Friday Apr 18, 2008

Fetching User Attributes With Identity Services

Identity Services Screenshot

Over the past few months, Aravindan Ranganathan, Lakshman Abburi and Marina Sum have been working on a series of articles covering the new identity services functionality available now in OpenSSO and coming soon in Sun Federated Access Manager 8.0. This week sees the publication of part 3, covering retrieval of user attributes.

One notable feature of the series is it's presentation of both SOAP/WSDL and REST patterns for accessing OpenSSO's identity services. Which do you use, and why?

Wednesday Apr 16, 2008

Federated Access Management Simplified

Daniel Raskin

Third in Sun Developer Network tech author Marina Sum's series of interviews with Sun's identity team is Daniel Raskin, senior product line manager for access and federation management at Sun.

Daniel lifts the lid on some of the cool new features coming up in Sun Federated Access Manager 8.0 (and, of course, available NOW in OpenSSO) specifically designed to simplify federation deployments, including Fedlets, Virtual Federation, the Federation Validator and more.

Read the article for the inside scoop!

Saturday Apr 12, 2008

GlassFish is to SJSAS as OpenSSO is to FAM...

GlassFish and OpenSSO play very similar roles; they are OpenSource, transparent, community-driven efforts to create enterprise products, except OpenSSO has an extra twist...


GlassFish is the Community for SJS AppServer 9.x and OpenSSO does the same for Sun Federated Access Manager (FAM). The twist is that FAM is not yet out.

FAM is the combination of the Access Manager and the Federation Manager. Once FAM is out, you can say: GF/SJSAS == OpenSSO/FAM.

So, go ahead and Download, Evaluate and Deploy OpenSSO!

Wednesday Apr 02, 2008

OpenSSO Build 4 Out Now!

I managed to beat most of the the OpenSSO blogging pack this time (Tatsuo got in just before me) - OpenSSO Build 4 is now ready for download. Here's some of what's new:

Cranes at Sunset

• New OpenSSO configurator
• WS-Trust Security Token Service (STS) (based on Metro) is available on Glassfish, Sun Application Server, Sun Web Server, Geronimo, Tomcat and WebSphere. We're working on support in Oracle Application Server, JBoss and WebLogic Server.
• Simplified STS client sample
• Configuration and/or user store replication across multiple OpenSSO instances where the embedded instance of OpenDS is in use.
• Security/SSL related fixes
• General bug fixes in all areas

See the release notes for specific deployment details, and, if you haven't tried OpenSSO before, check out the Getting Started wiki page for handy hints.

Tuesday Apr 01, 2008

OpenSSO, a Thriving Community

Pat Patterson

In the second article of her 'From the Trenches' series of interviews with folks from Sun's Identity team, Sun Developer Network tech author Marina Sum chats with me about OpenSSO's evolution over the past couple of years. We get into some of the challenges inherent in opening up a commercial software product and my aspirations for OpenSSO's future.

I mention in the interview that "I'd like whoever desires access control and federated SSO to immediately think of OpenSSO as the preferred choice." This seems to be coming true already - we've already covered integrations with JBoss Portal and Liferay; yesterday I noticed a new integration with PAL Portal.

Thursday Mar 27, 2008

OpenSSO on Tomcat


Straightforward instructions on how to install OpenSSO on Apache Tomcat (5.5 and 6.0). See Robert's Writeup.

Tuesday Mar 18, 2008

SDN Interview with OpenSSO Project Manager Jamie Nelson

Jamie Nelson

Following up on her recent interviews with Sun identity folk, Sun Developer Network tech author Marina Sum kicks off a new series of interviews, this week featuring OpenSSO Project Manager Jamie Nelson, Sun's director of engineering for access and federation management (and my boss - Hi Jamie!) Read the interview for Jamie's take on securing web applications.

While we're on the OpenSSO/Access Manager topic, Marina also recently published two new sections of the Access Manager FAQ, this time covering Identity Management (from the Access Manager point of view) and the Service Management SDK. Lots of useful little nuggets in there.

Friday Mar 07, 2008

Federated Identity Through the Eyes of the Deployer

Eve's Advisory

If you've taken a look at federated identity, but become bogged down in acronyms (SSO, SP, SAML???) and jargon (why do I need an identity provider? I already have an identity), then you'll be happy to read identity diva Eve Maler's recent article on the topic - Federated Identity Through the Eyes of the Deployer. Eve and regular SDN identity writer Marina Sum walk you through the basics of federated identity - what it is, why you might want it and what questions to ask as you architect a federated identity system.

