Superpatterns Pat Patterson on the Cloud, Identity and Single Malt Scotch

1May/082

The Fedlet Lives!!!

If you're following OpenSSO at all, you can't have failed to notice the recent buzz around the Fedlet - from Daniel (complete with screencast), Eve Mark D, Mark H, Tatsuo, Derrick, Marina and Daniel at Sun to Coté at RedMonk and Enrico at Tenthline.

Briefly, the 'Fedlet' is a package that a SAML 2.0 identity provider can create to quickly federation-enable a small service provider. The idea is that, if you're running a single web application, you're not going to want to deploy a whole 'nother server to run a standalone service provider. What you want is a little package of code and configuration to federation-enable your web app. You want the Fedlet.

I've been wrapped up in demos and travel for the past month or so, so I haven't had much of a chance to play with the Fedlet. Since I'm planning to demo it in my session at CommunityOne on Monday, I thought I'd better do so - I set aside this afternoon to get it working. Turns out I was a little pessimistic there - here's what I did, in less than an hour:

  • Update from OpenSSO CVS (cvs -q update -dP)
  • Cleaned out previous build detritus and built the WAR file (ant clean && ant server-war)
  • Deployed onto Glassfish (don't forget to change GF's -client JVM option to -server, as detailed in the release notes!)
  • Pointed Flock (my preferred web browser du jour) at the newly deployed OpenSSO at http://demo.example.com:8000/opensso (I alias demo.example.com to 127.0.0.1 in /etc/hosts), configured OpenSSO to use the embedded OpenDS instance for its configuration and user stores.
  • Logged in as amadmin, created a SAML 2.0 identity provider and a Fedlet.
  • Unzipped the Fedlet, deployed it into Glassfish.
  • Ran the Federation validator to check that SSO is operational.
  • And...

When you spend your time in the weeds of a project, you always half expect any given step to fail due to some issue or another. Perhaps some recent fix destabilized something; perhaps some errant process has eaten my laptop's memory; whatever. So it was extremely gratifying when all of the above passed off without a hitch. I won't tell you what I muttered under my breath as the federation validator completed and gave me the thumbs up, but the second word was "cool!"

Filed under: OpenSSO Leave a comment
Comments (2) Trackbacks (0)
  1. Pat,

    It’s always nice to hear from others just how easy it is to do something, and I wish I could say that were always the case. Fedlets look great and I wanted to try them out for myself.

    Now, I don’t have a test environment, and I’m stuck with XP for my testing, but I didn’t seem to have the same luck. What OS do you use?

    R

    P.S. When was the last time you posted about a good whisky?

  2. Hi Bluesheep,

    I’m using Mac OS X – the big upside for me is that it’s Unix underneath, so everything is ‘sane’. Having said that, it should definitely work on XP – I’ll pass your message on and try it on my home machine.

    Last whisky post was http://blogs.sun.com/superpat/entry/ardbeg_1975_limited_edition_bottled – October 2007! Yes – I’m well overdue for another. In fact, I finished that bottle off just the other night, sadly. It was a good one.

    Cheers,

    Pat


Leave a comment

No trackbacks yet.