In GateIn 3.6.0.Final we have added possibility to integrate the GateIn portal with Social networks Facebook, Google Plus and Twitter. Portal users will be able to register and login into the GateIn Portal using their 3rd party accounts from these social networks. In addition we have provided a set of quickstart portlets, which allow users to use the data from their social networks. For example we have a portlet for displaying all Facebook friends of a particular user.
This integration is leveraging the OAuth 2.0 protocol (in case of Facebook and Google+), and the OAuth 1.0A protocol (in case of Twitter). The GateIn Portal serves as an OAuth Client while particular social network serves as an OAuth Authorization and Resource server.
Before you dive into details in the documentation, you can check our video screencasts and see it in action first!
The first screencast is showing how to register and login into the GateIn Portal using social network accounts:
The second screencast is showing how to import Social portlet quickstarts into Eclipse IDE using JBoss Tools plugin, deploy into the GateIn Portal and then use the portlets to show information from Social network:
Enjoy the screencasts and the music in the background composed by Viliam Rockai.
As you can see here GateIn 3.3 has integration with SAML2. From GateIn 3.4, we added possibility to integrate with 3rd party SAML vendors Salesforce and Google Apps. At this moment, you can already use latest version of GateIn SSO component and follow this wiki page where you can see the details about integration.
If you want to see GateIn and SAML in action, you can look at my screencasts. In first screencast, you can look at general SSO scenarios for GateIn and SAML2 integration, which are also described in GateIn reference guide.
GateIn 3.3 is on the way and one of the new available features in this release is support for SAML2. SAML Authentication is implemented in GateIn SSO component as another provider to list of existing providers, which are CAS, JOSSO, OpenSSO, OpenAM and SPNEGO. We support the most widely used SAML2 profiles, which are Web Browser SSO Profile (SSO authentication itself) and Single Logout profile (global logout from all web applications, where is user currently logged).
SAML2 authentication itself is established by exchanging encoded XML messages between two web applications, SAML Identity Provider (IDP) and SAML Service Provider (SP). SP is application, which user wants to use. But he doesn't provide his credentials directly to SP but to IDP. So IDP is web application where user authenticates with his credentials and then IDP can send tickets (SAML assertions) to SP applications. User is then automatically logged into SP thanks to SAML ticket received from IDP.
SSO component supports GateIn in role of SP, where is user automatically logged into GateIn portal with usage of SAML assertion received from different IDP application. This flow is described in specification here. But we also support scenario with GateIn in role of IDP application, so user can classically login into his portal and then portal will send assertions to other web applications, which are configured as SP.
Integration is available from SSO version 1.1.2-Beta02, which has been already released. It will be described in details in GateIn reference guide from GateIn 3.3. But if you are impatient, you can try it right now! You will need to build current documentation from GateIn trunk and choose one of prescribed scenarios in SAML section, where you find all the details.
GateIn SSO component is internally using Picketlink Federation library. Picketlink is one of awesome JBoss projects. In GateIn, we are already using Picketlink IDM for identity management, so now we also leverage Picketlink Federation. Picketlink Federation implements SAML2 specification, but additioanly it also implements WS-Trust specification and it provides STS implementation called Picketlink STS. Thanks to it, user will be able to use his SAML assertions in the portlets for invocation of secured protected services like EJB or WS. We also plan to look at integration with WSRP WSS provided in GateIn. So stay tuned!