Superpatterns

links for 2008-10-01
[ adfs demo federation glassfish glassfishv3 google identity opensso quickstart redmonk saas salesforce ]

• OpenSSO Gets SaaSy - Federated Identity Across the Firewall with Google and SalesForce.com
  Michael Coté of Redmonk and Daniel Raskin and Pat Patterson of Sun talk about federated identity, software as a service and OpenSSO
  (tags: opensso identity redmonk saas google salesforce federation)
• Demo - OpenSSO Quick
  Demo of single sign on from Active Directory Federation Services (ADFS) to OpenSSO, then from OpenSSO to Google Apps for Your Domain and SalesForce.com
  (tags: demo adfs opensso google salesforce federation identity redmonk)
• Demo - Getting Started Quick with OpenSSO
  Demo of OpenSSO QuickStart - deploy OpenSSO and an embedded instance of GlassFish v3 using the Java Web Start mechanism
  (tags: opensso quickstart demo glassfish glassfishv3 identity redmonk)

YADIS/XRI Identifier Resolution with SAML 2.0
[ demo iiw2006b lightbulb openid opensso php saml xri yadis ]

This week at Internet Identity Workshop 2006b I've been demonstrating some work I've been doing to combine YADIS/XRI Identifier Resolution (as in OpenID) with SAML 2.0 Web Browser SSO Profile. The user experience is:

1. I go to a service provider (relying party)
2. I enter my identifier (URL or i-name)
3. I authenticate at my identity provider
4. I can access services at the service provider

The magic takes place between steps 2 and 3: the service provider resolves the user's identifier, which might be a URL or an i-name, to the location of a SAML 2.0 identity provider. The service provider can now do vanilla SAML 2.0 with the identity provider. The easiest way to see what's going on is via a demo, so, here you go:

Click to view Flash presentation

By the way - the service provider is implemented on top of Project Lightbulb. I need to do some tidying first, but I'll put the YADIS/XRI code there soon.

UPDATE - coverage of this demo at IIW2006b:

• Lightbulb: Bringing SAML to PHP
• Internet Identity Workshop demonstrations steal the show - nice pic on this one. Left-to-right we have Doc Searls, my good self, Shin Adachi and JP Rangaswami.

Demonstration of Identity Web Services
[ accessmanager demo federationmanager idff idwsf libertyalliance qarbon sso webservices ]

Following on from my recent posting of a Federation Manager demo showing Liberty ID-FF federated single sign-on, here is a demo of Access Manager and Federation Manager I showed at a Liberty 'eGovernment Forum' in Dublin back in April.

This demo shows an employee of the 'Department of Health and Children' logging into the department's portal, visiting another government department, the 'Stationery Office', to obtain an official report, and having the Stationery Office query their 'home' department for a mailing address via the Liberty Identity Web Services Framework (ID-WSF).

This is a very simple demo, but it demonstrates some key aspects of Liberty ID-WSF:

• 'Bootstrap' from federated web single sign-on (ID-FF) to web services (ID-WSF).
• Use of the Discovery Service to locate a web service for a given user. (This takes place 'under the covers' - the bootstrap provides the service provider, in this example the Stationery Office, with the location of the Discovery Service and a credential to use on behalf of the employee. The service provider queries the Discovery Service for the location of the Personal Profile service).
• Use of the Personal Profile Service to retrieve a user's profile attributes.
• Use of the RedirectRequest protocol (specified in the Liberty ID-WSF Interaction Service Specification) to allow the employee's 'home' department to prompt for confirmation that address information is to be released to the Stationery Office.

Just click the screenshot below to view the demo...

Click to view Flash presentation

UPDATED 11/21/2005 - corrected Interaction Service to RedirectRequest protocol - see comments

Sun Federation Manager Demonstration
[ accessmanager demo federationmanager idff libertyalliance qarbon sso ]
My previous job at Sun (until January 2005) was as technical product manager for Access Manager. The main reason I moved back to engineering to take a technical architect role was so that my business card didn't read like a tongue-twister . Anyway - I still dabble on the technical marketing side, helping out when things get busy over there, like last month's technical sales training boondoggle event in Las Vegas - two days of lectures and labs bringing together Sun's identity management marketing team and the Sun system engineers (=sales engineers) affiliated with identity management.
My contribution (no - I didn't get to go to Vegas!) was a new front end for the Federation Manager Liberty Identity Federation Framework (ID-FF) single sign-on (SSO) sample. This sample, shipped with Federation Manager, shows how to get Liberty ID-FF SSO working between an Identity Provider and a Service Provider. Out-of-the-box, this sample comprised a set of functional, yet plain, JSPs. I re-used some old demo layouts to give the sample a bit of pizazz so the SEs could take something away as the basis for a demo. I was going to just put up a few screenshots here to walk you, the reader, through a simple SSO scenario, but then I realised that it would actually be less work to use Qarbon's Viewletbuilder to whip up a flash presentation. So - here it is - just click on the screen below and discover the magic of federated single sign-on...

Click to view Flash presentation