eBook: $26.99
Formats: PDF, PacktLib, ePub and Mobi formats
save 15%!
Print + free eBook + free PacktLib access to the book: $71.98    Print cover: $44.99
save 37%!
Free Shipping!
UK, US, Europe and selected countries in Asia.
Also available on:
Table of Contents
Sample Chapters
  • The first and the only book that focuses on implementing Single Sign-On using OpenAM
  • Learn how to use OpenAM quickly and efficiently to protect your web applications with the help of this easy-to-grasp guide
  • Written by Indira Thangasamy, core team member of the OpenSSO project from which OpenAM is derived
  • Real-world examples for integrating OpenAM with various applications

Book Details

Language : English
Paperback : 292 pages [ 235mm x 191mm ]
Release Date : January 2011
ISBN : 1849510229
ISBN 13 : 9781849510226
Author(s) : Indira Thangasamy
Topics and Technologies : All Books, Application Development, Open Source, Web Services

Table of Contents

Chapter 1: Getting Started
Chapter 2: OpenSSO Deployment and Configuration
Chapter 3: Administrating OpenSSO
Chapter 4: Authentication and Session Service
Chapter 5: Password Reset and Account Management
Chapter 6: Protecting a Simple Web Application to Provide SSO
Chapter 7: Integrating Salesforce and Google Apps
Chapter 8: Identity Stores
Chapter 9: RESTful Identity Services
Chapter 10: Backup, Recovery, and Logging
Chapter 11: Troubleshooting and Diagnostics
  • Chapter 1: Getting Started
    • History of OpenSSO
      • OpenSSO vs. OpenAM
      • OpenSSO—an overview
      • OpenSSO services
        • Federation services
        • Web Services Security and Secure Token Service
        • OpenSSO Entitlements Service
      • What kind of problems does OpenSSO solve?
        • Access management
        • Federation
        • Securing web services
        • Entitlements
    • Summary
    • Chapter 2: OpenSSO Deployment and Configuration
      • Deployment requirements for OpenSSO web application
        • Containers and operating systems support
        • Java SDK support
        • Disk and memory requirements
        • Browser requirements
      • Configuration store versus Identity Store
        • Configuration store
          • Embedded configuration store
          • External Sun Directory Server Enterprise Edition configuration store
        • Identity store
      • How to obtain OpenSSO
        • Building OpenSSO from source
        • Downloading OpenSSO binary
      • Configuring OpenSSO
        • Installing and configuring Apache Tomcat 6.0.20
        • OpenSSO one click configuration
        • Verifying OpenSSO configuration
        • What just happened?
      • OpenSSO–configuration choices
        • Single server configuration–using embedded configuration store
          • Layout of the configuration directory
        • Single server configuration–using external configuration store
        • Multi-server configuration–embedded configuration store
          • Prerequisites for multi-server configuration
          • Adding OpenSSO to an existing deployment
          • Verification of multi-server deployment
        • Configuring using command line configurator
        • Configuring OpenSSO with SSL/TLS
        • Configuring command line tools
        • Uninstalling OpenSSO
      • OpenSSO release and support model
      • Summary
      • Chapter 3: Administrating OpenSSO
        • Administration interfaces
        • Accessing the administrative console
        • Console views and privileges
          • Console landing page–common tasks
          • Access control tab
            • General
            • Authentication
            • Service
            • Data stores
            • Privileges
            • Policies
            • Subjects
            • Agents
          • Configuration
            • Retrieving all the server properties
            • Updating server configuration properties
            • Removing properties from server configuration
          • Sessions tab
            • Managing sessions using ssoadm
        • Customizing the console
          • Extending LDAP schema
          • Customizing OpenSSO User Service
            • Adding attributes to amUser.xml
            • Removing User Service schema
            • Adding the updated User Service schema
            • Adding the labels
            • Adding the custom attributes to data store configurations
            • Updating privileges
            • Testing the changes
        • Summary
        • Chapter 4: Authentication and Session Service
          • Authentication process
            • Cookies in OpenSSO
            • Authentication types and URL parameters
              • Module
              • Level
              • Service
              • User
              • Role
              • Realm
              • Resource
            • Other authentication URL parameters
              • IDToken parameter
              • goto and gotoOnFail parameters
              • locale parameter
              • arg parameter
              • iPSPCookie parameter
              • ForceAuth parameter
              • PersistAMCookie parameter
          • Authentication modules, instances, and chains
            • LDAP authentication
              • Creating an authentication instance
              • Updating an authentication instance
              • Reading an authentication instance
              • Using an authentication instance
              • Deleting an authentication instance
            • Authentication chains
              • Creating an authentication chain
              • Updating an authentication chain
              • Reading an authentication chain
              • Using an authentication chain
              • Performing a user-based authentication
              • Deleting an authentication chain
          • Authentication modules
            • LDAP
            • Active Directory
            • Data store
            • Anonymous
            • Certificate (X.509)
          • Configuring Tomcat in SSL using CA signed certificate
            • HTTP basic authentication
            • Membership
            • JDBC
            • HOTP
            • SecurID
            • SafeWord
            • RADIUS
            • Unix
            • Windows NT
            • Windows Desktop SSO
            • Core
              • User profile requirement
              • Setting user profile attributes in an SSO token
          • Adding custom authentication modules
          • Session Service
            • Session Service schema
              • Updating Session Service
            • Session life cycle
              • Session structuring
              • Session state transition
              • Session properties
              • Session change notification and polling
              • Session persistence and constraints
