Dennis' Weblog

UI For Agent's property types

We are working on UI for complex agent property types namely unordered list, ordered list and map. Here is a preview.

Posted at 11:09PM Jul 01, 2008 by justme in OpenSSO  |  Comments[1]

How to federate a user?

Someone asked this question. "How to federate a user?" Here is the sequence diagram.

• User visits the Service Provider the first time, he/she authenticates with the SP.
• Then SP presents a list of Identity Provider to user
• He/She chooses one of them and authenticate with it
• Name Identifier is created. Name ID is hide the real identity of user. For example, user is joesmith in SP and he/she is jsmith in IDP; and his/her name ID is xyz (xyz is only an illustration, name ID is much longer length-wise). He/She is only known to SP and IDP as xyz.
• IDP registers the name Id and SP ID; and then redirect the request back to SP
• SP registers the name Id and IDP ID.

This is only the beginning of Liberty/SAML ........

Posted at 12:35AM Apr 13, 2007 by justme in OpenSSO  |  Comments[3]

Auto Complete sub command names for amadm CLI for bash user

SuperPat, my dearest pal (cough, cough!) pointed me to this blog DSEE 6.0 CLI made easier for /bin/bash users

And hinted me that we need to have this for OpenSSO. And why not. But this can be done in a different manner.

Download the opensso.war from here, deploy and configure it.

Download the amAdminTools.zip from here, unzip it in a temporary directory and run the ./setup script.

type <deployuri>/bin/amadm to check that CLI is up and running. Next

<deployuri>/bin/amadm | perl -e 'my $x; while (<>)
  { chomp; if (($_ =~ /^   ( [a-z][\S]+)/) && ($_ !~ /amadm/))
  {$x .= $1; }} print $x;'

complete -W "<paste the output of previous command>" amadm

Posted at 01:23PM Apr 03, 2007 by justme in OpenSSO  |  Comments[2]

OpenSSO: Configuration Data Store - You choose

If you have deployed the OpenSSO WAR file, do you know that the OpenSSO configuration data can be stored in three different type of data stores?

And, if you do. Do you know that you can export the data to a XML file? Do you know that you can import the XML back to a different type of data store ?

https://opensso.dev.java.net - Open Access . Open Federation

Posted at 02:26AM Mar 25, 2007 by justme in OpenSSO  |  Comments[3]

Bulk Federation

I have just completed the implementation for bulk federation. The code is under review now. Here is an abstract of a paper that I have written with the help of my co-workers

A typical process of federating a user between an identity provider and a
service provider is

   1. The user authenticates to his service provider;

   2. He/she chooses an identity provider and authenticates with it.

    Once this is done, a name identifier is created and it is used to
identify this user in both providers. Both providers keep this name identifier
in the user's profiles to make the federation non transient. This name
identifier is removed from the user's profiles when defederation happens.
In this paper, we describe two sub commands in Command Line tool that
helps an organization to federate users between an identity provider (IDP) and
a service provider (SP) on their behalf.

Posted at 12:06AM Mar 15, 2007 by justme in OpenSSO  | 

WAR Configurator

OpenSSO has a very cool and convenient way on setup-ing up its WAR (Web Archive) file i.e. deploy the WAR in your favorite web container (caution: some web contains like WebSphere an d WebLogic requires some prior permissions setting); visit the deployed URI; enter a some basic information; hit the Configure button; and the WAR is configured.

You can choose to have the configuration datastore as OS file system; Sun Directory Server; or Microsoft's Active Directory. The latter is recently added. (thanks to our contributors, goodearth and Dr. Aravindan).

You will be redirected to the Login page and you log in as the default super administrator, "amadmin" (this is not clearly documented that "amadmin" is the one, we will fix it). And it is done (configured).

The major issue is when the WAR configurator fails, it is difficult to figure out what went wrong. Because the configurator JSP does not provide an installation log.

we are working on fixing this (please bear with us )

Posted at 11:33AM Feb 22, 2007 by justme in OpenSSO  | 

OpenSSO: JDK 1.4

The sources in OpenSSO workspace is altered to compile with the source and target levels set to "1.4" (with some exceptions*) because there is an requirement to support WebSphere which does not have JDK 1.5 suppport yet.

*Exception Developer's unit test continues to be compiled with 1.5 target because annotation is used. Hence we need to have JDK 1.5 compile for the OpenSSO workspace.

Posted at 12:11PM Dec 08, 2006 by justme in OpenSSO  | 

Cross Domain Single Sign On

I have just added the code to support Cross Domain Single Sign On. I have a summary on how things are done. [PDF].

