Wednesday, November 30, 2011

New Track for OpenSSO-->OpenAM

A Norwegian startup is assuming responsibility for maintaining an open source web authentication technology originally developed by Sun Microsystems, and seemingly neglected by Oracle, which purchased Sun in January. The company, ForgeRock, has released a new version of Sun's Open Single Sign On (OpenSSO) Enterprise software, called OpenAM, that adheres to the OpenSSO roadmap established by Sun.
"It's a pretty easy migration path for all the customers who have found themselves stranded on OpenSSO. They can safely migrate to a current version," said Simon Phipps, chief strategy officer at ForgeRock, and former chief open source officer at Sun. Phipps was one of a number of employees who have joined ForgeRock since Oracle's purchase of Sun.
Oracle continues to display a page on its website for OpenSSO, though it has removed the free downloadable version of the product. The company has not made any announcements about future releases of the software, and did not respond to a request for comment.
In February, ForgeRock issued its first release of OpenAM, the name was changed for trademark reasons, which was basically a snapshot of Sun OpenSSO Enterprise 8. OpenAM 9.5 is the first version that upgrades the software from the Sun version.
The software package includes a number of updates, including the ability to support version 2 of the Security Assertion Markup Language (SAML), a standard for exchanging authorisation information across different systems. It also includes a new monitoring framework, and a new version of the directory server, called OpenDS. Patches issued since the last release of OpenSSO have also been rolled into the new version, and various bugs have been fixed as well.
Sun created OpenSSO in 2005 as an open source version of the Sun Java System Access Manager, licensing the software under the Common Development and Distribution Licence (CDDL). The software was designed for large transactional websites that require users to log in and keep accounts.
"This enterprise identity middleware was actually a big success at Sun. It was doing very well at competing with IBM, Oracle and CA," Phipps said. The company estimates that OpenSSO has a customer base in "the low four digits," said Allan Foster, who heads US operations for the company and is a former Sun support manager for OpenSSO.
"Pretty much every day we get an email from some company that was doing an evaluation of OpenSSO, and they want to move on to a pilot or even a full-production deployment, and they discovered that they can't buy a subscription to it, so they come to us," Phipps said.
Upgrading from OpenSSO Enterprise 8 to OpenAM version 9.5 should be a largely painless transition, Phipps promised. Those using the older version of OpenDS may have to do some work to upgrade to the newer version of that server but "on the whole, customers will find that this is a pretty seamless update," Phipps said.
While the software itself is open source, ForgeRock sells enterprise subscriptions for support and maintenance. At least one other company, OSSTech in Japan, is also working on and selling support for OpenAM. OpenAM is one component of ForgeRock's I3 enterprise platform, which also includes OpenESB (an enterprise service bus), OpenIdM (an identity access manager) and OpenPortal.
Last week, at the O'Reilly Open Source Conference (OSCON), Phipps gave a talk about how an open source project can survive after it loses corporate support. In addition to working with OpenAM, Phipps is also on the governing board for OpenSolaris, another open source software package inherited by Oracle whose future remains uncertain.
In the case of OpenSolaris, Phipps noted that there are portions of the operating systems that are not open source, and so assuming control of the software would be difficult for the OpenSolaris community, or another company. Another roadblock to OpenSolaris' survival outside of Oracle is that most of the engineers who worked on OpenSolaris were Sun Microsystems employees, and now are Oracle employees. Unless Oracle allows them to continue contributing to the code base, it is doubtful that enough outside expertise exists to keep maintaining and improving the OS.
In the case of OpenSSO, ForgeRock has hired a significant number of ex-Sun engineers who are familiar with the product. Most did not develop the software itself, but rather worked as customer support specialists who were highly knowledgeable with the code base, Phipps said.

