As Ludo mentioned, Marina is looking for new opportunities – if you need a top flight technical author, then email me at and I’ll pass your message on to her.
As always, a bumper crop of OpenSSO news from the last couple of weeks…
- One piece of advice I often give to people wrestling with tricky issues relating to redirects and cookies is to download the LiveHTTPHeaders Firefox plugin, or its IE equivalent ieHTTPHeaders. In Troubleshooting OpenSSO with Firefox Add-Ons, Jim Faut and Rick Palkovic explain just how to use LiveHTTPHeaders and HackBar, which is a new one on me. Where LiveHTTPHeaders gives you detail on the HTTP requests and responses flying back and forth, HackBar lets you drill into the associated data, removing layers of URL and Base64 encoding from URL parameters and HTTP headers. Jim and Rick get right into the detail of the OpenSSO login process, using the tools to uncover what is really going on. A great read for anyone wanting to go under the covers of OpenSSO.
- One that got away from me here on Superpatterns, though Eduardo covered it at The Aquarium – Sidharth Mishra, OpenSSO Technical Product Manager and Ajay Sondhi, OpenSSO Deployment Engineering Manager, presented a webinar last week covering OpenSSO – Overview, Stories and Roadmap last week as part of The Aquarium Channel. Ajay’s section includes details of the Verizon Wireless deployment I’ve mentioned before, so this is well worth investigating if you’re interested in ultra high-scale OpenSSO deployments.
- We just got done with CommunityOne East, last week in New York City, CommunityOne West will run alongside JavaOne in San Francisco in June, but did you know about CommunityOne North? On April 15th, CommunityOne comes to the Folketeatret in Oslo, Norway. Flying the flag for OpenSSO will be Jonathan Scudder, a consulting identity architect, with a session on Developing Secure Web Services for the Cloud. More details at the Community One North Content Catalog – Jonathan’s session is at 13:00 in Breakout 1.
- While we’re ‘out in the community’, Qingfeng Zhang, a Senior Java Developer at the University of New South Wales, Australia, has posted a video showing how to install and configure OpenSSO on Tomcat on Windows. I know folks often stumble when deploying OpenSSO on Tomcat, since, compared to GlassFish, there are a couple of additional steps required. Qingfeng’s video clearly shows how to get it done.
- Back at Sun, Metro supremo Harold Carr presented at the Utah Java Users Group last week on Metro, Jersey, GlassFish, OpenESB and OpenSSO – a real whirlwind tour, particularly since he only had a 20 minute slot! Harold has posted slides, plus Q&A and other notes from the session.
- Finally, DocTeger has rewritten Chapter 11 of the Sun OpenSSO Enterprise 8.0 Technical Overview: Choosing a Federation Option. The new version is much clearer on the relative positions of the various federation protocols – use SAML 2.0 where possible, WS-Federation if you really need to integrate with ADFS, and SAML 1.1 or Liberty ID-FF only if you’re connecting to partners with no SAML 2.0 capability. Great job, Michael!
Sun is hiring engineers for OpenSSO and related identity products – we have a number of positions spanning engineering, QA and UI design. If you read my blog regularly, you’ll know that OpenSSO is hot stuff – open source single sign-on, federation and secure Web services, delivered as Sun OpenSSO Enterprise and used in deployments large and small.
BTW, we have a referral bonus scheme at Sun, so, please, if you do apply for any of these positions, list me (Pat Patterson, ) as the referrer – I’ll buy you lunch once you start 🙂
UPDATE – I added another position and updated the publication time… We may have more reqs in the pipeline, so watch this space…
- Entry Level Engineer (0-2 yrs experience) – we’re looking for junior folks with some experience in Java, C++, J2EE, XML, servlets, and web technology development. Any middleware experience would be a bonus.
- Senior Quality Engineer (6+ yrs experience) – a rare opportunity to get into one of the best QA teams in the business – OpenSSO QA team manager Indira Thangasamy talks about what’s involved.
- Interaction Designer / Information Architect (0-2 yrs experience) – anyone seeing the evolution of Access Manager into OpenSSO over the past few years will have seen our emphasis on ease of use and UI design. We’re not done yet, though! We need another UI designer to work on projects across the identity management product line.
