Dennis' Weblog
Cleaner Common Tasks Pages
Cleaned up the Common Tasks Pages after receiving an email from The Smoking Monkey. Basically, we reduced the page content by hiding the inline help for each field; and showing the help message only when user clicked on the information icon. In this manner, the pages are cleaner.
Posted at 10:21PM Jul 28, 2008 by justme in OpenSSO |
UI For Agent's property types
We are working on UI for complex agent property types namely unordered list, ordered list and map. Here is a preview.
Posted at 11:09PM Jul 01, 2008 by justme in OpenSSO | Comments[1]
Securing Web Service - JavaOne Lab
We are fortunate to have to opportunity to attend the
hands-on lab session (LAB-5410 : Using Identity to Secure Web Services) conducted by Dr Aravindan.
This is a dry run session for JavaOne.
We learned how to use Sun Java System Access Manager and Glassfish Application Server to secure web services. It is very easy to setup and configure the profiles for securing web services. There are 5 exercises in the lab. Once we have completed them, we have a good understanding of how it works. Many things appear to be seamless when we are configuring and running the exercises because under the cover Glassfish and Access Manager are doing the heavylifting.
To have a glance of how we secure web service, download Java EE 5 SDK Update 3 Preview 1 With Tools Bundle; and more information here (This sample is using a calendar service as illustration, In JavaOne, LAB-5410 uses stock quote service.) I recommend that you attend LAB-5410 in JavaOne 2007 so that you can have a better understanding of how things work; and Aravindan will be there to answer your questions.
Posted at 02:16PM Apr 20, 2007 by justme in General |
How to federate a user?
Someone asked this question. "How to federate a user?" Here is the sequence diagram.
- User visits the Service Provider the first time, he/she authenticates with the SP.
- Then SP presents a list of Identity Provider to user
- He/She chooses one of them and authenticate with it
- Name Identifier is created. Name ID is hide the real identity of user. For example, user is joesmith in SP and he/she is jsmith in IDP; and his/her name ID is xyz (xyz is only an illustration, name ID is much longer length-wise). He/She is only known to SP and IDP as xyz.
- IDP registers the name Id and SP ID; and then redirect the request back to SP
- SP registers the name Id and IDP ID.
This is only the beginning of Liberty/SAML ........
Posted at 12:35AM Apr 13, 2007 by justme in OpenSSO | Comments[3]
Auto Complete sub command names for amadm CLI for bash user
SuperPat, my dearest pal (cough, cough!) pointed me to this blog DSEE 6.0 CLI made easier for /bin/bash users
And hinted me that we need to have this for OpenSSO. And why not. But this can be done in a different manner.
Download the opensso.war from here, deploy and configure it.
Download the amAdminTools.zip from here, unzip it in a temporary directory and run the ./setup script.
type <deployuri>/bin/amadm to check that CLI is up and running. Next
<deployuri>/bin/amadm | perl -e 'my $x; while (<>)
{ chomp; if (($_ =~ /^ ( [a-z][\S]+)/) && ($_ !~ /amadm/))
{$x .= $1; }} print $x;'
to get the list of sub commands. Then
complete -W "<paste the output of previous command>" amadmThen you can do <deployuri>/bin/amadm add-<TAB><TAB> thingy.
Posted at 01:23PM Apr 03, 2007 by justme in OpenSSO | Comments[2]
OpenSSO: Configuration Data Store - You choose
If you have deployed the OpenSSO WAR file, do you know that the OpenSSO configuration data can be stored in three different type of data stores?
And, if you do. Do you know that you can export the data to a XML file?
Do you know that you can import the XML back to a different type of data store ? 
https://opensso.dev.java.net - Open Access . Open Federation
Posted at 02:26AM Mar 25, 2007 by justme in OpenSSO | Comments[3]
Bulk Federation
I have just completed the implementation for bulk federation. The code is under review now. Here is an abstract of a paper that I have written with the help of my co-workers
A typical process of federating a user between an identity provider and a
service provider is
1. The user authenticates to his service provider;
2. He/she chooses an identity provider and authenticates with it.
Once this is done, a name identifier is created and it is used to
identify this user in both providers. Both providers keep this name identifier
in the user's profiles to make the federation non transient. This name
identifier is removed from the user's profiles when defederation happens.