          • Summary
          • Chapter 5: Password Reset and Account Management
            • Account lockout
            • Configuring account lockout
              • Physical lockout
              • In-memory lockout
            • Applying a password reset
              • Prerequisites
              • Configuring the password reset service in OpenSSO
                • Assigning service and update service attributes
                • Creating and assigning OpenDS password policy
            • Summary
            • Chapter 6: Protecting a Simple Web Application to Provide SSO
              • OpenSSO Policy Framework
              • Protecting a sample application on Tomcat
                • Creating the agent profile
                • Installing and configuring the agents
                • Deploying and configuring the Java application
                • Creating policies and associated identities
                • Testing the SSO
                • Fetching user profile attributes
            • Summary
              • Chapter 7: Integrating Salesforce and Google Apps
                • Integrating OpenSSO with Salesforce applications
                  • Configuring hosted identity provider and circle of trust
                  • Configuring OpenSSO metadata for
                  • Configuring users for
                  • Verifying the SSO
                • Integrating with Google Apps
                  • Configuring the hosted identity provider
                  • Configuring SSO parameters at Google Apps
                  • Configuring users for Google Apps
                  • Verifying SSO
                • Summary
                • Chapter 8: Identity Stores
                  • Identity store types
                  • Caching and notification
                    • Persistent search-based notification
                    • Time-to-live based notification
                    • TTL-specific properties for Identity Repository cache
                  • Supported identity stores
                    • User schema
                    • Access Manager Repository plugin
                      • Creating an Access Manager Repository plugin data store
                      • Displaying the data store properties
                      • Updating data store properties
                      • Deleting data stores
                      • Removing the Access Manager Repository plugin
                    • Oracle Directory Server Enterprise Edition
                      • Creating a data store for Oracle DSEE
                      • Updating the data store
                      • Deleting the data store
                    • Data store for OpenDS
                    • Data store for Tivoli DS
                    • Data store for Active Directory
                    • Data store for Active Directory Application Mode
                    • Datastore for OpenLDAP
                    • Configuring an OpenLDAP suffix
                    • Extending the schema
                    • Preparing the suffix with necessary entries
                    • Creating an OpenLDAP data store
                    • Testing the data store
                    • Multiple data stores
                  • Summary
                  • Chapter 9: RESTful Identity Services
                    • Prerequisites
                    • Invoking REST interfaces
                      • Authentication
                      • Authenticating with URL parameters
                      • Validating an SSO token
                      • Invalidating session (logout)
                      • Creating log events
                      • Authorization
                    • Identity CRUD operations
                      • Searching identities
                        • Searching for user identities
                        • Searching groups
                        • Searching for agents
                      • Retrieving identity attributes
                      • Creating agent identities
                      • Creating user identities
                      • Creating group identities
                    • Updating identities
                      • Deleting identities
                        • Deleting user identities
                        • Deleting group identities
                        • Deleting the agent identities
                    • Other REST interfaces
                    • Summary
                    • Chapter 10: Backup, Recovery, and Logging
                      • Backing up configuration data
                        • Backing up the OpenSSO configuration files
                        • Backing up the OpenSSO configuration data
                        • Crash recovery and restore
                      • Test to production
                        • Performing the configuration change
                          • Configuring the export test server
                          • Configuring OpenSSO on the production server
                          • Adapting the test configuration data
                          • Importing into the production system
                        • OpenSSO audit and logging
                          • Enabling debug (trace) level logging
                          • Audit logging
                        • File-based logging
                        • Database logging
                          • Remote logging
                          • Secure logging
                      • Summary
                      • Chapter 11: Troubleshooting and Diagnostics
                        • OpenSSO diagnostic tools
                          • Installing and configuring the tool
                          • Invoking the tool
                        • Troubleshooting
                          • Installation and configuration
                            • Scenario 1
                            • Scenario 2
                            • Scenario 3
                            • Scenario 4
                          • Authentication and session areas
                            • Scenario 1
                            • Scenario 2
                            • Scenario 3
                            • Scenario 4
                          • Identity repository and password reset
                            • Scenario 1
                            • Scenario 2
                            • Scenario 3
                            • Scenario 4
                            • Scenario 5
                          • Policy and agents
                            • Scenario 1
                            • Scenario 2
                            • Scenario 3
                          • Command line tools
                            • Scenario 1
                            • Scenario 2
                        • Summary

