Tuesday Apr 24, 2007

SSO from Sun Java System Access Manager to SAP via SAML

I'm in Brussels this week for the Liberty Alliance Plenary Meeting and IOS Brussels, but, back at the ranch in California, the Sun Developer Network folks have released another technical article on Access Manager: Achieving SSO With Sun Java System Access Manager and SAML, a look at how to integrate Access Manager with a third party application - in this case SAP NetWeaver Enterprise Portal 2004s - via SAML.

Sunday Dec 03, 2006

links for 2006-12-03

  • This normative document defines terms used throughout the OASIS Security Assertion Markup Language (SAML) specifications and related documents.

Sunday Nov 20, 2005

Demonstration of Identity Web Services

Following on from my recent posting of a Federation Manager demo showing Liberty ID-FF federated single sign-on, here is a demo of Access Manager and Federation Manager I showed at a Liberty 'eGovernment Forum' in Dublin back in April.

This demo shows an employee of the 'Department of Health and Children' logging into the department's portal, visiting another government department, the 'Stationery Office', to obtain an official report, and having the Stationery Office query their 'home' department for a mailing address via the Liberty Identity Web Services Framework (ID-WSF).

This is a very simple demo, but it demonstrates some key aspects of Liberty ID-WSF:

  • 'Bootstrap' from federated web single sign-on (ID-FF) to web services (ID-WSF).
  • Use of the Discovery Service to locate a web service for a given user. (This takes place 'under the covers' - the bootstrap provides the service provider, in this example the Stationery Office, with the location of the Discovery Service and a credential to use on behalf of the employee. The service provider queries the Discovery Service for the location of the Personal Profile service).
  • Use of the Personal Profile Service to retrieve a user's profile attributes.
  • Use of the RedirectRequest protocol (specified in the Liberty ID-WSF Interaction Service Specification) to allow the employee's 'home' department to prompt for confirmation that address information is to be released to the Stationery Office.

Just click the screenshot below to view the demo...

Click to view Flash presentation

UPDATED 11/21/2005 - corrected Interaction Service to RedirectRequest protocol - see comments

Monday Oct 10, 2005

Sun Federation Manager Demonstration

My previous job at Sun (until January 2005) was as technical product manager for Access Manager. The main reason I moved back to engineering to take a technical architect role was so that my business card didn't read like a tongue-twister :-). Anyway - I still dabble on the technical marketing side, helping out when things get busy over there, like last month's technical sales training boondoggle event in Las Vegas - two days of lectures and labs bringing together Sun's identity management marketing team and the Sun system engineers (=sales engineers) affiliated with identity management.
My contribution (no - I didn't get to go to Vegas!) was a new front end for the Federation Manager Liberty Identity Federation Framework (ID-FF) single sign-on (SSO) sample. This sample, shipped with Federation Manager, shows how to get Liberty ID-FF SSO working between an Identity Provider and a Service Provider. Out-of-the-box, this sample comprised a set of functional, yet plain, JSPs. I re-used some old demo layouts to give the sample a bit of pizazz so the SEs could take something away as the basis for a demo. I was going to just put up a few screenshots here to walk you, the reader, through a simple SSO scenario, but then I realised that it would actually be less work to use Qarbon's Viewletbuilder to whip up a flash presentation. So - here it is - just click on the screen below and discover the magic of federated single sign-on...

Click to view Flash presentation

Saturday May 14, 2005

Sun/Microsoft Press Conference

Well - it's done. I've been involved in the web single sign-on interoperability work with Microsoft since the beginning of the year - four and a half months of painstaking specification work, designing a demo, going on vacation while the real engineers built the demo (BIG kudos to Emily for the protocol work and Lauren for the web pages on our side, Ryan on the MS side - the demo worked flawlessly and looked great!) then a final flurry of work on the demo script and rehearsals for the big day.
Watch the webcast - I'm presenting the demo with Don Schmidt of Microsoft. There's a press release (if that's your sort of thing) and a factsheet. The actual specs are online at Sun and Microsoft. I'm not going to repeat any of that here. I will say that it is somewhat nerve-wracking giving a live presentation just 6 feet from Steve Ballmer and Scott McNealy! AND - there is no truth in the rumour that I am Steve Ballmer's 'good twin'...
I've read blogs and comments that represent this as Sun moving from open to proprietary standards. This is emphatically not the case. The big news, as I see it, is that customers now have a way to implement SSO with the upcoming Active Directory Federation Services that would otherwise not exist. These specifications are published and will be submitted to a standards process, so other identity management vendors can implement them or not as they see fit.



« June 2016