OpenAM is an open source continuation of the OpenSSO project that was taken over, and later scrapped, by Oracle. OpenAM is the only commercial-grade, feature-rich web application that provides SSO solutions. It has a variety of features and a powerful Single Sign-On (SSO) capability, but the implementation can be tricky, and the unorganized and incoherent online documentation is not very helpful.
The OpenAM book will serve as a guide to everything you need to know to get started with implementing Single Sign-On using OpenAM to protect your web applications, along with real-world examples.
The author's extensive experience in testing and troubleshooting OpenAM enables him to share insights on how the product works, its strengths, its weaknesses, and some inside information.
If you are reading this, you probably want to protect your web application using OpenAM. The book starts off with an introduction to OpenAM and describes the core features and the kinds of problems that can be solved by OpenAM. Then it provides you with detailed instructions on how to protect your web applications by using the OpenAM server and policy agents. You will also learn about the user interface elements in order to manage OpenAM successfully. You'll understand the concepts of identity web services provided by OpenAM. There are examples in the book that describe how the REST-based identity services can be invoked and utilized. In the final chapters, you will find detailed discussions about backup, recovery, and audit logging.
The book concludes by discussing some of the common OpenAM problems and tips to troubleshoot them. Although the project name has changed from OpenSSO to OpenAM, the product screen and file names still reflect OpenSSO. Hence, you will encounter the term "OpenSSO" throughout the book.
This practical, hands-on guide will teach you how to protect your web applications by implementing Single Sign-On using OpenAM.
Chapter 1, Getting Started, covers the history of OpenSSO that dates back to early 2000 when Sun Microsystems started this as a Directory Server Access Management Edition (DSAME). It underwent multiple identity changes before fixing on OpenSSO.
Chapter 2, OpenSSO Deployment and Configuration, teaches the basic environmental requirements for deploying the OpenSSO web application. OpenSSO provides both browser-based configurators for the web comfortable users and command line-based interfaces for the system administrators who are fond of doing things the command line way.
Chapter 3, Administrating OpenSSO, introduces to OpenSSO administration interfaces: a browser-based administrative console, and a command line interface called ssoadm.
Chapter 4, Authentication and Session Service, teaches at length about various authentication mechanisms supported by the OpenSSO server. It also teaches a lot about the session service, and SSO token structure and properties. Session high availability and constraints are one of the critical features to implement production level SSO deployments.
Chapter 5, Password Reset and Account Management, explains that OpenSSO provides a decent level of identity provisioning and management features. To circumvent the denial of service type attacks, OpenSSO employs various lockout mechanisms—a permanent and temporary lockout which customers could deploy in their specific environments. Another salient feature that is embedded as part of the OpenSSO server application is the password reset application.
Chapter 6, Protecting a Simple Web Application to Provide SSO, covers the basic principles of protecting a web application and providing a single login for multiple resources.
Chapter 7, Integrating Salesforce and Google Apps, covers extensively the idea behind the SaaS-based applications and how those applications can be integrated with the OpenSSO identity provider environment. It specifically discusses the detailed procedures for integrating the Salesforce.com applications and hosted Google Apps.
Chapter 8, Identity Stores, shows how OpenSSO is designed to support the commercially available LDAP servers. It also shows the caching and notification-related properties that form the key to achieving the optimal performance of the overall system.
Chapter 9, RESTful Identity Services, covers most of the supported REST interfaces of OpenSSO identity web services. It provides decent support for the operations that are typically consumed by the client-side programs.
Chapter 10, Backup, Recovery, and Logging, explains how it is critical to safeguard the configuration data to reconstruct the system from unexpected system crashes. It is also good practice to periodically backup the system for archival and audit purposes.
Chapter 11, Troubleshooting and Diagnostics, discusses how one can troubleshoot the configuration and deployment problems by using the OpenSSO diagnostic tools. This tool provides a means to identify and isolate the static configuration and deployment issues. Without this tool, identifying the root cause of the problems could be cumbersome.