Superpatterns

It’s nice to see your RFE’s implemented, and that’s exactly what happened with OpenSSO issue # 4053: Active Directory configuration should use AD domain name rather than LDAP host/port. I saw Kohsuke‘s blog entry on More Active Directory integration in Java a little while ago and realized that we could take exactly the same approach in OpenSSO – prompt the admin for the Active Directory domain name rather than a host name and port number.

As Kohsuke mentions, this has a number of advantages – every AD admin knows the domain name, while many would likely have to go look up an individual host name, not to mention the LDAP port number. Since we use the domain name to look up an individual AD controller via DNS, it also means that the admin doesn’t need to update OpenSSO’s configuration as AD controllers come and go – OpenSSO will always get a valid host name from DNS.

So, when configuring OpenSSO Express 8, you can now just specify the AD domain name. As improvements go, this one is pretty small, but, as I think everyone agrees, the cumulative effect of all these little improvements in OpenSSO over the past two or three years has been HUGE…

Wow – it’s been months since the last OpenSSO tab sweep. Anyway – here’s a collection of the latest news from the world of OpenSSO:

• Sun Developer Network continues to publish excellent articles on OpenSSO. Last month, Rick Palkovic of SDN and Francois Lascelles of Layer 7 Techologies collaborated on Delegating XML Gateway Runtime Authorization to OpenSSO, showing how Layer 7′s SecureSpan XML Networking Gateway integrates with OpenSSO to provide edge security for SOA, Web 2.0 and cloud-based web services.
• This month, Rick’s written another article, this time with Qingwen Cheng and Mrudul Uchil of Sun’s OpenSSO engineering team. Enabling IP/Resource/Environment Based Authentication With OpenSSO is a three-part series explaining how this functionality, new in OpenSSO Express Build 8, replaces the pre-existing Gateway servlet to provide a flexible mechanism for including contextual information in the authentication process.
• My colleague, Hubert Le Van Gong has been blogging profusely over the past few weeks on the topic of OpenID 2.0 and OpenSSO. As Hubert mentions, we recently rewrote the OpenSSO OpenID extension to support OpenID 2.0. Hubert’s blog entries cover a number of topics specific to the rewrite, including deployment (with an important follow up) and realm/relying party validation. C’est la Vie is definitely a blog worth watching if you’re interested in the OpenID/OpenSSO intersection.
• There have been a number of OpenSSO policy agent releases over the past few weeks, including agents for Apache 2.2 and IIS 7. The OpenSSO Policy Agents 3.0 Roadmap is the place to stay up to date.
• The replay of Daniel‘s OpenSSO webinar from last month, which, by the way, set an internal record for registrations, has been posted online. Click here to catch up.
• Outside Sun, ‘Pairg‘ has released a WordPress plugin for OpenSSO authentication (thanks, Ramoonus, for the tip!). It looks to have much more functionality than the proof of concept code I released a little while ago, so, if you’re into WordPress, I recommend you go take a look.

Now I can close a few Firefox tabs and relax. Have a good weekend, everyone!

A few weeks ago, I blogged about the impending release of OpenSSO Express Build 8; well, the OpenSSO engineers have been hard at work since then, and Express 8 was officially released yesterday.

Among the new features:

• One time password-based strong authentication
• Fedlet for .Net
• MySQL user data store
• First cut of the Entitlement Service
• Task flow for federation with SalesForce.com
• First look at the new IceFaces-based administration console

Much more detail in the OpenSSO Express 8 release notes. If you’re wondering just what an ‘Express Build’ of OpenSSO is, the FAQ reveals all.

Download OpenSSO Express 8 now!

At OSCON a few weeks ago, I spent a little time with OpenSolaris enthusiast Jack Adams (who doesn’t seem to have his own page, but is often in the company of Bruno Souza and Deirdré Straughan), chatting about the basics of OpenSSO, single sign-on and federation. Luckily, it was all caught on video…

Short notice, but if you have a spare hour tomorrow (Wednesday August 19th 2009) morning, Daniel Raskin, Sun’s Chief Identity Strategist, and I will be presenting a webinar titled OpenSSO Express for Improved SSO. Join us at 10am PDT/1pm EDT/7pm CET for an update on the very latest features in OpenSSO Express 8 and beyond, such as mobile one-time passwords, the Fedlet for .Net, SalesForce.com integration and OAuth.

It’s been a while since the last OpenSSO article at Sun Developer Network (the excellent, three-part, Troubleshooting OpenSSO with Firefox Add-Ons), but Malla and Rick have come up trumps with Securing REST Web Services With OAuth.

The article recasts the tried and true ‘stock quote sample’ as a RESTful web service with access protected by OAuth via OpenSSO and Jersey (Sun’s open source implementation of JAX-RS, aka JSR 311). This is technology that has hitherto only been demonstrated in a demo at JavaOne 2009, so it’s great to see it being successfully applied here.

Go read the article and discover how OpenSSO, Jersey and OAuth combine to secure RESTful web services!