|
|
|
|
|
As I mentioned on my blog yesterday, if you're following OpenSSO at all, you can't have failed to notice the recent chat around the Fedlet, a nifty mechanism for federation-enabling web applications. Briefly, the 'Fedlet' is a package that a SAML 2.0 identity provider can create to quickly federation-enable a small service provider. If you're trying to federation-enable a single web application, you need the Fedlet. |
Here is the buzz:
• Watch the FEDLET Now! REALLY! - Daniel Raskin
• Federation in the diminutive - Eve Maler
• The Fedlet has Arrived - Mark Dixon
• Latest news on the Fedlet - Mark Herring
• OpenSSO の最新ビルドに Fedlet が入ってる - Tatsuo Kudo
• Fedlet comes out with a (Head) Bang - Derrick Harcey
• How to Efficiently Accomplish Identity Federation With Fedlets - Marina Sum
• Finally...The Fedlet has Arrived - Daniel Tse
• The Fedlet - Sun Identity Buzz Episode - Michael Coté
• The Fedlet: Federated SSO Made Easy - Enrico Bianco
|
I'll be presenting OpenSSO and the Fedlet at CommunityOne on Monday May 5 2008 at 4pm in Hall E 135. As you must be aware by now, CommunityOne is free of charge to attend, though you do need to register. See you there! |
|
|
Over the past few months, Aravindan Ranganathan, Lakshman Abburi and Marina Sum have been working on a series of articles covering the new identity services functionality available now in OpenSSO and coming soon in Sun Federated Access Manager 8.0. This week sees the publication of part 3, covering retrieval of user attributes. One notable feature of the series is it's presentation of both SOAP/WSDL and REST patterns for accessing OpenSSO's identity services. Which do you use, and why? |
|
Third in Sun Developer Network tech author Marina Sum's series of interviews with Sun's identity team is Daniel Raskin, senior product line manager for access and federation management at Sun. Daniel lifts the lid on some of the cool new features coming up in Sun Federated Access Manager 8.0 (and, of course, available NOW in OpenSSO) specifically designed to simplify federation deployments, including Fedlets, Virtual Federation, the Federation Validator and more. |
Read the article for the inside scoop!
GlassFish and OpenSSO play very similar roles; they are OpenSource, transparent, community-driven efforts to create enterprise products, except OpenSSO has an extra twist...
|
GlassFish is the Community for SJS AppServer 9.x and OpenSSO does the same for Sun Federated Access Manager (FAM). The twist is that FAM is not yet out. FAM is the combination of the Access Manager and the Federation Manager. Once FAM is out, you can say: GF/SJSAS == OpenSSO/FAM. |
So, go ahead and Download, Evaluate and Deploy OpenSSO!
|
In the second article of her 'From the Trenches' series of interviews with folks from Sun's Identity team, Sun Developer Network tech author Marina Sum chats with me about OpenSSO's evolution over the past couple of years. We get into some of the challenges inherent in opening up a commercial software product and my aspirations for OpenSSO's future. I mention in the interview that "I'd like whoever desires access control and federated SSO to immediately think of OpenSSO as the preferred choice." This seems to be coming true already - we've already covered integrations with JBoss Portal and Liferay; yesterday I noticed a new integration with PAL Portal. |
|
Straightforward instructions on how to install
OpenSSO on
Apache Tomcat
(5.5 and 6.0).
