Just blogged by Jeff Bounds: Verisign Identity Protection and OpenSSO. Jeff, a Sun SE working out of Atlanta, walks through the process of creating a custom authentication module for Verisign Identity Protection (VIP), allowing holders of VIP credentials to login to OpenSSO. Key quote: "Building an Authentication Module for OpenSSO was easier than I thought".

If you have an idea for a custom authentication module for OpenSSO, give it a shot - there is plenty of help out there, and we'll be happy to add your module to OpenSSO as an extension.

The latest addition to our growing line of OpenSSO Extensions is an authentication module for Information Cards - it enables OpenSSO as an Information Card Relying Party, allowing end users to authenticate via Windows CardSpace or other identity selectors such as DigitalMe or xmldap. This initial version of the authentication module was written and kindly contributed to OpenSSO by Patrick Petit (pictured) formerly of Sun, now an independent consultant; it also uses the xmldap relying party code, originally written by Chuck Mortimore, another Sun alumni - make of that what you will

The README has details of how to build and deploy the authentication module on OpenSSO build 2 or build 3. I tried it out this afternoon - I enabled OpenSSO for information cards in under an hour. Great work, Patrick!

More OpenSSO/Access Manager goodness at Sun Developer Network this week - regular Identity Management technical author Marina Sum and Sun ISV Engineer Michelle Cope just published an article on integrating Sun Java System Access Manager with ActivIdentity 4TRESS Authentication Server.

Complete source code is available as an OpenSSO Extension - the first time we've done this for an authentication module. OpenSSO Extensions are sub-projects that integrate with OpenSSO in some way - there are SAML implementations in PHP and Ruby, an OpenID Provider and more. If you have an idea for an OpenSSO Extension, then signup to OpenSSO and drop us a line on one of the mailing lists.

You can find more information on the 4TRESS integration in my blog entry at Superpatterns, and in the article itself.

Byron has a detailed post on why and how to setup JDBC Realm Authentication. It covers the use of JavaDB (embedded or server mode), creation of the JDBC connection pool with the appropriate settings, along with a few tips.

When you're securing Web services, sometimes you need all the flexibility and features that Sun Java System Access Manager 7.1 gives you - centralized policy management, end-to-end identity via WS-I BSP/Liberty ID-WSF and all. Other times, well, you don't. For the latter case, Ryan de Laplante has done a great job documenting the steps required to secure Web services traffic with SSL and HTTP basic authentication.

As I just reported over at Superpatterns, Martin Gee of ICSynergy (one of Sun's system integrator partners, focussing on identity management, federation and SOA) has written a great Sun Developer Network article on adding CardSpace authentication to OpenSSO. If you're interested in how CardSpace works, or how to extend OpenSSO to support new authentication mechanisms, head on over and take a look.

Earlier this week we reported on how to store identities with OpenLDAP for use in GlassFish's authentication. Now Trey describes, in detail, how to achieve the same Using OpenDS, the new high-performance, Java-based, open source directory server that we have covered in earlier spotlights.

Trey's note is very complete and covers how to install OpenDS, sample data for the directory and how to load it, how to use the GlassFish's administration console to configure authentication using LDAP, how to configure web.xml and sun-web.xml, and even a web app configured following these instructions.

Vey nice! Check it out!

GlassFish Security Realm support LDAP-based security. This can be used with a number of LDAP-based directory servers, including OpenDS, which we have covered previously here. Now Krishnan provides detailed steps on how to use OpenLDAP with GlassFish. Check out the details at Krishnan's Blog

Access Management tools can be very useful but I think the entry cost and lack of documentation have prevented its widespread adoption. This is going to change with OpenSource projects like OpenSSO. For example, Dennis just added two simple sets of diagrams describing SSO and Access Control and Authentication. More detailed information on OpenSSO is availalable at the project site including: articles on OpenSSO, Project News (with many useful links), the FAQ Center, and the Documentation Top Page.

After a slow start, the Open SSO project is showing it is Really Alive and it just released a number of Web Agents. These agents provide Authentication and Authorization for different App Servers and Web Servers. Dennis reports support for SJS AS 8.2; I'll confirm the same for SJS AS 9.0 / GlassFish.

More details at Dennis' blog, the home and FAQ pages, and the Project Announcements. I expect the end-result of this and Related Efforts will be software that is more useful to the community, is easier to install and use, is more available, and it is packaged in a way that can be reused and recombined.