Following the recent trio of OpenSSO Extensions targeting PHP CMS applications (see my previous entries covering the extensions for Drupal, WordPress and Joomla), I decided to look at MediaWiki, the PHP application powering Wikipedia and many other wikis across the web.
In common with the CMS apps, MediaWiki has a very pluggable architecture, making implementation of a single sign-on extension very straightforward, and I was able to get an initial implementation done in a few hours. The user interface is very like the WordPress plugin: just click on the regular ‘log in’ link to be sent to OpenSSO to authenticate; on returning to MediaWiki, the extension validates the OpenSSO cookie and uses it to retrieve the username from OpenSSO, setting up the MediaWiki session.
Encouraged by a comment on my post about the OpenSSO module for Drupal, and the amount of OpenSSO/Drupal buzz on Twitter, I decided to attack WordPress next. Although WordPress has a very different plugin model from Drupal, I was able to reuse much of the code from the Drupal module and get a basic single sign-on plugin working quite quickly. As with the Drupal module, there are certainly bugs in the WordPress plugin – in particular, I just noticed that, if you log in to OpenSSO as a user without a corresponding WordPress account, you can get into a redirect loop if you try to go to a protected page at WordPress. :-/
So… That’s two thirds of the Drupal/Joomla/Wordpress CMS trifecta covered… A competent Joomla hacker should be able to take the Drupal/WordPress work and adapt it pretty easily… Anyone want to try while I’m at Catalyst this week?
Drupal is one of the leading open source content management systems – some would say the leading open source CMS. We’ve had a few requests over the years for OpenSSO/Drupal integration, but no one has hitherto stepped forward. Finding myself with a few spare hours over the last few days, I decided to investigate.
It turns out that, thanks to Drupal’s extensibility through modules and OpenSSO’s identity services, it’s pretty straightforward to get something working. So I did. There is now an OpenSSO module for Drupal [ README | Source – also available via Subversion]. I’m no expert in either PHP or Drupal, so there may well be bugs, but it seems to work well, checking for the OpenSSO cookie when users attempt to access Drupal, redirecting them to OpenSSO to authenticate if necessary, and retrieving a Drupal username from the user’s OpenSSO profile before setting up the user’s Drupal session.
If there’s sufficient demand, I’ll look at going through the process to contribute this to Drupal under GPL, until then, it’s available under CDDL as an OpenSSO Extension.
I just got done adding an authentication module for JA-SIG CAS, kindly contributed by Qingfeng Zhang, so it seems like a good time to have a round up of recent extensions news…
NEW – Authentication Module for CAS – delegate authentication from OpenSSO to CAS. I blogged about this a little while ago; Qingfeng got in touch and offered it as an OpenSSO Extension. See the README for detailed instructions for getting it up and running.
UPDATED – Authentication Module for Information Cards – delegate authentication from OpenSSO to Microsoft CardSpace and other information card providers. Patrick Petit has extensively revamped the InfoCard RP auth module, removing the need for a standalone JavaDB instance and adding configuration pages – see the README for full details.
The Javali presentation is a fairly deep dive into OpenSSO‘s brand new OAuth implementation, while the FISL slides are a higher level overview of identity services in OpenSSO. Grab one or both and mix yourself a caipirinha for the full Brazilian experience 🙂
I just got confirmation that I’m on the bill at the Javali event next Tuesday, June 23, in Porto Alegre, Brazil. Javali, organized by SouJava and RSJUG, focuses on Java and free software, and is held immediately prior to FISL (on which more below). I’ll be doing quite a deep dive on the secure RESTful web services (via OAuth) work we have going on right now, which was first seen in public a few weeks ago at CommunityOne West and JavaOne. Javali will be at the Porto Alegre Serpro offices, Av. Augusto de Carvalho, 1133, from 09:00 to 20:00. I’m on at 18:30 in the Bill Joy Room, just before the pizza, assuming I make my 1 hour layover in Buenos Aires!
As I mentioned above, Javali precedes FISL, now in its 10th year, South America’s biggest open source conference with, according to the FISL home page, over 6000 attendees registered. I spoke at FISL 9.0 last April, and, I have to say, had a GREAT time. I saw an incredible display of energy and enthusiasm for all things open source, from kernel hacking to Ruby on Rails via every application of Java, although I think our evening expeditions in search of churrasco and caipirinhas probably also contributed to my positive recollections 🙂
My session this year, ‘Open Source Identity Services with OpenSSO’, on Friday June 26 at 09:00 in room 40T, looks at the three different approaches we take to identity services in OpenSSO – insulating applications from identity via container plugins, support for standards such as SAML, and lightweight SOAP and REST for interacting directly with OpenSSO. I’ll be covering the secure RESTful web services demo again, but it will be a much higher level view than the Javali presentation.
So – probably not enough notice for anyone to book a trip to Brazil, but, if you’re going to be there anyway, drop in one one or both sessions and say “Hi”! And bring the cachaça! 🙂
It’s not mentioned in either story, but, if you a regular reader of Superpatterns, you’ll already know that Capgemini deployed OpenSSO at Valeo to handle single sign-on, allowing Valeo employees to access their email at Google via their Valeo credentials, without having to manage a separate Google username/password.
If you’re looking at Google Apps, click here to download the ‘starter kit’ we recently produced, which explains exactly how to set up single sign-on to Google Apps using OpenSSO.
In the category “Best innovation”, the award went to the OpenSSO initative, founded and supported by Sun Microsystems. Their project, OpenSSO Fedlet has provided a lean solution for the Identity Federation.
This capped a fantastic week for us at EIC2009 – our second OpenSSO Community Day, hosted here on Tuesday, was a great success, with about 50 attendees coming together for a full day of presentations and discussions centering on OpenSSO. I’ve started uploading slides to the event wiki page – more will arrive over the next few days as I receive them from the presenters.
Felix Gaehtgens managed to corner me on the Sun booth on Wednesday – here’s what I had to say about the OpenSSO Community Day and the latest Fedlet news: