|
|
|
|
GlassFish and OpenSSO play very similar roles; they are OpenSource, transparent, community-driven efforts to create enterprise products, except OpenSSO has an extra twist...
|
GlassFish is the Community for SJS AppServer 9.x and OpenSSO does the same for Sun Federated Access Manager (FAM). The twist is that FAM is not yet out. FAM is the combination of the Access Manager and the Federation Manager. Once FAM is out, you can say: GF/SJSAS == OpenSSO/FAM. |
So, go ahead and Download, Evaluate and Deploy OpenSSO!
|
As I just mentioned over at Superpatterns, Marina and Robert recently published Developing Secure Applications with Sun Java System Access Manager, Part 2: Advanced Authorization, continuing their case study of implementing fine-grained authorization at a fictional health-care company. A great article, with lots for the identity-focused developer. |
|
As I mentioned over at Superpatterns, there is a whole lot going on over at Sun Developer Network. Among the highlights, Marina Sum, our regular identity author, and Access Manager engineer Anant Kadam just published an article on Installing, Configuring, and Deploying Sun Java System Access Manager the Simple Way. And we do mean simple: grab a container (Glassfish would be favourite, of course |
We're working to make it even easier to deploy and use Access Manager, through OpenSSO. Hop over to Daniel Raskin's blog to take a look at the plans for Sun Java System Federated Access Manager 8.0 and then sign up to OpenSSO to get involved in the work in progress.
|
Completing our trilogy of articles on integrating Sun Java System Access Manager with Microsoft web applications, Marina Sum, our resident technical author, and Madan Ranganath, Access Manager policy agent engineer, focus on single sign-on from Access Manager to Outlook Web Access 2003. If you work your way through the first two installments, covering IIS and SharePoint Portal Server 2003, and this final article, you'll know pretty much all there is to know about single sign-on between Access Manager and Microsoft's web applications. |
|
Back in May, at JavaOne 2007, Aravindan Ranganathan and Malla Simhachalam presented a hands-on lab titled Securing Identity Web Services. The lab showed how to provide different levels of stock quote service according to the identity of an end-user - authenticated users see real-time stock data while 'guests' see delayed quotes. Since then, Malla, Mrudul Uchil and Marina Sum have written up the lab tutorial as a three-part series of articles at the Sun Developer Network showing how identity can be carried from an incoming web services request right through to an EJB. The sample application shows the request and response messages graphically, and provides links to the XML message data - a particularly nice feature that shows exactly what is going on. |
|
If you've tried to configure single sign-on with Microsoft SharePoint Portal Server 2003, you'll know that can be a bit... non-trivial. The Sun Java System Access Manager policy agent engineering team have been working on extending the existing agent for IIS to allow single sign-on into SharePoint (and Outlook Web Access, but that's another story...). Robertis Tongbram and Marina Sum just wrote this scenario as an article over at Sun Developer Network. |
Of course, all Access Manager policy agents also work with OpenSSO, Access Manager's open source alter ego, so when Policy Agent for IIS 6 Hotpatch 8 hits the street it'll work with OpenSSO, too.
|
|
Over at the Sun Developer Network, Marina Sum has been on a tear this past week or so, with two articles on OpenSSO and its sister product, Sun Java System Access Manager. Last week, she and I published Single Logout: A Demo, a follow-up to February's article Switch on SAML for PHP With Project Lightbulb, covering Project Lightbulb's evolution into OpenSSO Extensions and its implementation of SAML 2.0 single logout. Much discussion of the mechanics of single logout and its implementation in the OpenSSO SAML 2.0/PHP Extension. |
Today, Marina and Robert Skoczylas of Indigo Consulting published Developing Secure Applications with Sun Java System Access Manager, Part 1: Basic Authorization. This article, part 1 of a series, presents a case study of implementing authentication, single sign-on, and authorization at a fictional health-care insurance company. Great stuff, working from a high-level description of the problem right down to specific Access Manager customizations.
|
Another neat technical article just hit the wire over at Sun Developer Network: Achieving SSO With Sun Java System Access Manager and SAML. Vasanth Bhat and Marina Sum look at how to integrate Access Manager with a third party application - in this case SAP NetWeaver Enterprise Portal 2004s - via SAML. Neat stuff! |
|
|
Malla Simhachalam and Marina Sum have written an excellent tutorial on securing web services using NetBeans 5.5 and Sun Java System Access Manager. |
The tutorial walks through a familiar stock ticker sample, showing how anonymous users get delayed stock price data while authenticated users have access to real-time prices. Malla and Marina step through the message exchange and explain how it is secured with SAML assertions, so this is a great read if you are looking at identity-enabling web services.
In between all the talk of federation, PHP and web services, we sometimes lose sight of the fact that bread-and-butter single sign-on and access control still has huge value in improving both security and the user experience.
|
|
Over at the Sun Developer Network, Marina Sum and I just published an article - Sun and Microsoft Interoperate for Web Authentication, Part 1 - focusing on how Sun Java System Access Manager (or OpenSSO) and its policy agents integrate with Microsoft IIS to provide both single sign-on and access control - right down to Windows ACLs on files on disk. |
|
Pat writes about the Availability of the OpenSSO Agent for SJS AS 8.2. All pieces are available, including: Sources, the Architecture Document and the Nightly Builds. This time I didn't have to ask about the GlassFish agent. Pat knew the question would be there and says: "stay tuned!". |
|
Access Management tools can be very useful but I think the entry cost and lack of documentation have prevented its widespread adoption. This is going to change with OpenSource projects like OpenSSO. For example, Dennis just added two simple sets of diagrams describing SSO and Access Control and Authentication. More detailed information on OpenSSO is availalable at the project site including: articles on OpenSSO, Project News (with many useful links), the FAQ Center, and the Documentation Top Page. |
|
|
After a slow start, the Open SSO project is showing it is Really Alive and it just released a number of Web Agents. These agents provide Authentication and Authorization for different App Servers and Web Servers. Dennis reports support for SJS AS 8.2; I'll confirm the same for SJS AS 9.0 / GlassFish. |
More details at Dennis' blog, the home and FAQ pages, and the Project Announcements. I expect the end-result of this and Related Efforts will be software that is more useful to the community, is easier to install and use, is more available, and it is packaged in a way that can be reused and recombined.
), 
