I wish I could say there were spooky goings on this week in OpenSSO, but you’ll have to settle for more adoption news and some fun stuff with OpenSSO and Amazon EC2…
- First up this week, on the OpenSSO Users mailing list, we had an interesting email from Romanov Vladimir, of the R&D department of Russian telecommunications operator Scartel, saying that they are using OpenSSO as the authentication mechanism for their new Yota WiMax network. We’re looking forward to hearing more as they move Yota from test mode into production.
- Staying in Eastern Europe, I noticed the work going on at the Budapest University of Technology and Economics (BME), where they are also using OpenSSO for authentication – a nice diagram and some information on the architecture; unfortunately, Google Translate doesn’t yet stretch to Hungarian, although Adam Lantos of HME (a regular participant on the mailing list) says he’ll send some information in English soon.
- Finally, Mike Hortobagyi, up in Canada, writes today about an experiment I ran last night, deploying OpenSSO onto GlassFish+OpenSolaris at Amazon EC2. Logically, it all should work ok, but it’s great to try something like this and see it actually running up in the cloud. It took me less than 45 minutes to get OpenSSO and the Fedlet running, including uploading the OpenSSO WAR file to the EC2 instance. I’ll leave the instance up for a few days so you can go play – try out the Fedlet (click the link to login, username demo, password changeit), or even the federation validator (same username/password). NOTE – it’s a little confusing, since I gave OpenSSO and the Fedlet the same hostname, but they are independent web applications, with no shared state. You can see all the gory SAML details (WoooOOOooo! Spooky!) in the Fedlet page after you login. Go give it a try; if you get a host not found, or page not found, error, I’ve likely taken the instance down… I can’t keep paying $0.10 per hour forever, you know! 😉
So, there you go – I managed to squeeze in a spooky reference in the end… Happy Halloween, everyone!
The good people at the Computer Security Institute have invited me to speak at their CSI 2008 conference as part of an Identity ‘summit panel’ considering topics in the field of identity, federation and security. Jim Nelson of New Mexico State University is moderating the panel, with John Petze of Privaris, Robert Richardson of the Computer Security Institute and Pamela Dingle of Nulli Secundus also speaking. If you have a taste for the CardSpacey side of digital identity, Pamela’s name will be very familiar from her work at OSIS.
Although the conference site lists the summit as running from 11:00am – 5:00pm on Monday, November 17th, 2008, my understanding is that the panel sessions will run 11am-noon, 1:45pm-2:45pm, and 4pm-5pm. Come along and see where the conversation takes us!
This is a blog entry I’ve been wanting to write for a LONG time… At the Professional Developers Conference today, Microsoft announced that ‘Geneva’, their forthcoming identity platform (part of which is the successor to Active Directory Federation Services), will not only support SAML 2.0 as a token format, but also as a single sign-on protocol. The Federation Wars are over!!!
Lots more to read on the subject:
Me, I’m looking forward to testing OpenSSO with Geneva. We live in interesting times indeed 🙂
If you find yourself demonstrating the Fedlet (and, let’s face it, who doesn’t?), you should find this script useful. Assuming you’ve deployed OpenSSO to Glassfish via the autodeploy directory and created and deployed the Fedlet, it undeploys both, restarts Glassfish (not that you should really need to, but it’s good to start from a safe, known base) and removes the OpenSSO and Fedlet configuration directories. Now you’ll be ready to go round the loop again, without any JavaOne 2008-style hiccups 🙂
Anyone working with OpenSSO and/or Glassfish might find some aspects of the script useful; particularly the way it waits until the apps are undeployed before restarting Glassfish. Autodeploy is one of my favorite Glassfish features. Here’s the output from the script:
pat-pattersons-computer:~ pat$ ./reset.sh
Undeploying the fedlet..Done
Domain domain1 stopped.
Removing Fedlet config directory
Removing OpenSSO config directory
Starting Domain domain1, please wait.
Log redirected to /Applications/NetBeans/glassfish-v2ur2/domains/domain1/logs/server.log.
Redirecting output to /Applications/NetBeans/glassfish-v2ur2/domains/domain1/logs/server.log
Domain domain1 is ready to receive client requests. Additional services are being started in background.
Domain [domain1] is running [Sun Java System Application Server 9.1_02 (build b04-fcs)] with its configuration and logs at: [/Applications/NetBeans/glassfish-v2ur2/domains].
Admin Console is available at [http://localhost:4848].
Use the same port  for "asadmin" commands.
User web applications are available at these URLs:
[http://localhost:8080 https://localhost:8181 ].
Following web-contexts are available:
[/web1 /__wstx-services ].
Standard JMX Clients (like JConsole) can connect to JMXServiceURL:
[service:jmx:rmi:///jndi/rmi://pat-pattersons-computer.local:8686/jmxrmi] for domain management purposes.
Domain listens on at least following ports for connections:
[8080 8181 4848 3700 3820 3920 8686 ].
Domain does not support application server clusters and other standalone instances.
At the park this morning, while Alex was doing his soccer class, Tom was practicing the ‘tree’ pose, balancing on a column
Wow! OpenSSO is HOT right now…
- First up this week is MarkMail. I’ve written before about the insights we’re getting into the OpenSSO community from MarkMail, well, I took a look the other day, and we’ve already had significantly more mail on the OpenSSO Users list this month than any past month in its entirety. Must be something to do with that little event we had at the end of September…
- The GlassFish source code has been browsable from Fisheye for some time. Well, now those good folks at Atlassian have turned their lens on OpenSSO – take a look at the OpenSSO source through Fisheye.
- Google Alerts is a great tool for tracking activity related to OpenSSO – one site that it picked up is Open School Systems – a test lab for multiple open source initiatives related to K-12 school information systems and data exchange. According to their news page, they have selected OpenSSO as their solution for federation, single sign-on and identity management. It’ll be interesting to see what they come up with.
- Satoshi Moriya, a Sun solution architect in Japan, has posted a nice diagram tracing the evolution of OpenSSO (Google translation to English). Hopefully we can keep the same product name for at least the next three releases!
- Speaking of Japan, I’ll be speaking in Japan next month, at the Liberty Alliance Day 2008. The event is on Friday November 7th at BelleSalle Kudan; my session is at 16:20 – OpenSSO – selling Open Source Identity. I’ll be looking at how we open sourced Sun Access Manager, built a community around it and developed OpenSSO Enterprise 8.0. In particular, I’ll be looking at some of the federation-related innovation in ‘8.0, including, of course, the Fedlet.
- Finally, another find from Google Alerts: Implementing Web Access Management at the University of Guelph (in Ontario, Canada) – a poster presentation from the EDUCAUSE 2008 conference. The PDF is worth downloading and printing out as big as you can manage – there’s a lot of practical information on deploying OpenSSO (and Shibboleth).
Finally, OpenSSO is coming to the Stories blog – our first OpenSSO adoption story will run on Monday and will feature… well, you’ll have to go look on Monday, or subscribe to Stories
Chatting in the OpenSSO IRC channel today about OpenSSO versus a range of other open source single sign-on projects, I was passed a link to Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On [PDF] – a presentation from JavaOne 2007. Amazing – I had no idea! I was at JavaOne 2007 and somehow missed this. While it’s obviously a little out of date, Craig Dickson and Naveen Nallannagari of Behr (the paint people) do a great job of surveying the open source SSO landscape. Well worth a look if you’re in the market for open source SSO – go read the paper, then visit OpenSSO for all your open source single-sign on needs