OpenSSO Halloween Tab Sweep

I wish I could say there were spooky goings on this week in OpenSSO, but you’ll have to settle for more adoption news and some fun stuff with OpenSSO and Amazon EC2

  • First up this week, on the OpenSSO Users mailing list, we had an interesting email from Romanov Vladimir, of the R&D department of Russian telecommunications operator Scartel, saying that they are using OpenSSO as the authentication mechanism for their new Yota WiMax network. We’re looking forward to hearing more as they move Yota from test mode into production.
  • Staying in Eastern Europe, I noticed the work going on at the Budapest University of Technology and Economics (BME), where they are also using OpenSSO for authentication – a nice diagram and some information on the architecture; unfortunately, Google Translate doesn’t yet stretch to Hungarian, although Adam Lantos of HME (a regular participant on the mailing list) says he’ll send some information in English soon.
  • Finally, Mike Hortobagyi, up in Canada, writes today about an experiment I ran last night, deploying OpenSSO onto GlassFish+OpenSolaris at Amazon EC2. Logically, it all should work ok, but it’s great to try something like this and see it actually running up in the cloud. It took me less than 45 minutes to get OpenSSO and the Fedlet running, including uploading the OpenSSO WAR file to the EC2 instance. I’ll leave the instance up for a few days so you can go play – try out the Fedlet (click the link to login, username demo, password changeit), or even the federation validator (same username/password). NOTE – it’s a little confusing, since I gave OpenSSO and the Fedlet the same hostname, but they are independent web applications, with no shared state. You can see all the gory SAML details (WoooOOOooo! Spooky!) in the Fedlet page after you login. Go give it a try; if you get a host not found, or page not found, error, I’ve likely taken the instance down… I can’t keep paying $0.10 per hour forever, you know! ๐Ÿ˜‰

So, there you go – I managed to squeeze in a spooky reference in the end… Happy Halloween, everyone!

Speaking at CSI 2008, Washington, DC, November 17 2008

The good people at the Computer Security Institute have invited me to speak at their CSI 2008 conference as part of an Identity ‘summit panel’ considering topics in the field of identity, federation and security. Jim Nelson of New Mexico State University is moderating the panel, with John Petze of Privaris, Robert Richardson of the Computer Security Institute and Pamela Dingle of Nulli Secundus also speaking. If you have a taste for the CardSpacey side of digital identity, Pamela’s name will be very familiar from her work at OSIS.

Although the conference site lists the summit as running from 11:00am – 5:00pm on Monday, November 17th, 2008, my understanding is that the panel sessions will run 11am-noon, 1:45pm-2:45pm, and 4pm-5pm. Come along and see where the conversation takes us!

Welcome, Microsoft, to the World of SAML 2.0

This is a blog entry I’ve been wanting to write for a LONG time… At the Professional Developers Conference today, Microsoft announced that ‘Geneva’, their forthcoming identity platform (part of which is the successor to Active Directory Federation Services), will not only support SAML 2.0 as a token format, but also as a single sign-on protocol. The Federation Wars are over!!!

Lots more to read on the subject:

Me, I’m looking forward to testing OpenSSO with Geneva. We live in interesting times indeed ๐Ÿ™‚

Script to Reset Fedlet Demo

If you find yourself demonstrating the Fedlet (and, let’s face it, who doesn’t?), you should find this script useful. Assuming you’ve deployed OpenSSO to Glassfish via the autodeploy directory and created and deployed the Fedlet, it undeploys both, restarts Glassfish (not that you should really need to, but it’s good to start from a safe, known base) and removes the OpenSSO and Fedlet configuration directories. Now you’ll be ready to go round the loop again, without any JavaOne 2008-style hiccups ๐Ÿ™‚

Anyone working with OpenSSO and/or Glassfish might find some aspects of the script useful; particularly the way it waits until the apps are undeployed before restarting Glassfish. Autodeploy is one of my favorite Glassfish features. Here’s the output from the script:

pat-pattersons-computer:~ pat$ ./
Undeploying the fedlet..Done
Undeploying OpenSSO........Done
Domain domain1 stopped.
Removing Fedlet config directory
Removing OpenSSO config directory
Starting Domain domain1, please wait.
Log redirected to /Applications/NetBeans/glassfish-v2ur2/domains/domain1/logs/server.log.
Redirecting output to /Applications/NetBeans/glassfish-v2ur2/domains/domain1/logs/server.log
Domain domain1 is ready to receive client requests. Additional services are being started in background.
Domain [domain1] is running [Sun Java System Application Server 9.1_02 (build b04-fcs)] with its configuration and logs at: [/Applications/NetBeans/glassfish-v2ur2/domains].
Admin Console is available at [http://localhost:4848].
Use the same port [4848] for "asadmin" commands.
User web applications are available at these URLs:
[http://localhost:8080 https://localhost:8181 ].
Following web-contexts are available:
[/web1  /__wstx-services ].
Standard JMX Clients (like JConsole) can connect to JMXServiceURL:
[service:jmx:rmi:///jndi/rmi://pat-pattersons-computer.local:8686/jmxrmi] for domain management purposes.
Domain listens on at least following ports for connections:
[8080 8181 4848 3700 3820 3920 8686 ].
Domain does not support application server clusters and other standalone instances.

Extreme Yoga!

At the park this morning, while Alex was doing his soccer class, Tom was practicing the ‘tree’ pose, balancing on a column

OpenSSO Tab Sweep – Oct 24 2008

Wow! OpenSSO is HOT right now…

Finally, OpenSSO is coming to the Stories blog – our first OpenSSO adoption story will run on Monday and will feature… well, you’ll have to go look on Monday, or subscribe to Stories

Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On

Chatting in the OpenSSO IRC channel today about OpenSSO versus a range of other open source single sign-on projects, I was passed a link to Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On [PDF] – a presentation from JavaOne 2007. Amazing – I had no idea! I was at JavaOne 2007 and somehow missed this. While it’s obviously a little out of date, Craig Dickson and Naveen Nallannagari of Behr (the paint people) do a great job of surveying the open source SSO landscape. Well worth a look if you’re in the market for open source SSO – go read the paper, then visit OpenSSO for all your open source single-sign on needs