Monday Jun 09, 2008

Verisign Identity Protection and OpenSSO

Security Code

Just blogged by Jeff Bounds: Verisign Identity Protection and OpenSSO. Jeff, a Sun SE working out of Atlanta, walks through the process of creating a custom authentication module for Verisign Identity Protection (VIP), allowing holders of VIP credentials to login to OpenSSO. Key quote: "Building an Authentication Module for OpenSSO was easier than I thought".

If you have an idea for a custom authentication module for OpenSSO, give it a shot - there is plenty of help out there, and we'll be happy to add your module to OpenSSO as an extension.

Thursday Feb 28, 2008

New OpenSSO Extension - Information Card Relying Party Authentication Module

Patrick Petit

The latest addition to our growing line of OpenSSO Extensions is an authentication module for Information Cards - it enables OpenSSO as an Information Card Relying Party, allowing end users to authenticate via Windows CardSpace or other identity selectors such as DigitalMe or xmldap. This initial version of the authentication module was written and kindly contributed to OpenSSO by Patrick Petit (pictured) formerly of Sun, now an independent consultant; it also uses the xmldap relying party code, originally written by Chuck Mortimore, another Sun alumni - make of that what you will

The README has details of how to build and deploy the authentication module on OpenSSO build 2 or build 3. I tried it out this afternoon - I enabled OpenSSO for information cards in under an hour. Great work, Patrick!

Friday Feb 08, 2008

ActivIdentity 4TRESS Authentication Module for OpenSSO/Access Manager

ActivIdentity logo

More OpenSSO/Access Manager goodness at Sun Developer Network this week - regular Identity Management technical author Marina Sum and Sun ISV Engineer Michelle Cope just published an article on integrating Sun Java System Access Manager with ActivIdentity 4TRESS Authentication Server.

Complete source code is available as an OpenSSO Extension - the first time we've done this for an authentication module. OpenSSO Extensions are sub-projects that integrate with OpenSSO in some way - there are SAML implementations in PHP and Ruby, an OpenID Provider and more. If you have an idea for an OpenSSO Extension, then signup to OpenSSO and drop us a line on one of the mailing lists.

You can find more information on the 4TRESS integration in my blog entry at Superpatterns, and in the article itself.

Wednesday Oct 03, 2007

JDBC Realm Authentication

Radio Receiver Icon

Byron has a detailed post on why and how to setup JDBC Realm Authentication.

It covers the use of JavaDB (embedded or server mode), creation of the JDBC connection pool with the appropriate settings, along with a few tips.

Monday Jun 11, 2007

SSL and HTTP Basic Authentication with Glassfish and JAX-WS

Ryan de Laplante

When you're securing Web services, sometimes you need all the flexibility and features that Sun Java System Access Manager 7.1 gives you - centralized policy management, end-to-end identity via WS-I BSP/Liberty ID-WSF and all. Other times, well, you don't. For the latter case, Ryan de Laplante has done a great job documenting the steps required to secure Web services traffic with SSL and HTTP basic authentication.

Thursday Apr 19, 2007

Securing Site Access With CardSpace and OpenSSO: An Overview

CardSpace/OpenSSO Diagram

As I just reported over at Superpatterns, Martin Gee of ICSynergy (one of Sun's system integrator partners, focussing on identity management, federation and SOA) has written a great Sun Developer Network article on adding CardSpace authentication to OpenSSO. If you're interested in how CardSpace works, or how to extend OpenSSO to support new authentication mechanisms, head on over and take a look.

Friday Jan 26, 2007

GlassFish with OpenDS

OpenDS logo

Earlier this week we reported on how to store identities with OpenLDAP for use in GlassFish's authentication. Now Trey describes, in detail, how to achieve the same Using OpenDS, the new high-performance, Java-based, open source directory server that we have covered in earlier spotlights.

Trey's note is very complete and covers how to install OpenDS, sample data for the directory and how to load it, how to use the GlassFish's administration console to configure authentication using LDAP, how to configure web.xml and sun-web.xml, and even a web app configured following these instructions.

Vey nice! Check it out!

Sunday Jan 21, 2007

OpenLDAP and GlassFish

LDAP Worm

GlassFish Security Realm support LDAP-based security. This can be used with a number of LDAP-based directory servers, including OpenDS, which we have covered previously here. Now Krishnan provides detailed steps on how to use OpenLDAP with GlassFish.

Check out the details at Krishnan's Blog

Wednesday Sep 13, 2006

How does OpenSSO work?

Access Control Diagram

Access Management tools can be very useful but I think the entry cost and lack of documentation have prevented its widespread adoption. This is going to change with OpenSource projects like OpenSSO.

For example, Dennis just added two simple sets of diagrams describing SSO and Access Control and Authentication. More detailed information on OpenSSO is availalable at the project site including: articles on OpenSSO, Project News (with many useful links), the FAQ Center, and the Documentation Top Page.

Sunday Sep 03, 2006

OpenSSO Web Agents and SJS AS 8.2

Logo for Open SSO

After a slow start, the Open SSO project is showing it is Really Alive and it just released a number of Web Agents. These agents provide Authentication and Authorization for different App Servers and Web Servers. Dennis reports support for SJS AS 8.2; I'll confirm the same for SJS AS 9.0 / GlassFish.

More details at Dennis' blog, the home and FAQ pages, and the Project Announcements. I expect the end-result of this and Related Efforts will be software that is more useful to the community, is easier to install and use, is more available, and it is packaged in a way that can be reused and recombined.