If you're wondering about the illustration - Eve is an authority on matters XML, being instrumental in the creation of XML and related standards such as SAML - in fact, you can blame Eve for some of those acronyms

Thursday Feb 28, 2008

New OpenSSO Extension - Information Card Relying Party Authentication Module

Patrick Petit

The latest addition to our growing line of OpenSSO Extensions is an authentication module for Information Cards - it enables OpenSSO as an Information Card Relying Party, allowing end users to authenticate via Windows CardSpace or other identity selectors such as DigitalMe or xmldap. This initial version of the authentication module was written and kindly contributed to OpenSSO by Patrick Petit (pictured) formerly of Sun, now an independent consultant; it also uses the xmldap relying party code, originally written by Chuck Mortimore, another Sun alumni - make of that what you will

The README has details of how to build and deploy the authentication module on OpenSSO build 2 or build 3. I tried it out this afternoon - I enabled OpenSSO for information cards in under an hour. Great work, Patrick!

Wednesday Feb 27, 2008

GlassFish, MySQL, OpenESB and OpenSSO in Education Initiative

A second (after Open eHealth) Open Source industry announcement today.

rSmart Group Logo

Sun and the rSmart Group announced Kuali-based learning solutions leveraging Solaris(TM), MySQL, GlassFish(TM), OpenSSO and OpenESB.

Details in the Press Release and at rSmart.COM

GlassFish and Friends in Health Industry - Sun, Afga and ICW Launch Open eHealth

Open eHealth Logo

Afga, ICW and Sun have launched the Open eHealth initiative to leverage Open Source in the Health industry.

Open eHealth's goal is to create a community-driven software development platform to speed up the digitization of the healthcare industry, with emphasis on delivering interoperable, standards-based solutions.

The service components will extend existing open source projects such as OpenESB, Glassfish, OpenSSO and Mural. More details in the Press Release and at the Open eHealth WebSite.

The big shift in the IT industry created by Open Source is accelerating. I have a biased perspective, but I strongly believe that Sun's strengths, size, and position will allow it to capitalize on and speed up the transition to this brave new world. I've a feeling we are not in Kansas anymore....

Monday Feb 25, 2008

OpenSSO Build 3 Out Now!

Already covered by by Tatsuo, Michael and me, OpenSSO Build 3 is now ready for download. Lots of goodies in this release, including:

Cranes at Sunset

• New SAMLv2 profiles (Attribute Query, Authentication Query & Name ID Mapping)
OpenDS replication
• Upgrade / Co-existence
• Timed task changes in session and LDAP
• Legacy DIT support from Access Manager 7.x DIT
• JBoss support
• Geronimo support
Lots of issues fixed

See the release notes for specific deployment details, and, if you haven't tried OpenSSO before, check out the new Getting Started wiki page for handy hints.

Thursday Feb 14, 2008

Stackeriffic! OpenSSO, OpenDS and OpenPTK at Ohloh

Eduardo posted last week about Glassfish at Ohloh.Net. As Eduardo mentioned, Ohloh presents a view of open source projects, showing contributions and allowing registered users to 'stack' their favorite projects. A nice feature is the ability to claim your own contributions and award 'kudos' to other contributors.

All three of Sun's open source identity management projects have Ohloh pages:


OpenSSO (29 stacks, 5.0/5.0 rating)
OpenDS (16, 5.0/5.0)
OpenPTK (7, 5.0/5.0)

If you're using any of these projects, please consider stacking them. Even better, if you have contributed to any of these projects, go claim your contribution - you get a nice page showing what you've done

Friday Feb 08, 2008

ActivIdentity 4TRESS Authentication Module for OpenSSO/Access Manager

ActivIdentity logo

More OpenSSO/Access Manager goodness at Sun Developer Network this week - regular Identity Management technical author Marina Sum and Sun ISV Engineer Michelle Cope just published an article on integrating Sun Java System Access Manager with ActivIdentity 4TRESS Authentication Server.

Complete source code is available as an OpenSSO Extension - the first time we've done this for an authentication module. OpenSSO Extensions are sub-projects that integrate with OpenSSO in some way - there are SAML implementations in PHP and Ruby, an OpenID Provider and more. If you have an idea for an OpenSSO Extension, then signup to OpenSSO and drop us a line on one of the mailing lists.

You can find more information on the 4TRESS integration in my blog entry at Superpatterns, and in the article itself.

Wednesday Feb 06, 2008

SDN Interview with Sun Technical Specialist Paul Bryan

Sun Technical Specialist Paul Bryan

Sun Developer Network technical author Marina Sum recently published a short interview with Paul Bryan, a Sun technical specialist working in identity management.

As mentioned in the interview, Paul was the very first external committer on the OpenSSO project back in 2006. He went on to write the OpenID Extension for OpenSSO before joining Sun towards the end of last year.

Discover how Paul is working with OpenSSO to fight phishing and identity fraud.