In this paper, we describe two sub commands in Command Line tool that
helps an organization to federate users between an identity provider (IDP) and
a service provider (SP) on their behalf.
Posted at 12:06AM Mar 15, 2007 by justme in OpenSSO |
WAR Configurator
OpenSSO has a very cool and convenient way on setup-ing up its WAR (Web Archive) file i.e. deploy the WAR in your favorite web container (caution: some web contains like WebSphere an d WebLogic requires some prior permissions setting); visit the deployed URI; enter a some basic information; hit the Configure button; and the WAR is configured.
You can choose to have the configuration datastore as OS file system; Sun Directory Server; or Microsoft's Active Directory. The latter is recently added. (thanks to our contributors, goodearth and Dr. Aravindan).
You will be redirected to the Login page and you log in as the default super administrator, "amadmin" (this is not clearly documented that "amadmin" is the one, we will fix it). And it is done (configured).
The major issue is when the WAR configurator fails, it is difficult to figure out what went wrong. Because the configurator JSP does not provide an installation log.
we are working on fixing this (please bear with us )
Posted at 11:33AM Feb 22, 2007 by justme in OpenSSO |
Monster in my room
Dec 24, 2006. My 4 years old damaged my keyboard.
I got a replacement from Dell store. Cost of damage
- 8 dollars for the keyboard panel; and
- 16 dollars for 2 days shipping
Posted at 11:39AM Jan 04, 2007 by justme in General | Comments[2]
Five Things about Me
Here are mine
- Dennis is not my real name. "Vei Ming" is. Dennis ("sinned", if you read dennis backward) was given to me by a teacher. In high school, I never behaved myself in class and was a C student. So ... (so what! )
- I am allergic to seafood. I will have skin rash and itch if I eat seafood. None of my family members have this allergy. Hmmm... where do I get it from?
- I was a vehicle mechanic in the Singapore Armed Forces. I can only repair diesel trucks. I can help you to fix yours if you happen to have one
- I lived in a Taoist template from birth till 8 years old. I witnessed many things that I cannot explain until today.
- I am a Singaporean, my wife is a Malaysian and my son is an American. We carry passports from different countries
Posted at 10:03PM Dec 21, 2006 by justme in General | Comments[3]
OpenSSO: JDK 1.4
The sources in OpenSSO workspace is altered to compile with the source and target levels set to "1.4" (with some exceptions*) because there is an requirement to support WebSphere which does not have JDK 1.5 suppport yet.
*Exception Developer's unit test continues to be compiled with 1.5 target because annotation is used. Hence we need to have JDK 1.5 compile for the OpenSSO workspace.
Posted at 12:11PM Dec 08, 2006 by justme in OpenSSO |
Cross Domain Single Sign On
I have just added the code to support Cross Domain Single Sign On. I have a summary on how things are done. [PDF].
Next shall be cookie hijacking prevention piece (under code review now) For information, please a document on docs.sun.com [HTML]
Posted at 01:58AM Dec 06, 2006 by justme in OpenSSO | Comments[2]
OpenSSO: Nightly and Stable Builds
There was a question on the stability of OpenSSO nightly bits. "Are they stable?" "Can we tag one of the builds as stable build?"
There are some answers.
It took us about 9 months to open source the Access Manager code base, We did code clean up; move to an open source test framework; add more comments to our code (so that external parties can understand the logic better); etc. During this 9 months, we are also committed to ship Sun Java Enterprise System's Access Manager 7.1. So, we have two CVSes, one for Access Manager 7.1 (which is private to our team) and other for OpenSSO (which is public to all). We are constantly sync-ing up these CVSes. i.e. whatever got fix in private CVS goes to OpenSSO CVS.
Much of our QA effort are spent on Access Manager 7.1. Theoretically, OpenSSO code base is stable because it is based on Access Manager 7.1. However, we cannot be certain because we did code clean and minor refactoring on OpenSSO code base.
Now, we are almost done with Access Manager 7.1, and soon we will have a QA certified nightly build and we will tag it as "stable".
Posted at 11:08AM Nov 22, 2006 by justme in OpenSSO |
Dell owes me money :-)
User paid to uninstall Windows XP
I am not using WindowsXP on my Dell. I am running Fedora. Now, where is my refund
Posted at 01:13PM Nov 15, 2006 by justme in General |