                        Indira Thangasamy

                        Indira Thangasamy is currently serving as a software development senior manager at Oracle Corporation, managing the Fusion middleware access management quality engineering organization. Indira spent over a decade at Sun Microsystems Inc. in various roles. He has been associated with the OpenSSO product since its inception and has been instrumental in delivering a high-quality product to the customers. Indira is very passionate about technology. He graduated with an M.Tech. in Computer Science, started his career as an embedded systems developer in Germany, and later served as a security consultant at Wells Fargo before joining
                        Sorry, we don't have any reviews for this title yet.

                        Code Downloads

                        Download the code and support files for this book.

                        Submit Errata

                        Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.

                        Sample chapters

                        You can view our sample chapters and prefaces of this title on PacktLib or download sample chapters in PDF format.

                        Frequently bought together

                        OpenAM +    JBoss ESB Beginner’s Guide =
                        50% Off
                        the second eBook
                        Price for both: $39.00

                        Buy both these recommended eBooks together and get 50% off the cheapest eBook.

                        What you will learn from this book

                        • Build OpenAM from the source
                        • Configure OpenAM in a high availability scenario using a load balancer
                        • Obtain support for your OpenAM deployment
                        • Learn how to administer OpenAM using UI and command-line tools
                        • Create custom privileges for different user levels
                        • Set up and configure authentication modules
                        • Learn about SSO session properties and its life cycle
                        • Implement SSO to protect web applications using OpenAM
                        • Install and configure OpenAM policy agents for Apache Tomcat
                        • Pass attribute values as Cookies, headers, and response attributes
                        • Integrate Salesforce and Google Apps with OpenAM infrastructure using SAMlv2 protocol
                        • Use REST-based identity web services to perform authentication, authorization, and audit
                        • Perform OpenAM backup and recovery
                        • Configure audit logging for OpenAM using Oracle and MySQL
                        • Configure secure logging for OpenAM
                        • Troubleshoot OpenAM
                        • Configure diagnostic tools for OpenAM

                        In Detail

                        OpenAM is an open source continuation of the OpenSSO project that was taken over, and later scrapped, by Oracle. OpenAM is the only commercial-grade, feature-rich web application that provides SSO solutions. It has a variety of features and a powerful Single Sign-On capability, but the implementation can be tricky, and the unorganized and incoherent online documentation is not very helpful.

                        The OpenAM book will serve as a guide to everything you need to know to get started with implementing Single Sign-On using OpenAM to protect your web applications, along with real-world examples.

                        The author's extensive experience in testing and troubleshooting OpenAM enables him to share insights on how the product works, its strengths, its weaknesses, and some inside information.

                        If you are reading this, you probably want to protect your web application using OpenAM. The book starts off with an introduction to OpenAM and describing the core features and the kind of problems that can be solved by OpenAM. Then it provides you with detailed instructions on how to protect your web applications by using OpenAM server and policy agents. You will also learn about the user interface elements in order to manage OpenAM successfully. You'll understand the concepts of identity web services provided by OpenAM. There are examples in the book that describe how the REST-based identity services can be invoked and utilized. In the final chapters, you will find detailed discussions about backup, recovery, and audit logging.

                        The book concludes by discussing some of the common OpenAM problems and tips to troubleshoot them. Although the project name has changed from OpenSSO to OpenAM, the product screen and file names still reflect OpenSSO. Hence, you will encounter the term "OpenSSO" throughout the book.

                        This practical, hands-on guide will teach you how to protect your web applications by implementing Single Sign-On (SSO) using OpenAM.


                        This book is a step-by-step tutorial stuffed with practical, real-world examples. It is designed in such a way that if you are already familiar with OpenAM, you can easily skip to a later chapter without missing a beat. You should be able to quickly grasp the basic elements of OpenAM before moving on to the more advanced features and functionality.

                        Who this book is for

                        If you are a security architect or a solution developer responsible for the design and development of web-based enterprise applications that need to provide authentication, authorization, and audit facilities along with SSO capabilities, then this book is for you. You do not require any prior knowledge of OpenAM to read this book. Familiarity with Java will be helpful, but is not essential.

                        Code Download and Errata
                        Packt Anytime, Anywhere
                        Register Books
                        Print Upgrades
                        eBook Downloads
                        Video Support
                        Contact Us
                        Awards Voting Nominations Previous Winners
                        Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
                        Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software