After more than 18 months of development, Norway-based ForgeRock has announced the availability of version 9.5 of its OpenAM access management product. Discussing the announcement, ForgeRock chief strategy officer and former Chief Open Source Officer at Sun Microsystems Simon Phipps said, “This is an important milestone for the OpenAM community”, adding that, “This achievement marks the first fully community-sourced release of OpenAM. We’re very pleased that users of OpenSSO Enterprise 8 can easily and freely migrate to OpenAM 9.5 now that the updates have been made.”
OpenAM 9.5 features fine-grained authorisation based on XACML, a new monitoring framework and enhanced multi-platform support. Other changes include the addition of enterprise single sign-on, and various speed, reliability and performance enhancements. The underlying replication architecture has also received a number of changes, including updates to the federation implementation and use of the OpenDS 2.3 engine in the embedded configuration store.
OpenAM is based on Sun's OpenSSO product which Oracle have apparently abandoned. The open source authentication, authorisation, entitlement and federation product was rescued for the community by ForgeRock in February and renamed OpenAM for trademark reasons. OpenAM is complemented by a range of ForgeRock's other products: OpenESB, OpenIdM and OpenPortal (based on LifeRay).
More details about the release can be found in the official press release and in the release notes. OpenAM 9.5 is available to download from the ForgeRock downloads page.

Monday, November 28, 2011

CSR Decoder to decode your Certificate Signing Request

As per my client request need to check our application base generated CSR to varify that it contains the correct information. A Certificate Signing Request is a block of encoded text it can'nt be possible to verify with our eye.
"
Use this CSR Decoder to decode your Certificate Signing Request and and verify that it contains the correct information. A Certificate Signing Request is a block of encoded text that contains information about the company that an SSL certificate will be issued to and the SSL public key. Once a CSR is created it is difficult to verify what information is contained in it because it is encoded. Since certificate authorities use the information in CSRs to create the certificate, you need to decode CSRs to make sure the information is accurate. To check CSRs and view the information inside of them, simply paste your CSR into the box below and the AJAX CSR Decoder will do the rest. Your CSR should start with "-----BEGIN CERTIFICATE REQUEST----- " and end with "-----END CERTIFICATE REQUEST----- ". If you are interested, you can also learn more about Certificate Signing Requests. Once you have your CSR, use our SSL Wizard to find the best SSL provider.


"I am searching some ways in google and found that one of site where i got my solution's.

So I am posting the site name -->http://www.sslshopper.com/csr-decoder.html


Open SSO now OpenAM selection criteria

If we have few hundreds applications (web-based and non web-based).  Need to have a concise selection criteria for them.

There are 2 types of policy agents available from OpenSSO:
1. Web Policy Agent
2. J2EE Policy Agent

In order to integrate applications for Single Sign-On with OpenSSO, they must be:
1. web-based
2. authenticate with a common authentication repository
3. supported by available policy agents from OpenSSO

If applications are customizable, Web Policy Agent will be chosen. Otherwise, if applications are pure J2EE-based that utilize the Java Authentication and Authorization Service (JAAS), then J2EE Policy Agent will be chosen.

If the above 2 criteria cannot be met, then ESSO will be chosen.

Global Password Policy in Sun Directory Server 5.2

Global Password Policy in Sun Directory Server 5.2
 
bash-3.00# ldapsearch -p 389 -D "cn=Directory Manager" -b "cn=Password Policy,cn=config" objectclass=*
Enter bind password: 
version: 1
dn: cn=Password Policy,cn=config
objectClass: top
objectClass: passwordPolicy
cn: Password Policy
passwordInHistory: 0
passwordStorageScheme: SSHA
passwordUnlock: on
passwordMustChange: off
passwordNonRootMayResetUserpwd: off
passwordWarning: 86400
passwordExpireWithoutWarning: on
passwordLockout: off
passwordMinLength: 6
passwordMaxFailure: 3
passwordMaxAge: 8640000
passwordResetFailureCount: 600
passwordisglobalpolicy: off
passwordChange: on
passwordExp: off
passwordLockoutDuration: 3600
passwordCheckSyntax: off
passwordMinAge: 0
passwordRootdnMayBypassModsChecks: off

Monday, November 21, 2011

Active Directory and LDAP

Active Directory and LDAP------
Provides a directory for a Microsoft network:
Centrally manage
Central security
Central user administration
Integrates with DNS
Information replication
Provides all the services a domain controller did

