OpenSSO at CPqD

CPqD provides Operations Support and Business Support systems, training and consulting services to the telecommunications industry. Mário Celso Teixeira, of CPqD’s Brazilian facility, describes their OpenSSO deployment in an email today to the mailing list:

I want share with you that CPqD have deployed the OpenSSO as a single sign-on solution for 3000 users and 75 applications in October, 2008.

After 4 months, 75 corporate applications was customizeds to use the single sign-on system where the user´s identity are provided for Windows Active Directory.

Primarily we went to install CAS server as a single sign-on product but, in April 2008, me (Mario Celso Teixeira) and Gustavo Chaves were at FISL 9.0 in RS, Brasil and saw the Pat Patterson presentation and we decided test the solution.

The strategy adopted was to install the Policy Agents in the application servers that are used for our applications (IIS 6.0, Apache, Jboss, Tomcat) and not customize each one using Opensso API, to minimize implementation efforts.

After one week live in production, the users are very satisfied because, before, each user could have 15 different accounts and passwords to access the applications.

Next, we want to implement Federation and Identity Management

Wow. 75 applications in four months, across IIS, Apache, JBoss and Tomcat. That’s impressive! Thank you for sharing your OpenSSO success story, Mário

Diversity of the OpenSSO Community

I was looking at MarkMail today, specifically at September 2008’s emails to, and it struck me how many were from folks outside Sun. In fact, looking at the Top 20 senders, only 10 are in the ‘OpenSSO team’ at Sun. Another 4 (shown highlighted in light yellow) are folks from elsewhere in Sun, with 6 of the Top 20 (highlighted in yellow) being participants from outside Sun.

1) Pat Patterson 27
2) Rohan Pinto 22
3) Dennis Seah 21
4) Aaron Sheffey 19
5) Shesh Kondi 17
6) Deepak Pasupunatla 13
7) David Goldsmith 12
8) John Domenichini 11
9) Robert Dale 11
10) Hua Cui 10
11) Dilli Dorai 9
12) Tim Reynolds 9
13) Damien Covey 8
14) Amit Snyderman 7
15) Nikolaos Giannopoulos 7
16) Sean Brydon 7
17) Ashok Anumandla 6
18) Ezra Simeloff 6
19) Florian Thiel 6
20) Qingwen Cheng 6

Intrigued, I looked at the Top 20 senders since OpenSSO began, expecting to see far fewer ‘external’ senders over the long run, but was very pleasantly surprised to see just as many there:

1) Pat Patterson 288
2) Dennis Seah 271
3) Michael Teger 125
4) Sean Brydon 117
5) Hua Cui 116
6) Nikolaos Giannopoulos 103
7) Dilli Dorai 100
8) Hedrick, Brooke 86
9) David Holroyd 76
10) Milton Lima 72
11) Nebergall, Christopher 69
12) Subba Evani 63
13) David Goldsmith 61
14) Ping Luo 61
15) Tim Reynolds 59
16) Indira Thangasamy 57
17) Rajeev Angal 53
18) Shivaram Bhat 53
19) Robert Dale 49
20) Qingwen Cheng 46

One consequence of this diversity is that the pool of OpenSSO expertise is growing and we now have questions being asked and answered on the mailing list, by folks ‘out there’ in the wider community, while we in Santa Clara are all tucked up in bed. You know, I think there’s some substance to this ‘open source’ thing…

Sun Secure Global Desktop and OpenSSO Integration

Sun Solution Architect Joachim Andres (aided and abetted by Paul Walker and Andy Hall) has just written up an integration [PDF] of OpenSSO with Sun Secure Global Desktop. Secure Global Desktop (SGD for short) provides secure access to centralized Windows, UNIX/Linux, Mainframe and Midrange applications from a wide range of popular client devices, including Microsoft Windows PCs, Solaris OS Workstations, thin clients and more (can you tell I cut’n’pasted that from the product page? ). One of the most interesting client interfaces to SGD is via a Web browser – you can see it in the demo I recorded with Michael Coté of Redmonk – which brings it into OpenSSO’s sphere of control.

This integration is a great example of the use of policy agents with existing applications – the policy agent sets the REMOTE_USER server variable and SGD is configured to pick that up rather than use its own login page. With that, and a tweak to SGD’s logout logic to send the browser to OpenSSO’s logout page, we have a very neat integration. Check it out [PDF].

links for 2008-10-01

OpenSSO Enterprise 8.0 Launch Coverage

I covered the OpenSSO Enterprise 8.0 launch event yesterday – here is a selection of the more interesting articles and quotes in reaction to the announcement:

• Sun’s press release has Chris Harvison, an Enterprise Architect at Scotiabank, looking forward to deploying OpenSSO: “Sun OpenSSO Enterprise brings innovations such as Fedlets and multi-protocol support that will simplify the on-boarding of new federation partners and reduce the costs of doing so. The new tools provide a means to quickly and economically drive SSO across our global organization.”
• In Sun goes commercial with OpenSSO, Network World quotes Gerry Gebel of analyst firm The Burton Group: “We are seeing a growing interest in OpenSSO and open source in general. People are looking for different options on software licensing and support. They are not always happy with the price tag on commercial software licenses.”
• Meanwhile, quotes Andras Cser of Forrester Research in its article Sun launches open source OpenSSO for identity management: “If something is open source, you get a whole community feeling, a community buzz around the product. The features are one thing, but at the end of the day, you really want to have a developer community and commercially available implementation talent for software.”
Felix Gaehtgens of European analysts Kuppinger Cole closes his article Sun’s new Access Manager is now OpenSSO Enterprise “With some sarcasm, many IT professional note that ‘Express’ is a synonym for ‘limited’ and ‘Enterprise’ is a synonym for ‘Expensive’. Sun will have to educate its customers that this is certainly not the case for OpenSSO.” Message received and understood, Felix!
• Finally, Redmonk‘s Michael Coté interviews Daniel and me on OpenSSO’s support for single sign-on to software as a service (SSO to SaaS, if you’re feeing terse), including demos of single sign-on to Google and, plus Rajeev‘s OpenSSO QuickStart prototype.