After 4 consecutive weeks working in several projects in Oslo, I am back home !
Unfortunately this weekend I had to work remotely as well, but this seems to be coming to an end before enjoying some well deserved holidays.
While I was in Oslo, my girlfriend visited me during some days and we went to some places of interest, amongst these there was the Munch museum. I felt very connected with this famous picture of Edvard Munch. I concluded that may be the model was trying to do some sort of Federation …
;-)
Hi, I have to say that it has not been easy, but we have to recognize that it is getting better. The installation I refer is a Federation Manager running on IBM Websphere on Windows 2000. This is not the preferred environment for a Sun application, but we are talking of a J2EE application and portability is one of the advantages of a Java application, right ? . Anyway due to some constrains and pre-requisites, there was no other option (actually there was, but it was not taken).
After several weeks of struggling with an old operating system, a picky Application Server, and some not very sticky Load Balancers (It was not the load balancer, but the load balancing architecture) the installation was stable, so we decided today to go one step forward and enable Digital Signing on the Sun Federation Manager with SAML v2.0 plugin that we are using as a Service Provider (SP) implementation of SAML 2.0 in a very important project running in Norway.
The goal of using digital signatures is to achieve non-repudiation in the applications that use the Authentication Services of the IdP and the SP. From the purely tehnical point of view, it means that enabling XML signing will allow to send Authentication Requests digitally signed and receive Artifact Resolves (Assertions) also signed by the Identity Provider (IdP).
The main challenge was to set the proper JKS (Java Key Store) and instruct the Federation Manager to use it. We initially try using the “keyman” that comes with IBM Websphere, but with no avail. So at the end we opted for using the “old good” keytool. The installation is almost running, now the problem seem to be the IdP that is not signing the Assertion, this is likely due to a missconfiguration. Tomorrow we will talk with the IdP guys.
Copyright © 2006-2019 BalamIT. All rights reserved.