Superpatterns Pat Patterson on the Cloud, Identity and Single Malt Scotch


Thomson Reuters on deploying OpenSSO Enterprise to a Global User Base

About a month ago, Nick mentioned a presentation that Chris Lucock, head of Enterprise Architecture desktop products for Thomson Reuters, had given at March's Gartner Identity & Access Management Summit in London. The video for this presentation has just gone online and, like the last Gartner video I blogged, by Damo Bashyam of Verizon Wireless, it's got some great information on a large scale real world deployment of OpenSSO Enterprise.

In the video, Chris explains how OpenSSO is on track to provide single sign-on across Thomson Reuters' Markets services to 330,000 users worldwide by the end of 2011. In many ways it's a very different deployment to Verizon Wireless; 1% of the user base in terms of sheer numbers, but far more complex in terms of the services provided. One example: Thomson Reuters have implemented 'exclusive access', controlling the numbers of concurrent users of third party services (and thus Thomson Reuters' costs) by ensuring that each user only has a single session active at any time, for example, terminating a desktop session left open over lunch when a user logs in from their mobile phone. Another good one: single sign-on is provided across services delivered by the public internet and Thomson Reuters' private network, again allowing cost savings as streaming video can be more cheaply delivered via the internet while sensitive financial data is more tightly controlled.

There's much more in the video, including integrations with Siebel and the Reuters Messaging product, so spend a few minutes with Chris, exploring OpenSSO at Thomson Reuters...

Filed under: OpenSSO No Comments

Federating to Google Apps with OpenSSO – Open Source Starter Kit

It's been possible to configure OpenSSO for single sign-on (SSO) to Google Apps ever since Google implemented the SAML 2.0 protocol for federated SSO back in 2006. Last year, I covered Wajih Ahmed and Marina Sum's article on implementing SSO between OpenSSO and Google Apps, which described precisely how to quickly get it up and running. The process took about 10 or 15 minutes, but involved editing an XML configuration file, which does introduce some, uh, opportunity for user error.

So, we looked at how we could streamline the process, making it as foolproof as possible, and, in OpenSSO Express Build 7, built a task flow specifically for federating with Google Apps. The new task flow is described in one of the first open source starter kits for Sun's identity products - Federating to Google Apps with OpenSSO (the other starter kit covers setting up OpenDS as a Naming Service for OpenSolaris). We now have the process down to less than four minutes, and it's so easy, even a smoking monkey can do it 🙂

Filed under: OpenSSO 2 Comments

New and Updated Policy Agents for OpenSSO

We released four new 'version 3.0' policy agents for OpenSSO today:

These join the existing version 3.0 policy agents for Sun Glassfish Enterprise Server (formerly known as Sun Java System Application Server) 8.x/9.x (documentation, download) and Oracle/BEA WebLogic Server/Portal 10 (documentation, download). While the 3.0 agents add centralized configuration and some other features, it's important to note that all of the version 2.2 agents are tested and supported with OpenSSO.

Filed under: OpenSSO 4 Comments

OpenSSO Tab Sweep – Apr 17 2009

A celebration this week and events over the next month in the world of OpenSSO...


So - there you have it - a packed few weeks in OpenSSO-land, and evidence that the OpenSSO community is as active IRL (in real life) as on IRC (Internet relay chat) 🙂

Filed under: OpenSSO 1 Comment

Out Now – OpenSSO Express Build 7!

As announced yesterday on the OpenSSO users mailing list, OpenSSO Express Build 7 is now available!. Congratulations and thanks to the OpenSSO team for their hard work, and to the whole OpenSSO community for continued support in the form of issue reports, patches and other contributions.

So, what's new in Express Build 7? Here are some highlights - full details are in the release notes

The other question going through your mind may be "What on earth is an 'Express Build', anyway?". The short answer is that an OpenSSO Express build is a supported 'snapshot' of development between full 'OpenSSO Enterprise' releases. The long answer is on the OpenSSO wiki.

