Dennis' Weblog
Securing Web Service - JavaOne Lab
We are fortunate to have to opportunity to attend the
hands-on lab session (LAB-5410 : Using Identity to Secure Web Services) conducted by Dr Aravindan.
This is a dry run session for JavaOne.
We learned how to use Sun Java System Access Manager and Glassfish Application Server to secure web services. It is very easy to setup and configure the profiles for securing web services. There are 5 exercises in the lab. Once we have completed them, we have a good understanding of how it works. Many things appear to be seamless when we are configuring and running the exercises because under the cover Glassfish and Access Manager are doing the heavylifting.
To have a glance of how we secure web service, download Java EE 5 SDK Update 3 Preview 1 With Tools Bundle; and more information here (This sample is using a calendar service as illustration, In JavaOne, LAB-5410 uses stock quote service.) I recommend that you attend LAB-5410 in JavaOne 2007 so that you can have a better understanding of how things work; and Aravindan will be there to answer your questions.
Posted at 02:16PM Apr 20, 2007 by justme in General |
How to federate a user?
Someone asked this question. "How to federate a user?" Here is the sequence diagram.
- User visits the Service Provider the first time, he/she authenticates with the SP.
- Then SP presents a list of Identity Provider to user
- He/She chooses one of them and authenticate with it
- Name Identifier is created. Name ID is hide the real identity of user. For example, user is joesmith in SP and he/she is jsmith in IDP; and his/her name ID is xyz (xyz is only an illustration, name ID is much longer length-wise). He/She is only known to SP and IDP as xyz.
- IDP registers the name Id and SP ID; and then redirect the request back to SP
- SP registers the name Id and IDP ID.
This is only the beginning of Liberty/SAML ........
Posted at 12:35AM Apr 13, 2007 by justme in OpenSSO | Comments[3]
Auto Complete sub command names for amadm CLI for bash user
SuperPat, my dearest pal (cough, cough!) pointed me to this blog DSEE 6.0 CLI made easier for /bin/bash users
And hinted me that we need to have this for OpenSSO. And why not. But this can be done in a different manner.
Download the opensso.war from here, deploy and configure it.
Download the amAdminTools.zip from here, unzip it in a temporary directory and run the ./setup script.
type <deployuri>/bin/amadm to check that CLI is up and running. Next
<deployuri>/bin/amadm | perl -e 'my $x; while (<>)
{ chomp; if (($_ =~ /^ ( [a-z][\S]+)/) && ($_ !~ /amadm/))
{$x .= $1; }} print $x;'
to get the list of sub commands. Then
complete -W "<paste the output of previous command>" amadmThen you can do <deployuri>/bin/amadm add-<TAB><TAB> thingy.
Posted at 01:23PM Apr 03, 2007 by justme in OpenSSO | Comments[2]