Next shall be cookie hijacking prevention piece (under code review now) For information, please a document on docs.sun.com [HTML]

Posted at 01:58AM Dec 06, 2006 by justme in OpenSSO  |  Comments[2]

OpenSSO: Nightly and Stable Builds

There was a question on the stability of OpenSSO nightly bits. "Are they stable?" "Can we tag one of the builds as stable build?"

There are some answers.

It took us about 9 months to open source the Access Manager code base, We did code clean up; move to an open source test framework; add more comments to our code (so that external parties can understand the logic better); etc. During this 9 months, we are also committed to ship Sun Java Enterprise System's Access Manager 7.1. So, we have two CVSes, one for Access Manager 7.1 (which is private to our team) and other for OpenSSO (which is public to all). We are constantly sync-ing up these CVSes. i.e. whatever got fix in private CVS goes to OpenSSO CVS.

Much of our QA effort are spent on Access Manager 7.1. Theoretically, OpenSSO code base is stable because it is based on Access Manager 7.1. However, we cannot be certain because we did code clean and minor refactoring on OpenSSO code base.

Now, we are almost done with Access Manager 7.1, and soon we will have a QA certified nightly build and we will tag it as "stable".

Posted at 11:08AM Nov 22, 2006 by justme in OpenSSO  | 

OpenSSO: Development Process Docs and template

Development Process Docs and template

Pat has posted the OpenSSO Development Process Document and a set of document templates.

Our engineering team is following this process (internally) before we open source the code base. Now, we open it to all OpenSSO contributors.

And, we have also published a set of coding guidelines. [Here]

Posted at 12:23PM Nov 15, 2006 by justme in OpenSSO  | 

Open Federation

We have just open sourced the Federation and Web Services code base under the OpenSSO project. As of today, OpenSSO has the following products Access Manager Open Federation J2EE Agents for Sun Application Server 8.x Web Agents for Apache Server The nightly builds for Open Federation are at http://download.java.net/general/opensso/nightly/openfm/ and http://download.java.net/general/opensso/nightly/fedlibrary/ Note: You may need to get more jar files into opensso/products/extlib after you sync up your workspace with OpenSSO CVS and after building your workspace. Please read the README under opensso/products directory.

Posted at 02:01PM Nov 14, 2006 by justme in OpenSSO  | 

Nightly build for J2EE Agents

Nightly build for J2EE Agents is posted at http://download.java.net/general/opensso/nightly/j2eeagents/

Currently, we only have agents for Sun Application Server v81 and v82. And, this is the README

Posted at 12:44AM Oct 25, 2006 by justme in OpenSSO  |  Comments[2]

OpenSSO: Life of a Session

This is a simplistic view of a session in OpenSSO.

+ Session Creation [View]
+ Session Validation [View]
+ Session Failover View]
+ Session Recovery View]
+ Session Termination View]

Posted at 11:31PM Oct 04, 2006 by justme in OpenSSO  |  Comments[2]

Happenings in OpenSSO for the past 2 weeks

It is about 2 weeks since I last blogged on OpenSSO. Time flies. Here are some of the OpenSSO developments for the past 2 weeks.

J2EE agent for Sun Application Server 8.1 and 8.2 is open sourced. I think the architecture doc is posted too (I would have to check again). This agent has an installer so it should be easy to install it.

Unit test is setup using testNG. We have alot of work to do on porting our existing unit test to this setup.

Currently, the Administration Console based on JATO (J2EE Assisted TakeOff) framework; and we planned to port it to JSF (Java Server Faces) immediately. Please send me email if you are interested in working on this task.

Open Federation. Currently, we can only do single sign on on single domain. Federation Manager allows us to do it across domains. We are working on open sourcing the Federation Manager code base. So.... Stay tuned.

Configuring OpenSSO server. Currently, we can only configure OpenSSO server to use flat file as datastore. It is a hassle to have the datastore as LDAP, AD, etc. I getting the team to port the LDAP Configurator as soon as possible. Sorry for the delay.

Emails, emails and emails. Several folks are already playing with OpenSSO server and agents. And we are happy to receive emails from them. We are really glad that they have tried many features in OpenSSO.

Posted at 10:16AM Oct 04, 2006 by justme in OpenSSO  |  Comments[1]

Another 3000 feet view

Yet another 3000 feet view. This is the missing piece (Authentication) in the previous blog.

[ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ Next ] [ Slideshow ]

Posted at 03:39PM Sep 12, 2006 by justme in OpenSSO  |