I’ve blogged before on OpenSSO Extensions – useful modules that do not fit into the OpenSSO ‘core’. Among the various categories of extension are ‘authentication modules’ – one of the most common customizations for OpenSSO and Access Manager. An authentication module supports a particular mechanism for collecting and verifying a user’s credentials – common mechanisms that are supported out-of-the-box include username/password against LDAP, client certificates (encompassing browser certs and smartcards) and Windows Desktop SSO (aka SPNEGO, aka Kerberos).
Of course, technology refuses to stand still, and new authentication mechanisms are constantly being developed and deployed – new biometrics, hardware tokens, even whole new authentication protocols. Over the past few months, we’ve seen a clutch of new authentication modules in OpenSSO, so it’s time to take a look at what’s new…
- The Hitachi Finger Vein Biometric module (README), developed by Yasushi Iwakata, interfaces with a infra-red based reader to use the unique patterns of veins in each user’s finger as a credential. Yasushi recently left Sun, but continues as an external contributor to OpenSSO.
- Jeff Bounds blogged about his Verisign Identity Protection module back in June. Since that blog entry, Jeff has uploaded the source as an OpenSSO Extension, so it’s available to all; the README and Jeff’s blog entry have everything you need to get started.
- Strictly speaking, Wajih Ahmed‘s RSA Access Manager authentication module is located in the ‘core’ OpenSSO area, but it’s an authentication module just the same. It allows you to integrate OpenSSO (or, of course, Access Manager) with, uh, RSA Access Manager (formerly known as ClearTrust) for co-existence, either permanently or as an initial phase in a migration. Again, there’s a README to get you started.
So, three very different authentication modules. Maybe you have an idea for a fourth?