REST based Identity Services in OpenSSO

People who love programming in the interpretive languages would love the OpenSSO  REST based Identity Services, OpenSSO offers decently powerful REST interfaces to manipulate the idenity information stored in any supported OpenSSO identity store. I strongly encourage to read  Aravindan Ranganathan's  article on Identity Servic

This document is generated based on the  article

Posted at 09:38AM Jul 01, 2008 by indira in opensso  | 

Creating user Data Stores in opensso using famadm CLI

OpenSSO support most of the commercially available LDAP servers as
identity store. In this blog entry I am goign to show you how to create
these data store from famadm CLI. IT is easy and less error prone and
repeatable.

Posted at 10:42AM Apr 12, 2008 by indira in famadm  | 

Configuring OpenSSO - The CURL'y way

The simplest way to configure the OpenSSO system is to use the browser just to fill four test fields, it is that simple. However there are scenarios where you want to script the configuration on multiple machines or when you can not reach out to a browser, let us say all you've got is a dumb terminal access. In these scenarios what you do?

Posted at 08:28AM Feb 08, 2008 by indira in opensso  | 

Access Manager 7.1 support on Application Server 9.1

 Sun Java System Access Manager Support on Application Server 9.1

Sun has recently released the Application Server 9.1, Access Manager server ver 7.1 is supported on this version. Access Manager 7.1 can be installed on Application server 9.1 in two ways.

1. Single WAR deployment of Access Manager

2. Installing Access Manager using the Java ES 5 update 1 installer 

You can find the document on how to achieve the same 

Sun Java System Access Manager Policy Agents for Application Server 9.1

There is an agent that is also made available for Application Server 9.1,

You can download the agent from this location

This agent can be  configured by following this documentation

Posted at 08:43PM Sep 24, 2007 by indira in AM  | 

Configuring Sun Java ES Access Manager Password Reset Application

Posted at 04:39PM Aug 21, 2007 by indira in AM  |  Comments[1]

Configuring Sun Java System Access Manager Policy Agents on IBM WebSphere 6.0 Cluster

In this article I am going to discuss how to configure the Sun Java System Access Manager Policy agents on to websphere cluster. For this exercise it is assumed the WebSphere Network Deployment Server (WNDS) has one cell with two clusters in it.(CARE and IS ) Each cluster has exactly two Application Server instances belonging to the same profile, hosting one or more applications. The cluster member Application Servers instances are distributed among two physical nodes as depicted in the diagrams below. The WNDS profile is located in one of the nodes. The clusters are already created before installing the agents. This document will not cover the procedures for creating WebSphere clusters or configuring the IBM HTTP Server for load balancing. Additionally no custom SSL key store is used. The Application Server and Access Manager traffic happens over HTTP.

To deploy the policy agents on the WebSphere clusters there is no need to defederate the nodes.

Posted at 10:57AM Jul 31, 2007 by indira in agents  | 

Sun Java System Access Manager Policy Agents - Fetching Header/Response Attributes

Web Applications protected by the Sun Java System Access Manager Policy Agents version 2.2 can obtain the authenticated identity's attributes as well as the resource specific attributes by the following means

• Set in as HTTP Header values

• Set in the Browser Cookie as name value pairs.

In this part of doc, only the HTTP header option is discussed. The end application protected by the agents can obtain the authenticated identity's attributes as the HTTP header name value pairs in the following three ways:

• Retrieve from authenticated identity's profile

• Retrieve from authenticated identity's Session

• Retrieve from policy resource response providers

Posted at 02:57PM Jul 26, 2007 by indira in agents  | 

Using OpenDS as a user data store for OpenSSO

Posted at 10:57PM Mar 21, 2007 by indira in opensso  |  Comments[4]

Should QA do security testing?

"Gartner states that the cost to fix a security vulnerability found in production is 6.5 times higher than one found in QA. A single security defect that may have cost only $150 if found in QA could easily cost an organization $975 if found in production."   

Should the QA team perform the security testing , how much that would cost extra? to find out read more on  here

Posted at 06:53PM Dec 16, 2006 by indira in Misc  | 

Dynamically enabling/disabling debug mode in the Access Manager Server

In the previous versions of Access Manager servers, to enable the server to debug message mode from the default error mode, one needs to set the com.iplanet.services.debug.level=message in the AMConfig.properties. That is not it, the webcontainer on which the Access Manager is deployed needs to be restarted. This is almost impossible in a production scenario, customers do not want to stop the server or sometimes the anamoly that is being experienced by the customer may not show up if the server is restarted. So there has to be a mechanism to dynamically enable/disable the server's debug level.[Read More]

Posted at 09:51PM Dec 15, 2006 by indira in AM  | 

Know the Personality - Thiruvalluvar

Thirukural : (திருக்குறள்) is an important work of Tamil literature by Thiruvalluvar written in a poetic form called Kural or couplets expounding various aspects of life. While most scholars place him during 100-300 BCE, there are a few who consider him to have lived c. 30 BCE. Thirukural contains 1330 couplets divided into 133 chapters of 10 couplets each. Each couplet consists of seven words, with four words on the first line and three on the second. It is sometimes claimed that Thiruvalluvar wrote more than 1330 couplets, and that the rest of the work has gone missing and also that some of the verses were later included in the compilation.[Read More]

Posted at 08:40PM Dec 06, 2006 by indira in Personal  |  Comments[1]

Building and Installing OpenSSO J2EE agents on Glassfish Application Server

In this article I am going show you how to build and install OpenSSO J2EE agents on Glassfish Application server. I assume the opensso war is already been built and installed somewhere which can be used while installing the agents on glassfish. It consists following steps which needs to be carried on the same workspace where the OpenSSO server was built.[Read More]

Posted at 07:23PM Dec 04, 2006 by indira in opensso  |  Comments[1]

Solaris|OpenDS|GlassFish|OpenSSO - A Perfect Union

With reference to my earlier post some people asked me why not use Glassfish as the servlet container instead of Tomcat. I think they made sense to me. When I tried the glassfish, to my surprise the configuration of glassfish was as simple as Tomcat. Few simple well documented steps got me a working Application server in place. I have documented those simple steps to save few minutes of your time.[Read More]

Posted at 06:40PM Dec 01, 2006 by indira in opensso  |  Comments[3]

OpenSSO with OpenDS for the impatient

I have been waiting for the day when OpenDS and OpenSSO can work together. I think that day is here now. I was able to configure OpenDS as a configuration datastore for the OpenSSO with little hacks. I am sure in future these hacks may not be required as the OpenSSO configurator itself will support openDS. [Read More]

Posted at 12:16PM Nov 29, 2006 by indira in opensso  |  Comments[3]

Automating the creation of Authentication instances in Sun Java ES Access Manager

I always like configuring the servers and its configuration in a scriptical way. It is not that I dont trust the browser interface, scripting offers more flexibility than the browser interface, Besides the parameterized scripts can be applied to any environment not just a particular domain or host[Read More]

Posted at 10:49AM Nov 23, 2006 by indira in AM  |