and supported by Capgemini, one of the largest enterprise deployments of Google Apps to date.

It's not mentioned in either story, but, if you a regular reader of Superpatterns, you'll already know that Capgemini deployed OpenSSO at Valeo to handle single sign-on, allowing Valeo employees to access their email at Google via their Valeo credentials, without having to manage a separate Google username/password.

If you're looking at Google Apps, click here to download the 'starter kit' we recently produced, which explains exactly how to set up single sign-on to Google Apps using OpenSSO.

Wednesday Apr 29, 2009

Federating to Google Apps with OpenSSO - Open Source Starter Kit

It's been possible to configure OpenSSO for single sign-on (SSO) to Google Apps ever since Google implemented the SAML 2.0 protocol for federated SSO back in 2006. Last year, I covered Wajih Ahmed and Marina Sum's article on implementing SSO between OpenSSO and Google Apps, which described precisely how to quickly get it up and running. The process took about 10 or 15 minutes, but involved editing an XML configuration file, which does introduce some, uh, opportunity for user error.

So, we looked at how we could streamline the process, making it as foolproof as possible, and, in OpenSSO Express Build 7, built a task flow specifically for federating with Google Apps. The new task flow is described in one of the first open source starter kits for Sun's identity products - Federating to Google Apps with OpenSSO (the other starter kit covers setting up OpenDS as a Naming Service for OpenSolaris). We now have the process down to less than four minutes, and it's so easy, even a smoking monkey can do it

Wednesday Nov 12, 2008

Federated Single Sign-On for Google Apps in OpenSSO

Hot on the heels of the OpenSSO Enterprise 8.0 release comes Wajih Ahmed and Marina Sum's article on configuring Federated Single Sign-On for Google Apps in OpenSSO. With just a few minutes of work, you can be authenticating users in OpenSSO and giving them access to their accounts in Google Apps, including Google Mail, Google Documents and Google Calendar. Take a look at the demo we recorded with Michael Coté a few weeks ago to see the end result.

While this integration has been possible ever since we introduced SAML 2.0 support in Access Manager, it used to require a small amount of custom code to copy the user id into the SAML 2.0 NameID element. With OpenSSO Enterprise 8.0, it's now a simple matter of configuration in the administration console.

To illustrate the article, Wajih has captured the configuration process on video - settle back and enjoy the show.

Thursday Mar 20, 2008

links for 2008-03-20

Thursday Jan 10, 2008

links for 2008-01-11

Thursday Sep 13, 2007

SSO from Sun Java System Access Manager to Outlook Web Access 2003

Completing our trilogy of articles on integrating Sun Java System Access Manager with Microsoft web applications is Sun and Microsoft Interoperate for Web Authentication, Part 3 - Sun Java System Access Manager and Microsoft Outlook Web Access for Exchange Server 2003. This time, Marina Sum, our resident technical author, and Madan Ranganath, Access Manager policy agent engineer, focus on single sign-on from Access Manager to OWA 2003.

If you work your way through the first two installments, covering IIS and SharePoint Portal Server 2003, and this final article, you'll know pretty much all there is to know about single sign-on between Access Manager and Microsoft's web applications.

Thursday Jul 26, 2007

SSO from Sun Java System Access Manager to SharePoint Portal Server 2003

Back in December of last year, Marina Sum and I co-wrote the article Sun and Microsoft Interoperate for Web Authentication, Part 1. In that article we examined how Sun Java System Access Manager's policy agents work with Microsoft Internet Information Server (IIS) to provide single sign-on and authorization in a heterogeneous environment. At the end of the piece, we promised further articles on integration with SharePoint Portal Server 2003 and Outlook Web Access in Microsoft Exchange 2003.

Well, it's been a while, but the planets finally aligned for Robertis Tongbram, Access Manager policy agent engineer, and Marina to create the second article (deep breath): Sun and Microsoft Interoperate for Web Authentication, Part 2 - Sun Java System Access Manager and SharePoint Portal Server 2003. The article works from the basics of authentication and authorization in SharePoint to configuring single sign-on between Access Manager and SharePoint via the policy agent. If you're wrestling with SharePoint, I recommend you go take a look.

About

superpat

Search

Archives
« April 2014
MonTueWedThuFriSatSun
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
    
       
Today