Tuesday Jul 22, 2008

Sun OpenSSO Express - Support for OpenSSO Stable Milestones!

Transparent development opens the development milestones to users. Often these milestones are just a path to using the final releases - as in GlassFish Enterprise Support - but for some users the milestones may have the right combination of features/stability/timeliness and they "just want support for it". And today, to address this need for Open SSO users, Sun announced OpenSSO Express.


Sun OpenSSO Express provides support (in standard, premium and premium plus levels) for the stable milestones in OpenSSO bundled, at no extra cost, with the support of final releases of Sun Access Manager, Identity Management or Java Enterprise System.

The Express model is applicable to any open source projects, but, so far, it is only available for OpenSSO. Details on Sun OpenSSO Express are available at here and it can be downloaded here

Saturday Apr 12, 2008

GlassFish is to SJSAS as OpenSSO is to FAM...

GlassFish and OpenSSO play very similar roles; they are OpenSource, transparent, community-driven efforts to create enterprise products, except OpenSSO has an extra twist...


GlassFish is the Community for SJS AppServer 9.x and OpenSSO does the same for Sun Federated Access Manager (FAM). The twist is that FAM is not yet out.

FAM is the combination of the Access Manager and the Federation Manager. Once FAM is out, you can say: GF/SJSAS == OpenSSO/FAM.

So, go ahead and Download, Evaluate and Deploy OpenSSO!

Friday Jan 18, 2008

Fine-Grained Authorization with Sun Java System Access Manager

Access Manager Authorization Architecture

As I just mentioned over at Superpatterns, Marina and Robert recently published Developing Secure Applications with Sun Java System Access Manager, Part 2: Advanced Authorization, continuing their case study of implementing fine-grained authorization at a fictional health-care company. A great article, with lots for the identity-focused developer.

Wednesday Oct 10, 2007

Sun Java System Access Manager the Simple Way

Duke thumbs up!

As I mentioned over at Superpatterns, there is a whole lot going on over at Sun Developer Network. Among the highlights, Marina Sum, our regular identity author, and Access Manager engineer Anant Kadam just published an article on Installing, Configuring, and Deploying Sun Java System Access Manager the Simple Way. And we do mean simple: grab a container (Glassfish would be favourite, of course ), download the Access Manager WAR file, deploy, answer a handful of configuration questions, and go!

We're working to make it even easier to deploy and use Access Manager, through OpenSSO. Hop over to Daniel Raskin's blog to take a look at the plans for Sun Java System Federated Access Manager 8.0 and then sign up to OpenSSO to get involved in the work in progress.

Friday Sep 14, 2007

Single Sign-On from Access Manager to OWA 2003

Outlook Web Access

Completing our trilogy of articles on integrating Sun Java System Access Manager with Microsoft web applications, Marina Sum, our resident technical author, and Madan Ranganath, Access Manager policy agent engineer, focus on single sign-on from Access Manager to Outlook Web Access 2003.

If you work your way through the first two installments, covering IIS and SharePoint Portal Server 2003, and this final article, you'll know pretty much all there is to know about single sign-on between Access Manager and Microsoft's web applications.

Thursday Aug 30, 2007

Apply Web Services Security to EJB Applications

Stock quote sample application

Back in May, at JavaOne 2007, Aravindan Ranganathan and Malla Simhachalam presented a hands-on lab titled Securing Identity Web Services. The lab showed how to provide different levels of stock quote service according to the identity of an end-user - authenticated users see real-time stock data while 'guests' see delayed quotes.

Since then, Malla, Mrudul Uchil and Marina Sum have written up the lab tutorial as a three-part series of articles at the Sun Developer Network showing how identity can be carried from an incoming web services request right through to an EJB. The sample application shows the request and response messages graphically, and provides links to the XML message data - a particularly nice feature that shows exactly what is going on.

Thursday Jul 26, 2007

SSO from Sun Java System Access Manager to SharePoint Portal Server 2003

SharePoint screenshot

If you've tried to configure single sign-on with Microsoft SharePoint Portal Server 2003, you'll know that can be a bit... non-trivial. The Sun Java System Access Manager policy agent engineering team have been working on extending the existing agent for IIS to allow single sign-on into SharePoint (and Outlook Web Access, but that's another story...).

