« Are You Ready for... | Main | Sweeping SAMLv2... »
Friday Oct 31, 2008

Test the OpenSSO Deployment Documents

I know there are people out there who have been wondering where my blog entries have been for the last two and a half months - and to both of you I say: I've been assiduously (thanks for the word, Alan) working on two deployment books for release with Sun OpenSSO Enterprise 8.0. Here are links to the PDFs - test them out and let me know what you think.

But all that work has made me drowsy so I'm taking two weeks off now. In the meantime, enjoy As We Stumble Along featuring Robert Martin as Man in Chair and Beth Leavel as The Drowsy Chaperone. You gotta love a song that rhymes stumble with...parumble?

Posted at 01:09PM Oct 31, 2008 by Michael Teger in Sun  |  Comments[5]

Comments:

Doc, these seem to be just what I was looking for. But I do have one suggestion.

I'd expect most OpenSSO users are much earlier in the learning curve than these examples. I certainly am not nearly ready to tackle federation, load balancing and all that. I'd much rather have something much simpler that leads me thru getting a PEP and PDP into action with a simple set of policies and rules with the embedded LDAP; i.e. the simplest setup that could possibly work while exhibiting best practices; perhaps SAML2 with an Apache PEP (2.2 in my case)?

I'd feel much more willing to tackle advanced configs once I had something people could really use on the air. OpenSSO PDP alone doesn't qualify.

There's plenty out there on how to install OpenSSO. Essentially nothing about how to hook up a working PEP. Trust me, I've looked.

Posted by Brad Cox on November 01, 2008 at 11:25 AM PDT #

Doc, FANTASTIC work on the SAMLv2 deployment example!

I am impressed to see how far it has come since the AM7.x days :)

Posted by horto on November 03, 2008 at 07:43 AM PST #

Doc, for the SAE configuration, you need to specify that for each of the "Per Application Security Configuration properties" (step 16), the reader should replace the encrypted hash value (secret=...) with the hashed value they obtained in step 5 (from encode.jsp).

Posted by horto on November 04, 2008 at 07:08 AM PST #

fyi to access encode.jsp correctly, you must authenticate as "amadmin", NOT "amAdmin".

Posted by horto on November 04, 2008 at 12:40 PM PST #

Doc, great work.

One minor issue is in 6.2 on use of sub realm. We got an 'Organization not found' error. Unlike AM7.1 I believe the specification of the sub-realm must include a leading / to work successfully in OpenSSO i.e. .../UI/Login?realm=/users

Posted by Lee Taylor on November 25, 2008 at 01:45 AM PST #

Post a Comment:
  • HTML Syntax: NOT allowed