LDAP vs Databases

LDAP vs Databases

·       Read-write ratio - LDAP is read optimized
·         Extensibility - LDAP schemas are more easily changed
·         Distribution - with LDAP data can be near where it is
·         needed, and highly distributed
·         Replication - with LDAP data can be stored in multiple
·         locations
·         Different performance - directories used for many
·         different applications, and queries are usually simpler,
·         but many more of them
·         Data sharing - LDAP is designed for sharing data,
·         databases designed for one application
·         Database objects have complex relationships
·         Transaction model - LDAP transactions are simple -
usually changing one entry, databases can modify
much more
·         Size of information - LDAP is better at storing small bits
of information
·         Type of information - LDAP stores information in
attributes
·         Naming model - LDAP is hierachical
·         Schemas - database schemas are entirely user defined,
directories have core schemas to help interoperability
·         Standards are more important for directories - LDAP
clients can talk to any LDAP server.

Friday, November 11, 2011

What is DSML

DSML
Directory Service Markup Language combines directory services technology (LDAP ) with XML syntax to provide an easy way to share and use personalized data across company and technology boundaries.
The DSML effort was announced by creator Bowstreet on July 12, 1999. Initiative supporters include AOL-Netscape, Sun Microsystems, Oracle, Novell, Microsoft, and IBM
Q:What is a "Directory Service Markup Language"?A vocabulary and schema (a structured framework) for describing the structure and content of directory services information in an XML Document. Directory information can then be easily used by any application that makes use of XML, including browsers and e-commerce applications - enabling frictionless e-commerce.
Q:What is DSML.org?
This Web site is intended to provide more information on the DSML spec, its partners and future developments. Here you will find most recent news and events surrounding the DSML initiative.
Q: How can I view the specification?
To download a zip file containing the full DSML 1.0 specification, the DTD and the Biztalk schema formats, click here.

Q:Who were the founding members of the standard?Bowstreet introduced the initial draft of the DSML specification. The founding members at the time were IBM, Microsoft, Novell, Oracle and the Sun-Netscape Alliance. The working group of dsml.org has sent the final draft of the specification to OASIS.
Q:Who is developing and working on DSML 2.0?
Many organizations, including the founding members of DSML.org have signed up to work on the technical committe, which will further develop the DSML standard.
Q: Why has DSML been created?
To standardize the way directory services information is represented in XML. With a recognized standard, applications can be written to make use of DSML and capture the scalability, replication, security and management strengths of directory services.

Q: What's special about DSML that makes it an essential building block for e-commerce applications?
Directories are the best tools for managing the meta-data about resources. XML is the best way to describe application/resource data for use on the Web. DSML is the markup language that provides the missing piece that allows these two to work together, and provides a common ground for all XML-based applications to make better use of directories.

Q: What is the difference between LDAP and DSML?
The Lightweight Directory Access Protocol (LDAP) is intended to provide a means for accessing directory information. DSML provides the means for reading and understanding directory content in XML. So, DSML is actually very synergistic with LDAP.

Q: You say it's synergistic, but how?
DSML is an XML-Schema, not an access protocol. DSML still depends on an access protocol such as LDAP to get data from individual directories. DSML provides a standard for creating XML documents from the information that LDAP delivers.

Q: When will DSML-compatible products be available?The Bowstreet Web Automation FactoryTM is the first commercial product to support DSML. Oracle has also announced that it has entered a joint development agreement with Siemens to create a new directory product based on DSML.
Q: How do consumers benefit from DSML-compliant Web businesses?
DSML will enable customers to use directory information from, and exchange directory information with, their customers and partners, regardless of the specific directories at the remote sites. DSML also fosters a new computing approach in which XML-enabled applications leverage business functionality and services, managed in directories and delivered via the Web.

Q: How does the DSML effort relate to the Directory Interoperability Forum?
These two efforts focus on different aspects of directory services standards. DSML is focused on specifying how directory content and structure is described using XML. DIF is focused on extending the core LDAP protocol to include more cross directory SDKs and synchronization. There is no dependency or overlap between the two efforts.

