Indira's blog

Tuesday Jul 01, 2008

REST based Identity Services in OpenSSO


People who love programming in the interpretive languages would love the OpenSSO  REST based Identity Services, OpenSSO offers decently powerful REST interfaces to manipulate the idenity information stored in any supported OpenSSO identity store. I strongly encourage to read  Aravindan Ranganathan's  article on Identity Servic


This document is generated based on the  article



[Read More]

Posted at 09:38AM Jul 01, 2008 by indira in opensso  | 

Saturday Apr 12, 2008

Creating user Data Stores in opensso using famadm CLI

OpenSSO support most of the commercially available LDAP servers as
identity store. In this blog entry I am goign to show you how to create
these data store from famadm CLI. IT is easy and less error prone and
repeatable.

[Read More]

Posted at 10:42AM Apr 12, 2008 by indira in famadm  | 

Friday Feb 08, 2008

Configuring OpenSSO - The CURL'y way

The simplest way to configure the OpenSSO system is to use the browser just to fill four test fields, it is that simple. However there are scenarios where you want to script the configuration on multiple machines or when you can not reach out to a browser, let us say all you've got is a dumb terminal access. In these scenarios what you do?

[Read More]

Posted at 08:28AM Feb 08, 2008 by indira in opensso  | 

Tuesday Aug 21, 2007

Configuring Sun Java ES Access Manager Password Reset Application

Sun Java Enterprise System Access Manager provides a way to reset forgotten user passwords by simply configuring secret customizable questions and answers. This does not involve any administrator intervention except a one time system wide password reset application service configuration. 
[Read More]

Posted at 04:39PM Aug 21, 2007 by indira in AM  |  Comments[1]

Tuesday Jul 31, 2007

Configuring Sun Java System Access Manager Policy Agents on IBM WebSphere 6.0 Cluster

 

In this article I am going to discuss how to configure the Sun Java System Access Manager Policy agents on to websphere cluster. For this exercise it is assumed the WebSphere Network Deployment Server (WNDS) has one cell with two clusters in it.(CARE and IS ) Each cluster has exactly two Application Server instances belonging to the same profile, hosting one or more applications. The cluster member Application Servers instances are distributed among two physical nodes as depicted in the diagrams below. The WNDS profile is located in one of the nodes. The clusters are already created before installing the agents. This document will not cover the procedures for creating WebSphere clusters or configuring the IBM HTTP Server for load balancing. Additionally no custom SSL key store is used. The Application Server and Access Manager traffic happens over HTTP.

To deploy the policy agents on the WebSphere clusters there is no need to defederate the nodes.

[Read More]

Posted at 10:57AM Jul 31, 2007 by indira in agents  | 

Thursday Jul 26, 2007

Sun Java System Access Manager Policy Agents - Fetching Header/Response Attributes

Web Applications protected by the Sun Java System Access Manager Policy Agents version 2.2 can obtain the authenticated identity's attributes as well as the resource specific attributes by the following means

  • Set in as HTTP Header values

  • Set in the Browser Cookie as name value pairs.

In this part of doc, only the HTTP header option is discussed. The end application protected by the agents can obtain the authenticated identity's attributes as the HTTP header name value pairs in the following three ways:

  • Retrieve from authenticated identity's profile

  • Retrieve from authenticated identity's Session

  • Retrieve from policy resource response providers

[Read More]

Posted at 02:57PM Jul 26, 2007 by indira in agents  | 

Wednesday Mar 21, 2007

Using OpenDS as a user data store for OpenSSO

This is a follow up posting to may original post about OpenSSO and OpenDS. I have tested the OpenSSOOpenDS is used as both configuration and user data store. For this I need to adapt the existing user schema to a form which is acceptable to OpenDS(which more strictly enforcing the schema,spec and DIT content rules). system with OpenDS(bld 30)

 

[Read More]

Posted at 10:57PM Mar 21, 2007 by indira in opensso  |  Comments[4]

Friday Dec 15, 2006

Dynamically enabling/disabling debug mode in the Access Manager Server

In the previous versions of Access Manager servers, to enable the server to debug message mode from the default error mode, one needs to set the com.iplanet.services.debug.level=message in the AMConfig.properties. That is not it, the webcontainer on which the Access Manager is deployed needs to be restarted. This is almost impossible in a production scenario, customers do not want to stop the server or sometimes the anamoly that is being experienced by the customer may not show up if the server is restarted. So there has to be a mechanism to dynamically enable/disable the server's debug level.[Read More]

Posted at 09:51PM Dec 15, 2006 by indira in AM  | 

Calendar

« October 2008
SunMonTueWedThuFriSat
   
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
       
Today

Feeds

Search

Links

Navigation

Referrers