Unlike other access management products, OpenSSO provides a decent level of identity provisioning and management features. User identity status is properly maintained to keep their status up-to-date, by leveraging special attributes of its own as well as honoring the status attributes by the underlying data stores. To circumvent the denial of service type attacks, OpenSSO employs various lockout mechanisms—a permanent and temporary lockout which customers could deploy in their specific environments. Another salient feature that is embedded as part the OpenSSO server application is the password reset application. Customers can reduce their operational cost by enabling their users to reset their forgotten password by redirecting them to the OpenSSO password reset application. This application could potentially improve the user experience and productivity.

In the next chapter, we are going to look at how one can protect a web application using the OpenSSO Server and OpenSSO policy agents. This chapter will deal with the authorization policies and configuring policy agents to protect a sample web application.