Sun OpenSSO
Great article on use of Sun OpenSSO and simpleSAMLphp
Submitted by Andreas Åkre Solberg [1] on 3 December, 2008 - 08:45
Thomas Varghese and Marina Sum from Sun Microsystems have written a great article on how to setup a CRM called SugarCRM with simpleSAMLphp, and connect it to a Sun OpenSSO IdP.
Documentation based on scenarios from reality is great and easier to understand for users.
I found the link to the article from Daniel Raskin's blog.
Infocard RP Module to simpleSAMLphp available
Submitted by enrique@uninett.no on 2 December, 2008 - 14:10
Finally, this morning we have uploaded the Infocard Relying Party (RP) module to subversion. There is no documentation yet but the configuration file and the code itself should be self-explanatory. A few issues are still open:
- Policy support through WS-SecurityPolicy
- STS certificate validation. Any certificate will be ok by now. As far as I know, it is up to the application to check this.
STS support will be integrated in this module. Currently is still in beta state, if any of you want to test it, please let us know.
This code is a contribution of Samuel Muñoz Hidalgo, a CS Student of the University of Alcala and it has been supported by RedIRIS.
OpenSSO Enterprise Ready - Go Get It!
Submitted by Andreas Åkre Solberg [1] on 11 November, 2008 - 23:00
Today is the official release date of Sun's OpenSSO Enterprise product, the 8.0 version of the product set formerly known as the "Access Manager/Federation Manager", which was publicly announced on September 30th.
If you have experience with OpenSSO (Enterprise) contact me and tell me what you think. My impression is that Sun is moving towards simpler deployments - something I like.
Please add SLO support to Fedlets Sun
Submitted by Andreas Åkre Solberg [1] on 21 August, 2008 - 08:38
I was a bit surprised when I read that Fedlets did not include SLO support.
Sun, please add Single Log-Out support to Fedlets. Without Single Log-Out the product cannot be used in Feide.
Sun announces OpenSSO Express
Submitted by Andreas Åkre Solberg [1] on 21 August, 2008 - 08:36
Sun OpenSSO Express is the stable builds from Sun's open source project OpenSSO. OpenSSO is a fork of Sun Access Manager code, and Sun Access Manager is discontinued ASFAIK.
As Sun already has names like Access Manager, Federation Manager, OpenSSO, Fedlets and Federated Access Manager, it comes as no big surprise that they announces yet another name to remember ;) Express.
OpenSSO Express is probably a big milestone in the identity history of Sun, and for sure worth exploring. Go get it at: opensso.org. I know I will, but I don't know when I have time for it.
I both hope and believe that the name Express reflects that the codebase is more lightweight and easy to install/configure than the prior AM product.
[ More information about Sun OpenSSO Express at the OpenSSO wiki ]
More information about Federated Access Manager 8.0
Submitted by Andreas Åkre Solberg [1] on 6 November, 2007 - 09:40
I'll try to summarize all the links to things written about Sun Federated Access Manager 8.0, and I noticed a blog over at Sun called Virtual Daniel. There you'll find two blog entries with interesting information about the features and roadmap
The main feature of FAM 8.0 seems to be: Simplification! Simplification! Simplification!. I could not agree more about the importance of that, so I really look forward to take a closer look at (download, install and play) FAM 8.0.
Service Provider's Guide to Feide Integration
Submitted by Andreas Åkre Solberg [1] on 28 October, 2007 - 17:59
This document is meant as a hand-out to new service providers who want to integrate their application with Feide authentication. This document is targeted to techincal people. It contains a large amount of links, so you will be able to find more documentation on what's unclear.
Slides about SAML 2.0 Software
Submitted by Andreas Åkre Solberg [1] on 10 June, 2007 - 23:00
We walk through some of the software alternatives for running a SAML 2.0 SP, that is available today.
Google Apps and Sun Access Manager
Submitted by Andreas Åkre Solberg [1] on 1 June, 2007 - 07:45
I did some work on trying to configure Google Apps Education with Sun Access Manager. Both apps supports SAML 2.0, and should in theory work smooth together.
The general challenge with SAML 2.0 is that the standard is wide, leaving alot of options for the apps, and apps tends to support a subset of all possible configurations.
Some examples of things that may differ: NameID formats, SSO and SLO bindings (Browser/POST, Artifact, HTTP-REDIRECT etc), attribute push versus attribute profile, kind of PKI (POST simple bind versus xmldsig), management of PKI (selfsigned, own root, trusted root, revocation, etc), use of PKI (what to sign, response or assertion, require signed requests, etc), storage of certs (keystores versus metadata) and last but not less important attribute namespaces, syntax and semantics.
Deploying Open Federation (openfm) with the Resin application server
Submitted by Andreas Åkre Solberg [1] on 26 April, 2007 - 05:54
Thanks to Odd Johan Berland from Inspera,
who figured this out for us.
who figured this out for us.
To get Open Federation to work with the resin application server, you need to switch to the Xerces / Xalan XML engine.
Getting Xerces / Xalan
Collect the following jar files from Xerces and Xalan:
- xml-apis.jar
- xercesImpl.jar
- serializer.jar
- resolver.jar
- xalan.jar
Put the files above into the lib folder of your resin installation.
Next, edit the following XML-fragment in resin.conf, under the resin root element: