New Drop of the OpenSSO OpenID Provider Code

Back in March, Paul Bryan released the first version of the OpenID Extension for OpenSSO, implementing an OpenID Provider for OpenSSO, Sun’s open source single sign-on/access control/federation project. You might also recall that, at the beginning of this month, SSOCircle put this into production, enabling OpenID Provider services on their public identity provider.

Last night, Paul announced the second drop of his OpenID provider on OpenSSO’s developer mailing list. For those of you not subscribed, here is the full text of his announcement:

Hi all:
I have just checked-in the source to the OpenID provider 1.0 alpha2. The following are excerpts from the README file:


The OpenID provider provides a complete OpenID Authentication 1.1 protocol compliant identity provider implementation, complete with full support for OpenID Simple Registration Extension 1.0.


This release includes the following enhancements over 1.0 alpha1:
  • Standalone web application as deployable WAR file
  • OpenID message object model; supports future consumer implementation
  • Trust management user interface (non-persistent trust decisions)
  • Simple Registration Extension user interface
  • On-the-fly l10n and i18n (English, French and German included)
  • Full decoupling from authentication infrastructure through getUserPrincipal
  • Integration with OpenSSO through servlet filter implementation
  • Configurable OpenID identity regular expression pattern
  • Configurable authentication provider principal mapping
  • No more dependencies on OpenSSO internal classes


This is the second release in a planned series of releases. Version 1.0 alpha3 targets to include the following enhancements:
  • Persistent trust decisions (via pluggable persistence SPI)
  • Persistent persona management and associated user interface
  • Integration with other authentication infrastructures
  • Response to errors through published openid.error mechanism
  • Further refinement in preparation for OpenID 2.0 ratification
  • Full supporting documentation
  • Comprehensive logging
For more information, see: As always, any comments and feedback will be most appreciated.
Paul C. Bryan

As soon as I get a chance, I need to go grab this and have a play…

links for 2007-04-26

links for 2007-04-25

Securing Site Access With CardSpace and OpenSSO: An Overview

As you may recall from a previous blog entry, a little while ago, Martin Gee of ICSynergy (one of Sun’s system integrator partners, focussing on identity management, federation and SOA) blogged about some work he’d done integrating OpenSSO with CardSpace. He’s since written this up as an article for Sun Developer Network. It’s a great overview of both CardSpace and the mechanics of extending OpenSSO to support new authentication mechanisms.

It’s good to see folks innovating on OpenSSO, and it’s great to see them documenting their work like this.

links for 2007-04-17