Filed under: OpenSSO No Comments

OpenSSO on front page…

Following in Ludo's footsteps I have to say thank you to Marina for getting OpenSSO onto the front page:

As Ludo mentioned, Marina is looking for new opportunities - if you need a top flight technical author, then email me at and I'll pass your message on to her.

Filed under: OpenSSO No Comments

OpenSSO Tab Sweep – Mar 27 2009

As always, a bumper crop of OpenSSO news from the last couple of weeks...

That wraps things up for another week - I'm off to jump in the Patmobile and brave 101. See you next time!

Filed under: OpenSSO No Comments

Jobs @ OpenSSO – March 2009

Sun is hiring engineers for OpenSSO and related identity products - we have a number of positions spanning engineering, QA and UI design. If you read my blog regularly, you'll know that OpenSSO is hot stuff - open source single sign-on, federation and secure Web services, delivered as Sun OpenSSO Enterprise and used in deployments large and small.

BTW, we have a referral bonus scheme at Sun, so, please, if you do apply for any of these positions, list me (Pat Patterson, ) as the referrer - I'll buy you lunch once you start 🙂

UPDATE - I added another position and updated the publication time... We may have more reqs in the pipeline, so watch this space...

  • Entry Level Engineer (0-2 yrs experience) - we're looking for junior folks with some experience in Java, C++, J2EE, XML, servlets, and web technology development. Any middleware experience would be a bonus.
  • Senior Quality Engineer (6+ yrs experience) - a rare opportunity to get into one of the best QA teams in the business - OpenSSO QA team manager Indira Thangasamy talks about what's involved.
  • Interaction Designer / Information Architect (0-2 yrs experience) - anyone seeing the evolution of Access Manager into OpenSSO over the past few years will have seen our emphasis on ease of use and UI design. We're not done yet, though! We need another UI designer to work on projects across the identity management product line.
  • Senior Java-based User Interface Developer (3+ yrs experience) - JSF, RIA, Ajax - buzzword heaven in this UI developer post. The job spec currently says 'Identity Server project management', but it looks like that's a typo for 'Identity Manager' - OpenSSO's provisioning cousin. Unlike the other jobs, which are all Bay Area-based, this one is 'Any US Sun Location' - a great opportunity if you have wicked Java Web UI skills but are based in Colorado, or Massachusetts, or Texas, or...

If those links are no longer by the time you're reading this, then you can use these search links for OpenSSO jobs at Sun and identity-related jobs at Sun.

Filed under: OpenSSO No Comments

A Grand OpenSSO Community Day Out in New York

Many thanks to all who attended (I counted at least 50) and spoke at our very first OpenSSO Community Day this past Tuesday in New York City, and to NYU for making available such an excellent facility.

We had a range of speakers: some from the OpenSSO product team, some from other parts of Sun, and even one SI partner - Mike Schwartz from ID-Vault. As promised, we assembled the agenda at the start of the day, and managed to fit in nine 40 minute sessions covering pretty much every aspect of OpenSSO. Almost all the slides are online at the event wiki page (slides, please, Brad!).

If you attended the community day, please complete the Meetup survey - we'd love to have your rating and comments.

The next stop for the OpenSSO Community Day roadshow will be Munich, on May 5. Remember, if you're also planning to attend the European Identity Conference (hosts for our event), you can get 20% off your registration fee by quoting the discount code OPENSSO.

Watch this space for news of OpenSSO Community Day 3.0 - to be held in San Francisco, around the time of CommunityOne West/JavaOne.

Filed under: OpenSSO No Comments

OpenSSO Tab Sweep – Mar 13 2009

Lots of news over the last couple of weeks from the world of OpenSSO. Events in New York, new Fedlet innovations and more; read on...

That wraps things up for this week. Don't forget, if you're planning to attend the European Identity Conference 2009 in May, the second OpenSSO Community Day will be there on the Tuesday, May 5 2009. Register at Meetup and you can pick up a discount code for 20% off the cost of your EIC registration. Bargain!

Filed under: OpenSSO 1 Comment