The project site for OpenSSO, an open source access management software distribution, has been launched. Full read and write access to the source code has been implemented to encourage feedback from developers. OpenSSO provides the means to build authentication, authorization and session management for Java and Web applications and Web services. OpenSSO is intended to provide an extensible implementation of an identity services infrastructure that will facilitate single sign-on for Web applications hosted on Web servers and application servers. OpenSSO is the result of collaboration between a community of developers and Sun engineers. Since Sun will be basing the Sun Java System Access Manager product on OpenSSO, everything that is committed to the OpenSSO source will end up running in real production deployments. What do you think of OpenSSO? Which areas need improvement?
- Posted by: Regina Lynch
- Posted on: August 22 2006 15:43 EDT
- Pretty exciting... by Will Hartung on August 22 2006 17:20 EDT
- Open Security by Viera Halasova on August 23 2006 00:35 EDT
- The world of IT needs SSO (rather, the humans that use it do)! by vc vccvx cvxcvcvx on August 23 2006 09:09 EDT
- Promising by Pranab Ghosh on August 23 2006 15:35 EDT
I think its great this stuff is coming out. This is the classic conflict of the "complicated" "bloated", yet "feature rich" "Enterprise Solution" vs some small OSS project met to meet a particular need, but perhaps scratched many itches and gained traction. With smaller projects, you get almost implied ease of use simply because the scope is much narrower than a general "solve most any conceivable issue" home run attempts of commercial Enterprise software. Rumor has it that the Sun SSO system is just a bear to deploy. Probably from a mix of a complicated, general purpose solution to getting disparate unrelated applications to play along well together. Hopefully now some simplification and better integration can happen across the board to make this technology more accessible and easier to use to for everyone. For example, you'd like to think that you'd be able to set up the SSO server someplace, point it at an LDAP store, then head over to Glassfish or JBoss, and click a checkbox to enable a "SSO Realm" and have all of your applications that use Container Managed Security get SSO "for free" and have it "just work". My understanding is that it's much more of a nightmare than that. But, one can hope.
Hi Will, You're right - Sun's Access Manager was pretty tricky to deploy. The good news is that, as we have moved code into OpenSSO, we've done a lot of work on deployability, usability and such. The main innovation here has been packaging as a single WAR file. You just drop the WAR into your choice of container, go to the web app URL, enter some basic configuration (mostly prepopulated - this blog entry, shows Access Manager configurator screens very similar to OpenSSO) and you pretty much ready to go. You can login as the administrator, start deploying policy agents, manage policy, whatever. We're pushing hard towards the dream scenario you describe - I'd say we're about 75% there. The missing link is that there is no standard for Glassfish or JBoss to talk to a web access management system such as OpenSSO. You still have to deploy a J2EE - uh, I mean Java EE - agent into the container, but the rest is pretty much there. I invite you (and all OpenSSO readers) to come take a look at OpenSSO, grab the binaries and send us feedback. Pat Patterson Federation Architect Sun Microsystems
We are developing project with similar intentions. Subsystem Open Security from OpenSubsystems (www.opensubsystems.org) offers complete authentication, authorization and session management solution ready to be integrated into Java applications. There was no official release of this subsystem made yet since we are working on a documentation, but all the source code is ready to be used from our public CVS. It offers means to create and manage users, roles domains and sessions. It provides both, backend functionality with flexible persistence model as well as ready to use web based user interface.
Sometimes, I dream of a world where I can authenticate myself with a single piece of identification and access every application I require: whether it be MS Outlook, Novell shared drives, custom-built Java, VB, .NET, PHP, mainframe applications... Oh gawd, SHOW ME THAT WORLD!!! ;oP
Timing seems to be perfect for me. I have embarked on a project to architect a identity management and SSO solution for all products of our compnay. From what I have seen in the code and documentation so far, I should be able to save lot of time, by leveraging most of it Pranab