- Senior Java-based User Interface Developer (3+ yrs experience) – JSF, RIA, Ajax – buzzword heaven in this UI developer post. The job spec currently says ‘Identity Server project management’, but it looks like that’s a typo for ‘Identity Manager‘ – OpenSSO’s provisioning cousin. Unlike the other jobs, which are all Bay Area-based, this one is ‘Any US Sun Location’ – a great opportunity if you have wicked Java Web UI skills but are based in Colorado, or Massachusetts, or Texas, or…
Tyler Akins' email address encoder. Works great and provides a layer of protection from email address harvesting bots.
Many thanks to all who attended (I counted at least 50) and spoke at our very first OpenSSO Community Day this past Tuesday in New York City, and to NYU for making available such an excellent facility.
We had a range of speakers: some from the OpenSSO product team, some from other parts of Sun, and even one SI partner – Mike Schwartz from ID-Vault. As promised, we assembled the agenda at the start of the day, and managed to fit in nine 40 minute sessions covering pretty much every aspect of OpenSSO. Almost all the slides are online at the event wiki page (slides, please, Brad!).
If you attended the community day, please complete the Meetup survey – we’d love to have your rating and comments.
The next stop for the OpenSSO Community Day roadshow will be Munich, on May 5. Remember, if you’re also planning to attend the European Identity Conference (hosts for our event), you can get 20% off your registration fee by quoting the discount code OPENSSO.
Lots of news over the last couple of weeks from the world of OpenSSO. Events in New York, new Fedlet innovations and more; read on…
- The first OpenSSO Community Day fast approaches – next Tuesday, March 17 2009 at the NYU Kimmel Center in Greenwich Village, New York City. We’re fully booked now, but there are still some folks on the ‘maybe’ list, so you can sign up on the waiting list and bag a place if one of those maybes turns into a ‘no’.
- Late-breaking news for next week – I’ll be joining Java evangelist Sang Shin for his Community One East session “OpenSSO: Enterprise Security”. We’ll be presenting in Breakout Room 4 at 10:10am on Wednesday, March 18 2009.
- One I mentioned over at The Aquarium last week – we’ve posted the OpenSSO release schedule for the next year. There’s lots of detail on the features planned for the next few express builds of OpenSSO, as well as OpenSSO Enterprise 8.1, scheduled for March 2010.
- Giuseppe Gennaro, a recent hire into the OpenSSO engineering team, has blogged about the long-awaited .Net version of our Fedlet. Like its Java cousin, the .Net Fedlet will easily federation-enable .Net applications via SAML 2.0. If you’re working with federation in .Net-land, keep an eye on Giuseppe!
- Super Sun SE Jeff Bounds doesn’t blog often, but when he does, it’s all goodness. His most recent entry is OpenSSO Authentication with Active Directory (Part 1), expanding on the OpenSSO documentation to provide a step-by-step tutorial for using OpenSSO with AD, chock-full of screenshots. More great stuff for the Microsoft-oriented.
- Hot on the heels of my recent entry pointing out the interaction between SAML and XACML, Steven Jarosz, another star Sun SE, has started to document some interesting ways of deploying the Fedlet, the first being a XACML policy enforcement point (PDP). People sometime ask me “How does open source make a difference in identity at Sun?” – this is a perfect example – these innovative applications would be an order of magnitude more difficult, if not impossible, without the source code freely available.
- Our cousins in Sun Identity Manager-land just announced Identity Connectors, an open source project providing a framework and toolkit for creating Identity Manager connectors, as well as 8 connector bundles covering systems from AD to DB2 to VMS, with Google Apps coming soon. The Identity Connectors blog is the place to watch for more info.
That wraps things up for this week. Don’t forget, if you’re planning to attend the European Identity Conference 2009 in May, the second OpenSSO Community Day will be there on the Tuesday, May 5 2009. Register at Meetup and you can pick up a discount code for 20% off the cost of your EIC registration. Bargain!
I just finished another OpenSSO Extension – this time, an authentication module for the Swekey authentication key (README, source). The authentication module prompts the user for their username and uses the Swekey to generate a one-time password, which is validated against the Swekey authentication server.
It’s interesting to contrast the Swekey with the Yubikey, which I covered here a few months ago. Where the Yubikey emulates a USB keyboard, requiring no special client software, the Swekey requires a driver. On the other hand, where the Swekey is invoked automatically by a browser plugin, requiring no user intervention apart from inserting the device into a USB port, the Yubikey requires the user to press its button and, potentially, ensure that the cursor is in the correct input field. One thing they do now have in common, though: they both work with OpenSSO 🙂
So, if you have a Swekey, grab the authentication module, deploy it (see the README) and let me know how you get on.