views:

84

answers:

1

Hi,

We want to use OpenSSO for our authentication and authorization needs but would prefer it talking to database instead of the default LDAP datastore. We found that there is an experimental Database datastore present in the OpenAM 9.0 release.

However, it seems to be just concerned with authentication and user lifecycle management. There is no provision for storing entitlements information in the database datastore. We would want to keep the entire authentication and authorization info in database.

I'm okay to even put some efforts in customizing the code to make OpenAM talk to database for evaluating the policies and decide on what a user can do or cannot do on particular resource. By the way, We have requirements to safe guard several kinds of resources, not just pages(URLs).

I have looked into the code and found that the base datastore classes like com.sun.identity.entitlement.opensso.DataStore.java, com.sun.identity.entitlement.PolicyDataStore.java , com.sun.identity.entitlement.opensso.OpenSSOPolicyDataStore.java

are all tightly bound to LDAP based implementation.

Are there any interfaces or abstract classes which I can customize to make opensso talk to database datastore for its entitlements and policy decisions?

I would be even willing to spend a couple of months effort in getting this work if some can provide any hints using which I can get started.

Thanks and Regards,

Samba

A: 

Would this help you out: http://www.badgers-in-foil.co.uk/notes/installing_a_custom_opensso_identity_repository/

Brad Tumy
That certainly helped us make opensso point to database for authentication; but it still uses the LDAP for all authorization aspects like entitlement management or policy decisions.We want to use the database for both authentication as well as authorization requirements; and looks like no one has explored porting the authorization part on to database, so far.I'm still awaiting response from opensso experts on the opesso mailing list; will update the response here, so that others can benefit in future.Thanks,Samba
Saasira