The Fedlet Lives!!!

If you’re following OpenSSO at all, you can’t have failed to notice the recent buzz around the Fedlet – from Daniel (complete with screencast), Eve Mark D, Mark H, Tatsuo, Derrick, Marina and Daniel at Sun to Coté at RedMonk and Enrico at Tenthline.

Briefly, the ‘Fedlet’ is a package that a SAML 2.0 identity provider can create to quickly federation-enable a small service provider. The idea is that, if you’re running a single web application, you’re not going to want to deploy a whole ‘nother server to run a standalone service provider. What you want is a little package of code and configuration to federation-enable your web app. You want the Fedlet.

I’ve been wrapped up in demos and travel for the past month or so, so I haven’t had much of a chance to play with the Fedlet. Since I’m planning to demo it in my session at CommunityOne on Monday, I thought I’d better do so – I set aside this afternoon to get it working. Turns out I was a little pessimistic there – here’s what I did, in less than an hour:

  • Update from OpenSSO CVS (cvs -q update -dP)
  • Cleaned out previous build detritus and built the WAR file (ant clean && ant server-war)
  • Deployed onto Glassfish (don't forget to change GF's -client JVM option to -server, as detailed in the release notes!)
  • Pointed Flock (my preferred web browser du jour) at the newly deployed OpenSSO at (I alias to in /etc/hosts), configured OpenSSO to use the embedded OpenDS instance for its configuration and user stores.
  • Logged in as amadmin, created a SAML 2.0 identity provider and a Fedlet.
  • Unzipped the Fedlet, deployed it into Glassfish.
  • Ran the Federation validator to check that SSO is operational.
  • And...

When you spend your time in the weeds of a project, you always half expect any given step to fail due to some issue or another. Perhaps some recent fix destabilized something; perhaps some errant process has eaten my laptop's memory; whatever. So it was extremely gratifying when all of the above passed off without a hitch. I won't tell you what I muttered under my breath as the federation validator completed and gave me the thumbs up, but the second word was "cool!"

2 Replies to “The Fedlet Lives!!!”

  1. Pat,

    It’s always nice to hear from others just how easy it is to do something, and I wish I could say that were always the case. Fedlets look great and I wanted to try them out for myself.

    Now, I don’t have a test environment, and I’m stuck with XP for my testing, but I didn’t seem to have the same luck. What OS do you use?


    P.S. When was the last time you posted about a good whisky?

  2. Hi Bluesheep,

    I’m using Mac OS X – the big upside for me is that it’s Unix underneath, so everything is ‘sane’. Having said that, it should definitely work on XP – I’ll pass your message on and try it on my home machine.

    Last whisky post was – October 2007! Yes – I’m well overdue for another. In fact, I finished that bottle off just the other night, sadly. It was a good one.



Leave a Reply

Your email address will not be published.