9 Replies Latest reply on Mar 22, 2010 5:06 AM by bhvijay

    JBOSS Federated SSO

    sanketm

      Hi,

      Can you tell me if JBOSS Federated SSO is in production mode? We have a requirement to implement SSO across domain in our organization and already have a homegrown implementation which we would like to enhance/remove. Is JBOss initiative worth pushing to production?

      ~Sanket

        • 1. Re: JBOSS Federated SSO
          soshah

          Sanket-

          JBoss Federated SSO is currently in a beta release mode. We have done one beta update with fixes/enhancements based on community feedback since its release in November 2006.

          So far the response has been positive and it looks like its stable enough for us to do a Candidate Release very soon.


          In fact, we will be using the same Framework in production for atleast 3 of our websites at JBoss/RedHat in February.


          Also, if you are rolling out a mission critical system in production, I would also recommend contacting our Sales team for support options that would best fit your requirements

          Hope this helps

          Thanks
          Sohil

          JBoss Federated SSO, Lead

          • 2. Re: JBOSS Federated SSO
            soshah

            Also,

            Here is our JIRA project to track its progress and roadmap.

            http://jira.jboss.com/jira/browse/JBSSO

            • 3. Re: JBOSS Federated SSO
              sanketm

              Sohil,

              Thanks for your prompt reply. I will contact sales to get more information.

              Specifically i am looking for a framework which provides me most of the solution for the following use cases:
              1. Identity Management
              2. Sesison Management (Login/Logout across apps)
              3. Token Management
              4. Security (OWASP, Token,Password, OASIS)
              5. User Administration (Reset,Forgot,Search, Role Mapping)
              6. Dashboard
              7. Auditing
              8. User Registration and Synchronization across apps
              9. Interdomain, clustered, multi app support.

              I know JBOSS SSO is close to this but since its still in beta i will not like to propose this to the client. Can you or anybody give me more leads on an of the following:
              1. JOSSO
              2. JBOSS - Tomcat default valve plugin
              3. JBOSS Federated SSO
              4. Any other SSO framework.

              Thanks, Sanket

              • 4. Re: JBOSS Federated SSO
                soshah

                Sanket-

                Let me see if I can answer this without confusing the issue:


                1. Identity Management


                This is a pretty broad subject. As far as JBoss Federated SSO is concerned, its a framework that provides a way to integrate with users' existing Identity Management systems (ones that do user management,provisioning). The Framework provides what I would call an Identity Connector component. Our documentation currently calls it Identity Management component, but its scope is more for integrating with existing Identity Management systems



                2. Sesison Management (Login/Logout across apps)
                3. Token Management


                Yes, Federated SSO does this even with applications housed in completely different web domains


                4. Security (OWASP, Token,Password, OASIS)


                Yes, the framework has built-in support for SAML tokens. SAML is an OASIS standard and pretty much the de facto standard now for builiding SSO architecture. Here is a very good presentation on SAML at JavaPolis http://www.infoq.com/news/2006/12/saml. Our architecture aligns very well with the concepts discussed in this presentation.



                5. User Administration (Reset,Forgot,Search, Role Mapping)
                6. Dashboard
                7. Auditing


                These features are out of scope for a SSO Framework. Ofcourse, SSO Framework integrates (covered in point 1) with Identity Management systems like SiteMinder etc that provide these features



                8. User Registration and Synchronization across apps


                This is a feature on our roadmap. http://jira.jboss.com/jira/browse/JBSSO-13



                9. Interdomain, clustered, multi app support.


                Absolutely. Federated SSO was designed from the ground up with cross domain Single Sign On in mind


                I know JBOSS SSO is close to this but since its still in beta i will not like to propose this to the client. Can you or anybody give me more leads on an of the following:
                1. JOSSO
                2. JBOSS - Tomcat default valve plugin
                3. JBOSS Federated SSO
                4. Any other SSO framework.


                JBoss - Tomcat default valve plugin is for SSO between web apps loaded inside the same tomcat container as virtual hosts. It is not intended for cross domain, business/partner site integration usecases.

                Others I am not too familiar with to make an accurate comment.


                Hope this helps.

                Thanks
                Sohil

                JBoss Federated SSO, Lead



                • 5. Re: JBOSS Federated SSO
                  soshah

                  Sanket-

                  I would also recommend looking through our wiki for detailed documentation about the framework

                  http://labs.jboss.com/portal/index.html?ctrl:cmd=render&ctrl:window=default.wiki.WikiPortletWindow&page=Jbosssso&language=EN

                  • 6. Re: JBOSS Federated SSO
                    anil.saldhana

                    If you are going to use JBoss, then JBoss Federated SSO Framework is the way to go because we will always align it with our JBoss initiatives.

                    Things like auditing service will be provided by the JBoss security infrastructure.

                    As Sohil said this is a framework. As a developer/integrator, you will need to do some groundwork with reference to things like dashboard, custom requirements etc.

                    • 7. Re: JBOSS Federated SSO
                      sanketm

                      Thanks Anil/Sohil,

                      I have already architected one SSO homegrown framework over weblogic cluster for one of my client and it's running in production. This custom component supports all the cases except 6.

                      Since this client is now on JBOSS and there are many SSO opensource for JBOSS I am trying to explore things before running to my last option.

                      Let me talk to sales to get a confidence and confirmation over federated sso option.

                      Thanks, Sanket

                      • 8. Re: JBOSS Federated SSO

                        can u  tell me is it possible to run different servers in jboss,

                         

                        i have 3 applications and i need to make this as federated sso . one application in weblogic another is in tomcat another is in jboss,

                        is it possible to make federated sso in jboss?

                         

                        thanks for reply..............

                        • 9. Re: JBOSS Federated SSO

                          can u tell me is it possible to run different servers in jboss,

                           

                          i have 3 applications and i need to make this as federated sso . one application in weblogic another is in tomcat another is in jboss,

                          is it possible to make federated sso in jboss?

                           

                          thanks for reply..............