Robertis Tongbram and Marina Sum just wrote this scenario as an article over at Sun Developer Network.

Of course, all Access Manager policy agents also work with OpenSSO, Access Manager's open source alter ego, so when Policy Agent for IIS 6 Hotpatch 8 hits the street it'll work with OpenSSO, too.

Monday Jun 25, 2007

New OpenSSO Articles at Sun Developer Network

Access Manager Authorization Architecture

Over at the Sun Developer Network, Marina Sum has been on a tear this past week or so, with two articles on OpenSSO and its sister product, Sun Java System Access Manager. Last week, she and I published Single Logout: A Demo, a follow-up to February's article Switch on SAML for PHP With Project Lightbulb, covering Project Lightbulb's evolution into OpenSSO Extensions and its implementation of SAML 2.0 single logout. Much discussion of the mechanics of single logout and its implementation in the OpenSSO SAML 2.0/PHP Extension.

Today, Marina and Robert Skoczylas of Indigo Consulting published Developing Secure Applications with Sun Java System Access Manager, Part 1: Basic Authorization. This article, part 1 of a series, presents a case study of implementing authentication, single sign-on, and authorization at a fictional health-care insurance company. Great stuff, working from a high-level description of the problem right down to specific Access Manager customizations.

Tuesday Apr 24, 2007

SSO from Sun Java System Access Manager to SAP via SAML

Welcome Page of SAP EP

Another neat technical article just hit the wire over at Sun Developer Network: Achieving SSO With Sun Java System Access Manager and SAML. Vasanth Bhat and Marina Sum look at how to integrate Access Manager with a third party application - in this case SAP NetWeaver Enterprise Portal 2004s - via SAML. Neat stuff!

Thursday Mar 01, 2007

Securing Communications in Web Services

Malla Simhachalam Marina Sum

Malla Simhachalam and Marina Sum have written an excellent tutorial on securing web services using NetBeans 5.5 and Sun Java System Access Manager.

The tutorial walks through a familiar stock ticker sample, showing how anonymous users get delayed stock price data while authenticated users have access to real-time prices. Malla and Marina step through the message exchange and explain how it is secured with SAML assertions, so this is a great read if you are looking at identity-enabling web services.

Tuesday Dec 05, 2006

Sun and Microsoft Interoperate for Web Authentication, Part 1

In between all the talk of federation, PHP and web services, we sometimes lose sight of the fact that bread-and-butter single sign-on and access control still has huge value in improving both security and the user experience.

Pat Patterson Marina Sum

Over at the Sun Developer Network, Marina Sum and I just published an article - Sun and Microsoft Interoperate for Web Authentication, Part 1 - focusing on how Sun Java System Access Manager (or OpenSSO) and its policy agents integrate with Microsoft IIS to provide both single sign-on and access control - right down to Windows ACLs on files on disk.

Wednesday Nov 01, 2006

OpenSSO Agent for SJS AS 8.2 (and soon for GlassFish)

OpenSSO Logo

Pat writes about the Availability of the OpenSSO Agent for SJS AS 8.2. All pieces are available, including: Sources, the Architecture Document and the Nightly Builds.

This time I didn't have to ask about the GlassFish agent. Pat knew the question would be there and says: "stay tuned!".

Wednesday Sep 13, 2006

How does OpenSSO work?

Access Control Diagram

Access Management tools can be very useful but I think the entry cost and lack of documentation have prevented its widespread adoption. This is going to change with OpenSource projects like OpenSSO.

For example, Dennis just added two simple sets of diagrams describing SSO and Access Control and Authentication. More detailed information on OpenSSO is availalable at the project site including: articles on OpenSSO, Project News (with many useful links), the FAQ Center, and the Documentation Top Page.

Sunday Sep 03, 2006

OpenSSO Web Agents and SJS AS 8.2

Logo for Open SSO

After a slow start, the Open SSO project is showing it is Really Alive and it just released a number of Web Agents. These agents provide Authentication and Authorization for different App Servers and Web Servers. Dennis reports support for SJS AS 8.2; I'll confirm the same for SJS AS 9.0 / GlassFish.

More details at Dennis' blog, the home and FAQ pages, and the Project Announcements. I expect the end-result of this and Related Efforts will be software that is more useful to the community, is easier to install and use, is more available, and it is packaged in a way that can be reused and recombined.