Identity and Federation Rajeev's Blog

Here is a prototype for a Java Web Start based OpenSSO installation built with Embedded GlasshfishV3 early builds and Embedded OpenDS.

The idea is that no separate installation of a app server and directory is necessary to start exercising OpenSSO features.

Although initially targeted for people new to OpenSSO, clearly there are several interesting possibilities going forward for such a delivery mechanism in the future. Some initial thoughts are listed below :

Quick evaluation of OpenSSO samples, Fedlet, Virtual Federation Proxy

Developer tooling : test executions

Pre configured OpenSSO - for demos, training

Upgrading / Patching of OpenSSO bits

Please feel free to add any other suggestions you may think of.

Initial Steps
Step 1 : Click here to invoke QuickSetup



Choose Java Web Start option and click OK.

Step 2: Accept the certificate : Make sure it looks something like :

Note : The certificate will not be self signed in later releases.

Step 3 : Wait about 25 seconds until the the following windows show up one after another:

This is the QuickStart main user interface. Do not close this window!

Step 4 : No action - just be patient and wait another 25 seconds for a browser window like the following shows up :



Thats it - simply choose the appropriate configuration option - the configurator wizard will guide thru rest of the steps.

Trying out Federation

You must have already noticed that the steps above automatically start a OpenSSO instance : http://localhost:28080/opensso.
For exercising Federation functionality (Eg : SAML2) you need at least two opensso instances in two different domains.

Initial Preparation : Setup /etc/hosts (or equivalent) to add fully qualified hostnames to represent a Service Provider and Identity Provider respectively : eg :
127.0.0.1 localhost www.idp1.com, www.sp1.com
Install two instances using The QuickSetup Web Start UI.
For example :
Enter sp , click "Deploy" - wait 25 seconds for a configrator widow similar to the one in Step 4 above to show up. Change the URL to your SP installation. E.g. : http://www.sp1.com:28080/sp.
Configure using this OpenSSO instance configurator wizard and the use Service Provider task flow to set this instance as a Service Provider.
Back to Webstart window - enter "idp" and click "Deploy". Same steps above, except this time change url to : http://www.idp1.com:28080/idp and configure this instance as a Identity Provider.

Stopping OpenSSO

CLick "Exit OpenSSO" button on Webstart window. This will shutdown all opensso instances.

Re-starting OpenSSO

Invoking QuickSetup again restarts the default opensso instances - it will all use the configuration setup earier. Ie you dont need to configure it again. To restart other OpenSSO instaces configured earlier, use the QuickSetuo UI to enter the deploy uri and click "Deploy". To unconfigure a given instance, stop OpenSSO, remove the configuration directory provided during setup and reinvoke webstart.

Misc Notes/Known Issues

QuickSetup creates and uses $HOME/OpenSSOQuickSetup on your desktop - and for a single instance may use up as much as 256MB disk space.

QuickSetp needs Java SE 1.5+ installed.

Linux 64bit x86 does not support Java Web Start

There are some issues reported on come Windows Vista and MAC systyems in that QuickSetup fails to start. Debug dumps can be found under : $HOME/OpenSSOQuickSetup directory.

Limiting WebSetup permissions to report and sandbox within $HOME/OpenSSOQuickSetup is being worked on.

Currently the jars are signed with a self signed certificate. This issue will be resolved.