I've used OpenSSO (which is very powerful but complicated) and JOSSO (very simple but lacking many features). I've also looked at the CAS framework. My question is: What is your recommendation & insights regarding the different SSO frameworks (preferably Java oriented)? ...
The roadmap for OpenSSO said entitlements would be out summer09. Anyone know whether it will be able to solve data level security, for example "userA can only enter <500 in this field on the screen" OR "UserA can see only these values in the dropdown". How is this implemented in organisations, each app controls the data level security or...
I'm working locally across two "domains". I have enterprise.local and application.local virtual hosts on my machine and I need to set a domain cookie for "local" or ".local" I'm having some trouble getting the cookie to set properly, though. In application.local, I have this: setcookie( 'iPlanetDirectoryPro', trim( $token_id ), '0', '/'...
Is it possible to use the OpenSSO fedlets with PHP (or tech. other than Java or .Net) to Enable to enable Identity Federation? Is there any examples of using fedlets implementing with PHP? ...
The official Web Agents user documentation does not state what version of SAML is supported. I am trying to integrate this with a Policy Server that is not running Sun's OpenSSO policy server, so my only requirement is to support SAML 2.0. Has anyone had experience with this type of setup? ...
How does one get mod_auth_saml (part of the zxid project) to not show the Choose Idp screen? I currently have the latest mod_auth_saml from zxid version 0.42 installed on CentOS5 and Apache 2.2. We've set it up so it only has one identity provider in our circle of trust. Does anyone have any experience with forcing it to redirect to...
Hi gang, Using OpenSSO as an identity provider, what should I do (i.e. with FedUtil.exe) to configure my .NET relying party so that it will do the STS dance? I've gotten OpenSSO's WS-Trust client samples running, so I think OSSO's in a good state and ready for the next step. I'm at the FedUtil.exe's "Use an existing STS" wall. Where ...
According to the tutorial, I should go to OpenSSO and download an "express build". However, the download links on the OpenSSO site for the "Express Build 7" appear to require logging in via an account with a paid support contract. How can one currently download the OpenSSO wars? ...
Hi, I hope someone here has experience with Sun OpenSSO (now ForgeRock OpenAM). I'm trying to get all groups in ActiveDirectory using the OpenSSO Client SDK in Java / JBoss EAP 5.0. I tried the following by combining various samples and code snippets I could find on the web, but this fails and eventually logs "Memberships for identiti...
I have an widget-based front end talking to a REST layer. To use the front-end, a human needs to log in with a username and password. Once in, the user can interact with the widgets, which make calls to the REST layer. At this point, no authorization is done at the REST layer. If you have logged in successfully, you can do whatever you w...
I'm considering securing a whole JEE software platform with OpenAM (prev. Sun OpenSSO). Applications - running on WebLogic AS - would be secured by a JEE Policy Agent and web services with WS-Security SAML Token Profile. As of my understanding, the SSOTokenManager enables application code to retrieve OpenAM's SSO token. But in order to ...
We are currently implementing a new OpenSSO Server. The server is on a different server from the web server and I am having trouble getting authentication to occur on our PHP Web server. The cookie set with the openSSO Token is called iPlanetDirectoryPro. This is set from authServer.company.com . I need to read this from webserver.compa...
I am working to integrate OpenSSO in my application. OpenAM server installed in one of the Tomcat A J2EE policy agent installed in another Tomcat protects a sample web application via OpenSSO authentication. I have created a Test User with OpenAM administration page and able to access the sample web application after successful authen...
Hi, I am new to opensso(openam). I want to protect my webapplications deployed in tomcat using SSO. I have basic questions to clarify. What are the basic software components required to get my work done like tomcat,opensso.war etc... How many policy agents i need to install and in which places. I have gone through the document and i...
Hi, We want to use OpenSSO for our authentication and authorization needs but would prefer it talking to database instead of the default LDAP datastore. We found that there is an experimental Database datastore present in the OpenAM 9.0 release. However, it seems to be just concerned with authentication and user lifecycle managemen...
Hi All, We are using OpenSAML on the Service Provider Site to provide SSO for our clients. Our client(ID Provider) is using OpenSSO on their end. The SAML Response being posted by OpenSSO is a little different when it comes to the signature element in that it is not qualified by the namespace. This doesn't seem to go down well with Op...
I am trying to setup an SSO app with an IP and SP much like described in tutorial https://wikis.forgerock.org/confluence/display/openam/SAMLv2+IDP+Proxy+Part+1.+Setting+up+a+simple+Proxy+scenario However, I am stuck at the test provided at the very end: my SP is not redirected to my IP. Instead, I get the following error: ERROR: Error...
I realize there are a number of sources on how to get OpenLDAP set up under Ubuntu, or how to configure data stores for OpenAM (formerly OpenSSO). Some that seem most useful to me are: ubuntuforums.org/showpost.php?p=8236370&postcount=1 blogs.sun.com/indira/entry/using_openldap_as_user_data Unfortunately, when I try to import the LDIF...