planets.sun.com <beta>

Howdy Peoples!

Next week is JavaOne and there is a lot of excitement brewing around Sun. In the world of identity we're gearing up to host a workshop titled "OpenSSO: Creating Federated Relationships with Software as a Service, Social Networking, and Web 2.0 Applications" on Monday May 5 at 4pm in Hall E 135. This session is part of CommunityOne, which is free of charge to attend. All you need to do is register. See you there!

I mentioned our upcoming CommunityOne session back when I posted my Spring/Summer schedule; now I have a time and place, since the CommunityOne schedule was just published. We'll be presenting "OpenSSO Workshop: Creating Federated Relationships with Software as a Service, Social Networking, and Web 2.0 Applications" on Monday May 5 at 4pm in Hall E 135.

By the way, CommunityOne is free of charge to attend, though you do need to register. See you there!

Nice pic of me kicking off my OpenSSO preso at FISL - thanks, boaglio!

• Using a Load Balancer
• Configuring Cookie-based Sticky Request Routing

Last week, I joined Red Monk's Michale Cote and Brandon Whichard on the Identity Buzz podcast. We talked about The Fedlet, a small, light-weight way to get identity federation setup with Sun tools. Click on the link below to listen and enjoy!

Download the episode directly here, or subscribe to the RSS feed in iTunes or other podcatcher to have it auto-downloaded.

1. FAMAgentBootstrap.properties* contains bootstrap data and is stored on the agent machine. This file indicates the location from where the configuration properties need to be retrieved. It is used by agents profiles configured locally or centrally.
2. FAMAgentConfiguration.properties* contains local configuration data and is stored on the agent machine. It is only used by agent profiles configured locally.
3. The configuration data store holds the remainder of the agent configuration data.

前に言及した Fedlet が, いよいよ最近の OpenSSO で使える状態になってる.

試してみた感じでは,

1. OpenSSO の Common Tasks から Create Hosted Identity Provider を実行し, Fedlet の親となるアイデンティティ・プロバイダ (IdP) を設定
2. その流れで Create Fedlet を実行し, Fedlet の配備先となるサービス・プロバイダ (SP) の情報 (URL とか) を指定して, その SP 特有の設定情報が詰まった Fedlet.zip を生成
3. 産みおとされた Fedlet.zip から fedlet.war を抽出し, SP 側のアプリケーション・サーバに配備
4. IdP と SP との間での疎通テスト

という具合に, 簡単に SP 側の 「SAML の受け口」 を設定することができて, ちょっと感動. Fedlet 入り OpenSSO のダウンロードは以下からどうぞ.

• http://download.java.net/general/opensso/nightly/latest/opensso/opensso.war

OK. Had some video problems, but here it is. REALLY!

You've been patient. You've survived our teaser campaigns. As promised, you've earned the privilege to see the fedlet. So . . . sit back, pour yourself a glass of wine (or a shot of Jägermeister) and enjoy an overview of THE FEDLET.

1. CommunityOne is coming on May 5, 2008. This FREE open-source conference is piggy-fronted on the Monday before JavaOne begins. There are many, many workshops and sessions to choose from. Those that might interest users of OpenSSO include:
   • Getting Started with OpenDS
   • Glassfish Status and Roadmap
   • A full day of sessions on NetBeans
   • Building a Web-Scale Open Source High-Performance Computing Stack
   • and of course our very own SuperPat has an OpenSSO workshop scheduled with Daniel Raskin and Nick Wooler called Creating Federated Relationships with Software as a Service, Social Networking, and Web 2.0 Applcations
   A PDF of the full CommunityOne schedule can be downloaded here.
2. Second Life is a three-dimensional virtual world. Sun Microsystems now has a few islands in Second Life and are planning a big employee party on April 29. (Sorry non-Sun employees. The party though is only on one of Sun's islands; the other islands are open to all.) I'm not a gamer so I don't usually play around with these types of things but I am attending the employee party. I've already created my avatar - which took forever to finish and looks as much like me as a cartoon character can. Sun employees only can check out the internal web site but everyone can follow along at the external virtual worlds blog.
3. And to turn this couplet into a triumverate, here's a video of Three Dog Night singing Out in the Country. Sad how relevant this song is today, almost forty years after it was initially written.

As promised, here are the slides to my presentation this evening at FISL 9.0. I've had a great time here in Brazil - wonderful people, fabulous food and kicking cachaça. I'll definitely be back sometime in the future.

As I just blogged over at The Aquarium, Aravindan, Lakshman and Marina just published part 3 of their series on the new identity services functionality available now in OpenSSO and coming soon in Sun Federated Access Manager 8.0: Securing Applications With Identity Services, Part 3: User Attributes.

User attributes are key for delivering personalized services, and are often the main reason for authenticating the user in the first place. Go read the article - whether you're a RESTafarian or on the SOAPy side - you can quickly and easily put OpenSSO's identity services to work.