See Robert's
Writeup |
|
Following up on her recent interviews with Sun identity folk, Sun Developer Network tech author Marina Sum kicks off a new series of interviews, this week featuring OpenSSO Project Manager Jamie Nelson, Sun's director of engineering for access and federation management (and my boss - Hi Jamie!) Read the interview for Jamie's take on securing web applications. While we're on the OpenSSO/Access Manager topic, Marina also recently published two new sections of the Access Manager FAQ, this time covering Identity Management (from the Access Manager point of view) and the Service Management SDK. Lots of useful little nuggets in there. |
|
If you've taken a look at federated identity, but become bogged down in acronyms (SSO, SP, SAML???) and jargon (why do I need an identity provider? I already have an identity), then you'll be happy to read identity diva Eve Maler's recent article on the topic - Federated Identity Through the Eyes of the Deployer. Eve and regular SDN identity writer Marina Sum walk you through the basics of federated identity - what it is, why you might want it and what questions to ask as you architect a federated identity system. |
If you're wondering about the illustration - Eve is an authority on matters XML, being instrumental in the creation of XML and related standards such as SAML - in fact, you can blame Eve for some of those acronyms 
|
The latest addition to our growing line of OpenSSO Extensions is an authentication module for Information Cards - it enables OpenSSO as an Information Card Relying Party, allowing end users to authenticate via Windows CardSpace or other identity selectors such as DigitalMe or xmldap. This initial version of the authentication module was written and kindly contributed to OpenSSO by Patrick Petit (pictured) formerly of Sun, now an independent consultant; it also uses the xmldap relying party code, originally written by Chuck Mortimore, another Sun alumni - make of that what you will |
The README has details of how to build and deploy the authentication module on OpenSSO build 2 or build 3. I tried it out this afternoon - I enabled OpenSSO for information cards in under an hour. Great work, Patrick!
Already covered by by Tatsuo, Michael and me, OpenSSO Build 3 is now ready for download. Lots of goodies in this release, including:
|
|
See the release notes for specific deployment details, and, if you haven't tried OpenSSO before, check out the new Getting Started wiki page for handy hints.
Eduardo posted last week about Glassfish at Ohloh.Net. As Eduardo mentioned, Ohloh presents a view of open source projects, showing contributions and allowing registered users to 'stack' their favorite projects. A nice feature is the ability to claim your own contributions and award 'kudos' to other contributors.
All three of Sun's open source identity management projects have Ohloh pages:
|
• OpenSSO (29 stacks, 5.0/5.0 rating)
|
If you're using any of these projects, please consider stacking them. Even better, if you have contributed to any of these projects, go claim your contribution - you get a nice page showing what you've done
|
More OpenSSO/Access Manager goodness at Sun Developer Network this week - regular Identity Management technical author Marina Sum and Sun ISV Engineer Michelle Cope just published an article on integrating Sun Java System Access Manager with ActivIdentity 4TRESS Authentication Server. |
Complete source code is available as an OpenSSO Extension - the first time we've done this for an authentication module. OpenSSO Extensions are sub-projects that integrate with OpenSSO in some way - there are SAML implementations in PHP and Ruby, an OpenID Provider and more. If you have an idea for an OpenSSO Extension, then signup to OpenSSO and drop us a line on one of the mailing lists.
You can find more information on the 4TRESS integration in my blog entry at Superpatterns, and in the article itself.
|
Sun Developer Network technical author Marina Sum recently published a short interview with Paul Bryan, a Sun technical specialist working in identity management. As mentioned in the interview, Paul was the very first external committer on the OpenSSO project back in 2006. He went on to write the OpenID Extension for OpenSSO before joining Sun towards the end of last year. |
Discover how Paul is working with OpenSSO to fight phishing and identity fraud.
|
As I just mentioned over at Superpatterns, Marina and Robert recently published Developing Secure Applications with Sun Java System Access Manager, Part 2: Advanced Authorization, continuing their case study of implementing fine-grained authorization at a fictional health-care company. A great article, with lots for the identity-focused developer. |
|
As Michael and I already reported, OpenSSO v1 build 2 is now available at the OpenSSO download page. There are some pretty major advances in this build, most notably the centralized server and agent configuration. My blog entry gives more detail, while Michael's has a vintage TV commercial - take your pick |
Once you've downloaded the new build, you can go work through the latest tutorial over at the Sun Developer Network Identity Pages. Regular authors Aravindan and Marina are joined by Lakshman Abburi to cover authorization with identity services. Now that the nights are drawing in (if you're in the Northern hemisphere!), what could be better than settling down with a nice cup of hot chocolate and working through a tutorial or two?
