Recently Asked Questions on OpenSSO

2 minute read

OpenSSO is really taking off now - the number of participants continues to grow daily, we’ve had some really interesting discussions on the IRC channel, and folks around the world are writing their own how-to guides.

A couple of related questions have arisen recently: “How, exactly, are OpenSSO, Access Manager and Federation Manager related?” and “Can I get support on OpenSSO?”. These questions are almost answered in the OpenSSO FAQ - I’ll provide full answers here and push them into the FAQ for future reference.

Q1: How, exactly, are OpenSSO, Access Manager and Federation Manager related?

OpenSSO is based on the Access Manager 7.0 codebase. There are some changes - for example, Access Manager contains some third party source code which we cannot redistribute - but we have worked to minimize these. The next versions of Federation Manager and Access Manager will be built from the OpenSSO source - just like Sun Java System Application Server is built from the Glassfish source. When we are happy that OpenSSO contains the features we want to release in the next AM/FM product release, we will branch the code and stabilise the release branch - all in public. New feature development can continue on the trunk, and fixes in the release branch will be copied to the trunk.

Q2: Can I get support on OpenSSO?

The short answer is “No.” Sun will support Access Manager and Federation Manager, which will, as noted above, be built from the OpenSSO source. However, we never say never. If there is sufficient demand, we will consider other support offerings.

The best place for follow-up discussion on these topics is the OpenSSO users mailing list (click here, login and scroll down to the [email protected] to subscribe), but feel free to leave comments here also.

Q3: Is opensso exactly same as Sun AM 7.1 from end user perspective? Can I use all Sun AM 7.1 beta docs for OpenSSO? If there are differences, what are they? (Added 12/8/2006)

Right now (Dec 8 2006), there are some deltas between AM 7.1 and OpenSSO. Due to schedules and logistics, work on AM 7.1 and OpenSSO proceeded in parallel. We are porting all AM 7.1 features and fixes to OpenSSO right now. For the most part, you can use AM 7.1 beta docs, but there are some differences:

  • Policy Agent 2.2 for Web Services. To be added to OpenSSO.
  • Java Management Extensions (JMX) support. To be added to OpenSSO.
  • There is no federation console in the Open Federation build of OpenSSO, although all federation features are present and configurable from the command line. We are migrating the entire console from JATO (Sun’s previous, proprietary web application framework) to JavaServer Faces (JSF) - the federation console will be the first to move over.
  • Numerous minor bug fixes and RFEs. To be added to OpenSSO.



Nipun Batra

Hi I am trying to achieve SSO and evaluating opn SSO project. However I am not able to understand this product as there are no documents. Please can you point me where I can find detailed documents for this project. I tried to refer document of Access Manager 7 on, However the things described there is not available here. For example developers guide mentions about few client code and client war. The same is not available here. The openssodemo.war says that it includes both opensso.war and few extra client directories, however there is no README or Sample code or anything else which says how SSO is achieved. I am sorry if I sounded bit frustrated here, actually I have wasted quite some time on this project, I started with evaluating Sun Identity manager …… When I downloaded the project on Sun, all I got is Web Agent which is available as Access manager download. While going through the documents of Web Agent (called as Access Manager on I found that Access Manager is something totally different. I tried hard to find Access Manager and after doing some research I found its now opensso project. It is not at all mentioned on Sun Website that this project is now open source. And when I came here and read documents I found nothing concrete in terms of sample codes etc. I will really Appreciate if you can help me regarding this issue. Thanks Nipun

Dennis Seah

hi Nipun We can help if you can tell us the single sign on solution(s) that you are looking for? As you may know that OpenSSO is actually Java Enterprise System Access Manager 7.1, we are open sourcing all the major features. Docs for Access Manager 7.0 is at (We have yet to release the docs for release 7.1) At the docs site, there are alot of information ranging from different type of authentication methods, session failover, policy management, evaluation and enforcement, etc. Again, it will be great if you can send an email to [email protected] with your requirements and our engineers can help you along. thanks

Trung Tran

Hi. I’ve downloaded opensso and openfm but can’t seem to find SAML authentication module. Is it not included because of the 3rd party issues you stated from above or am I missing something?


Hi, Can anyone answer my questions plz. 1) Is opensso exactly same as Sun AM 7.1 from end user perspective? (Can i use all Sun AM 7.1 beta docs for opensso?) 2)If there are differences, what are they?

Rajeev Angal

The MQ related code for session failover is abstracted using pure JMS calls (JSR 914) - that allows a compliant MQ implementation to be plugged in. However this abstraction has not been tested with any other plugin apart from Sun’s JMQ implementation as pointed out by others.


Hi Pat, I have berkeleydb 4.5 for windows.opensso is deployed in jboss. Along with sun mq what configuration i have to do to achieve session failover in opensso? I’ve read the am 7.1 doc which does not provide much implemention details about web based configuration.


Hi David, addressing your second question first, HADB is part of Sun's Application Server. OpenSSO's session failover feature uses a container-independent session persistence mechanism based on Berkeley DB and Sun's Message Queue.

On the the first question, I guess you've already read the Implementing Session Failover document. If so, could you post your question to the [email protected] mailing list (you can sign up here)? The folks there should be able to guide you.

Leave a Comment

Your email address will not be published. Required fields are marked *