This will only be useful if you know MUCH more Japanese than I do, but here's Yasushi Iwakata introducing OpenSSO at a Java Hot-Topic Seminar in Tokyo, as blogged by Takayuki Okazaki:

You'll be able to download the slides soon - I'll update this entry with the link.

As he mentions in the video, Iwakata-san has also been working on an OpenSSO Extension for Hitachi Finger Vein Authentication. You can find the code in the OpenSSO CVS at opensso/extensions/authnhfvb, or browse it online. I'll write more about this extension when I get back home from Brazil.

Third in Sun Developer Network tech author Marina Sum's series of interviews with Sun's identity team is Daniel Raskin, senior product line manager for access and federation management at Sun. Daniel lifts the lid on some of the cool new features coming up in Sun Federated Access Manager 8.0 (and, of course, available NOW in OpenSSO) specifically designed to simplify federation deployments, including Fedlets, Virtual Federation, the Federation Validator and more.

Read the article for the inside scoop!

A packed schedule over the next few months - I'll be spreading the OpenSSO gospel on three continents:

	April 19 (this coming Saturday!)	Porto Alegre, Brazil	Open Source Identity Integration with OpenSSO
	May 5	San Francisco, CA	OpenSSO Workshop: Creating Federated Relationships with Software as a Service, Social Networking, and Web 2.0 Applications. I'll also be attending JavaOne 2008, May 6-9 at the same location.
	May 12-14	Mountain View, CA	I'll probably do a session on the Fedlet.
	June 25	Zurich, Switzerland	Who's On The Other End of the Wire? Identity-Enabling Java Web Applications with OpenSSO
	July 4	Mont-de-Marsan, France	Open Source Identity Integration with OpenSSO

I'll also be at the Liberty Alliance plenary meeting in Stockholm, Sweden from July 8-10. Then I'll be taking a much-needed vacation!

• /fam/tools/helpers/bin
• /fam/tools/helpers/sparc
• /fam/tools/helpers/x86

ということで前回予告した通り, 今月の SDC 連載 「アイデンティティ管理の基礎と応用」 では, IdP / SP / ブラウザの間に流れる SAML なメッセージを読み解く悦びをお届けします.

前回設定した OpenSSO の 「SAML2 サンプル」 を使って、SAML 2.0 によるアイデンティティ・フェデレーションと、同じくフェデレーテッド・シングル・サインオン (SSO) の動作を確認してみます。
アイデンティティ管理の基礎と応用(１１):OpenSSO の SAML 機能を試してみる (2/2)

書き上げてから言うのもなんだけど, 本稿では SAML の説明自体をかなりはしょってるので, 実際に OpenSSO の 「SAML2 サンプル」 をさわってみる際には, 以下を参考にしながら進めるといいと思う.

• SAMLについて自由勝手に紹介 - snippets from shinichitomita’s journal の, 「メッセージ」 と 「プライバシー」 の節
• 第一回 Liberty Alliance 技術セミナー 『SAML 2.0 アイデンティティ連携技術』 の, スライド #22 以降

Tech author Marina Sum over at Sun Developer Network continues her series of interviews; this time in the hot seat is Daniel Raskin, senior product line manager for access and federation management at Sun.

In the interview, Daniel lifts the lid on some of the cool new features coming up in Sun Federated Access Manager 8.0 (and, of course, available NOW in OpenSSO), including Fedlets, Virtual Federation, the Federation Validator and more. Exciting stuff!

GlassFish and OpenSSO play very similar roles; they are OpenSource, transparent, community-driven efforts to create enterprise products, except OpenSSO has an extra twist...

GlassFish is the Community for SJS AppServer 9.x and OpenSSO does the same for Sun Federated Access Manager (FAM). The twist is that FAM is not yet out. FAM is the combination of the Access Manager and the Federation Manager. Once FAM is out, you can say: GF/SJSAS == OpenSSO/FAM.

So, go ahead and Download, Evaluate and Deploy OpenSSO!

NOTE: This procedure has been validated with OpenSSO promoted build4(Apr 1, 2008)

Create AD datastore

• ./famadm create-datastore -m "AD_STORE" -t LDAPv3ForAD -D  datastore_AD_attrs.txt -v -u amadmin -f /tmp/pass
  -e /

Create Data store with SunDS+AM Schema

• ./famadm create-datastore -m "DSEE_STORE" -t LDAPv3ForAMDS -D datastore_dsee_attrs.txt -v -u amadmin -f
  /tmp/pass -e /

Create Datastore for generic LDAPv3(OpenLDAP)

Update Datastore

• ./famadm update-datastore -m "DSEE_STORE" -D datastore_update_attrs.txt -v -u amadmin -f
  /tmp/pass -e /

The above command will update the bind DN and the password for the data store named "DSEE_STORE" in the root realm

Delete Data Store

• ./famadm delete-datastores -m LDAPv3_STORE -v -u amadmin -f /tmp/pass -e /
• ./famadm delete-datastores -m IBM_TIVOLI_STORE -v -u amadmin -f /tmp/pass -e /