Q: Why are directories a good foundation for e-commerce Web applications?
Directory services provide an optimal way of naming, describing and finding information and resources while managing the relationship between the resources. Typically, directory services software stores and manages access to detailed information about a company's IT assets, including people and business processes and resources - for internal use. But analysts believe that directory services software is also the best way to store this type of information for expanding e-business or e-commerce purposes. Since directory services software offers high levels of security, location independence, granular access and easy replication, and combined with the advantages of XML, it can become a powerful enabler of e-commerce and e-business.

Directory services software is a mature, time-tested technology that's been in use in client/server environments for several years. So, many customers already have directories that can be extended to manage applications over extranets. All the leading directory service vendors - including Novell, IBM and Microsoft - are working on solutions that extend directories to e-business.
Q: What are DSML applications suited for?
DSML enables directories to support whole new classes of XML-based applications, such as:

  • e-commerce and e-business
  • Distributed Web Applications
  • Internet Native Network Management
  • Customer Support Federated Directory Management
  • Supply Chain Management
Q:How does DSML relate to XML?
DSML is an XML-Schema for representing Directory Services content and structure. An XML-Schema is a format for specifying rules covering the structure and content of XML documents. DSML will be defined using a Document Content Description (DCD) (see W3C-DCD spec at http://www.w3.org/TR/NOTE-dcd ).
XML (for eXtensible Markup Language) is widely considered to be the core language of e-business. It is a syntax that standardizes how task-focused information is shared across the Internet. XML provides for both context and interoperability of data, thereby enabling dynamic activities. Also, since XML is self-describing, specific XML-based applications can interact with each other without special programming to integrate them.

Q: How are directory services relevant to enterprise Web deployments?
Directories enable corporate computing resources - including information and users - to be dynamically and securely matched over networks. By mixing that capability with XML, highly intelligent extranets can enable customized applications to be created "on the fly" with minimal programming.

Q: How does DSML relate to Novell's DirXML?
DirXML is a technology built on top of Novell's NDS eDirectory. It exposes NDS change events (additions, modifications, deletions) through an XML interface. DirXML also has a query interface which allows you to query and retrieve NDS information in XML format.
DSML is an open, industry standard specification that describes how directory data should be represented in XML format. Novell has publicly stated that it will be supporting DSML.
Q: What is the difference between DSML and SOAP?
The Simple Object Access Protocol (SOAP) defines the use of XML and HTTP to access services, objects, and servers in a platform-independent manner. It is designed as a programming protocol. DSML is a data definition specification which can be transported within SOAP.








Wednesday, November 2, 2011

Interview Question's--Sun IDM


Interview Question's--Sun IDM
What is Sun IDM and basic features?
What is Reconciliation and Active Synchronization?
How to Configure Active Sync and provision the user in AD?
Diference between Full and Incremental Reconcilaition?
Difference between Checkout Objet,check out view and Get object with example?
How to write customize adapter?
What is work Item?
Difference between Derivation,Default,Expansion and Valiadtaion tag?
How call User Form from workflow?
How to call workflow from form?
What is approval workflow,can you explain it with example?
Can you explain the different situation of reconcilation?
Difference between Unassigned and Unmatched situation?
Difference Between Confirmation and Correlation rule?
What is the baseContext of a Form used with Work Item(s)?
Differnece between Adapter and Connector?
What is identity template?
What is difference between <contains> and <containsall> tag?
How to call Java class from Xpress languange?
How many ways to data load in Sun IDM?
What is Bulk refresh?
What is SPMl and How to configure SPML?
What is difference between xprees language and XMl language?
What is the difference between an application server and a Web server?
What is password Sync and How it is configure?
What is difference between Form and Process mapping?
How can I get the session?
What is difference between Select and Multiselect class in Form?
How do I associate a Workflow TaskDefinition with a User Form?
How do I trace workflow? 
How can I get a list of all Users?
What is resultlimit in workflow and how can define?
What actually sends the email in workflow?
What is ExposedVariable, EditableVariables syntax?
How to exclude the resoucre for password synchronization?
What is difference between List and Map?
How many interfaces in Sun IDM
What is self registartion and How it can enable?
What is Roles and Rules?
Diffrence between Business Role,Application Role,Asset Role and IT role?