Thursday, November 25, 2010

Steps for configuring OpenAM as IdP (Identity Provider) and Shibboleth as SP (Service Provider)

Following are detailed steps for configuring OpenAM as IdP (Identity Provider) and Shibboleth as SP (Service Provider)

Versions used for configuration:
OpenAM (Identity Provider) – 9.0
Shibboleth (Service Provider) – 2.3.1
OS Version – Ubuntu 9.04
Apache version – 2.2.6

(1) Configure OpenAM with necessary Directory Service configuration on host1.
(2) Configure Shibboleth SP version with some basic configuration on host2.
(3) Generate and save Shibboleth SP metadata using URL – http://host2/Shibboleth.sso/Metadata
(4) Edit the Shibboleth SP metadata and remove all XML digital signature and the nodes.
(5) Copy the generated SP metadata on the IdP server.
(6) Go to “Common Tasks” section and configure “Create Hosted Identity Provider”. If you want to use it in production, make sure to have your credentials in the keystore, for proof-of-concept scenarios the keystore contains one test key.
(7) Add a new “Circle of Trust” name within “Hosted Identity Provider” and save necessary settings.
(8) Grab the newly created OpenSSO IdP metadata XML (you can use either ssoadm.jsp export entity command or access directly /opensso/saml2/jsp/exportmetadata.jsp?entityid=)
(9) Put the metadata in a location which is accessible through a web URL.
(10) Login to the OpenAM UI and go to the Common Tasks section.
(11) Click on “Add Remote Service Provider” link.
(12) Select the file option and upload the Shibboleth Service Provider metadata file.
(13) Select common attributes and finish the setup.
(14) Now edit shibboleth2.xml file on the Shibboleth SP server and do following configurations:
1. In the section, add the site information.
2. Under section, add a block with proper site configuration.
3. In the section, select type=“Chaining” and add entityID of the OpenAM, as that configured in OpenAM metadata.
4. In the section, add line like:

This configuration would be read when shib daemon is restarted.
(15) In the apache config file, include Shibboleth's apache configuration file available in directory /etc/shibboleth/
(16) Restart apache configuration.
(17) Restart shibboleth daemon.
(18) Check the shibboleth log-files to ensure that shibboleth daemon was able to load IdP metadata without any issues.

(a) Test accessing a secure URL from Shibboleth SP server.
(b) Verify that client is redirected to SSO login URL of the IdP.
(c) Enter valid user authentication credentials and verify that client is redirected back to the Service Provider URL.

Monday, January 11, 2010

Special day (21st Dec, 2009)- MS Azure training program closing ceremony

21st Dec, 2009 was a very special day for me. I got acknowledged for voluntary contribution that I did by helping train 2009 pass-outs that did not had jobs / offers with them on Windows Azure. Microsoft Windows Azure was in Beta stage when this training program was planned by joint venture of Microsoft, Persistent, ICertis and PuneUserGroup in the month of July 2009. Microsoft Azure in the latest Cloud offering by Microsoft as PaaS (Platform as a Service), which allow developers to stay away from Infrastructure worries and only focus on development of application. Though this technology was new to me as well, but event coordinators arranged for Training the trainer program under which some initial jumpstart walk-through was given to trainers. Almost 150+ students attended the program regularly. After the training program, Microsoft had arranged for a contest in which students were suppose to develop an application using Azure and deploy it on to the test-accounts provided by Microsoft. I took this initiative to build onto my cloud knowledge of Amazon EC2 and adding another dimension of Microsoft Cloud offering. I was champion for 1st week and also took an introductory session of introducing Cloud + Azure to the students, also I acted as supporting volunteer during other weeks where sessions were held after office hours on weekdays and on weekends. After 3 and half months of contribution, my day became special because I got recognition for my efforts at the hands of Dr. Anand Deshpande who is the owner of the firm I am working at i.e. Persistent Systems. It is an achievement of a lifetime for me.

Saturday, January 2, 2010

My 1st blog post

This is my 1st blog post putting it on my website . Let me take this opportunity to introduce myself -

I started my career as Electronics Engineer from Vishwakarma Institute of Technology (VIT), Pune in year 2000. After graduation, I got offer from L&T, but on joining got rejected because of not having first class in each of the semesters. I again returned to Pune and did crash course in Java Development. Soon I joined a startup company Interactive Web Solutions. There I got real IT experience of a life-time. My mentor Proshanto Mitra trained me with useful technologies and supported me quite a lot. To my bad luck it was a recession period and our company got merged into Balasai Net Pvt Ltd. There I worked as Systems Programmer and gradually also got exposed to Web server Administration. This was a useful experience for me and learning curve of a life-time. All the knowledge that I learnt gave a firm concrete base to my career.

After working for 2 years in 2003, I decided to move on and then soon joined Ensim India Pvt Ltd as Support Engineer.
It was a nice work environment and got good experience of work-flow in product oriented company. It helped me grow up in hierarchy of career with good technical experience. But working in a product oriented company and doing repeatative tasks was not something I was looking for in my career.

In Sept 2004, I joined Persistent Systems Ltd (a Services oriented Company) as Senior Software Engineer taking care of Support Activity for one of its customers in Email domain. Last 5 years at Persistent have helped me bring stability to my career and also I grew up in the hierarchical ladder to be Technical Lead.