Ferry Meewisse, a dutch bag designer, who runs the web site frrry.com, bags & fashion accessories, is using SSOCircle as a login option for partners and employees.
frrry-login-screen
Beside Google, Yahoo!, MySpace.com, myOpenID and generic OpenID, they have the option to log in via SSOCircle and leverage several strong authentication options like X.509 certificates, USB tokens and OTP options like Yubikey or Swekey.
As part of project PicketLink Marcel Kolsteren, Seam Integration Lead, developed a module that allows developers to easily connect their seam application to external identity providers. The module supports SAML and OpenID. It also ships with an out-of-the box integration with SSOCircle. You will find a preconfigured saml-entities.xml file which includes the meta data for SSOCircle public IDP.
In his article External authentication example using SSOCircle he describes how to deploy the application, login via SSOCircle – either by choosing the IDP explicitly (see screen)
login page seam module
or by automatic redirection – and logout – either by local logout ( only from the seam application) or by global logout ( destroying the local session and the session at SSOCircle IDP).
Please note: if you need a private IDP to integrate with, check out our white label hosted IDP offering called IDPee. The private IDP has its own user database, can be customized to your branding and can be configured for several strong authentication methods. For more information: http://www.ssocircle.com/plans.shtml
We liked the comment he sent to us during his test work:
“I’m glad that SSOCircle exists … it’s very handy for developers and good promotion for SAML in general! For OpenID it’s very easy to find lots of free identity providers in the cloud, but for SAMLv2 SSOCircle seems to be unique.”
About PicketLink (Quote from http://www.jboss.org/picketlink )
PicketLink is an umbrella project that aims to address different Identity Management needs. PicketLink is an important project under the security offerings from JBoss and includes the following components:
It is already 3 years ago when SSOCircle, the free public multi protocol IDP, went into production. What happens in the past year ? We added new devices to our strong authentication options: The Yubikey and the Swekey, two new innovative OTP tokens. Users do not need to type in the one time passwords. In case of Yubikey you just have to push a button and in case of the Swekey the password is read by a tiny piece of JavaScript.
We also added some new demos like the one with Salesforce (which includes Google Apps SSO), the downloadable award winning Fedlet and last not least our SAML enabled Wordpress Blog.
On the other side we saw a decline of interest at the end of 2008 and the first months of 2009. Less users subscribed to the IDP and visited the web site. An impact of the economical downturn ? The good news is that the numbers came back to the values of mid 2008 in the second half of 2009.
We also anticipated analyst attention as the Burton Group published a report called “New Direction in Federation“. Read our blog here. The report introduced “Federation identity hosted services” and gave a good market overview about the offerings.
The new Spring Security SAML modul was released and many developpers tested it against SSOCircle SAML IDP. And there are other very intereting services testing …
So, please stay tuned this year. There are many new things coming this year. We are quite sure that 2010 will see the
breakthrough for “new directions in federation”.
Recently Salesforce.com added SAML 2.0 support. We have launched a sample that allows users to single sign on to Salesforce with their exisiting SSOCircle account. The individual account is mapped to a group account (due to our limitation in salesforce users).
Just click on the IDP initiated SSO link and you will be prompted to sign on to SSOCircle (if not already in session).
After SSO to Salesforce.com
Great to see is the integration of Google Apps into Salesforce.com. Just click on the sign on link in the chat window and SSOCircle is doing the SSO magic behind the scenes (sure – you need to have a SSOCircle Google Apps account created before)
Salesforce with SSOCircle SSO to Google Apps
Salesforce.com is checking for your IP address for additional security. Access from IP addresses not explicitly allowed must be confirmed by the user. If you experience this in the demo, please contact us.
Visit our new SAML 2.0 enabled Wordpress blogging system, where we moved all our articles from the former news section. You have to log in with your SSOCircle account to leave a comment. We also added some newsfeeds from interesting blogs on identity. We hope that it will be a usefull source for all identity-minded. The Wordpress plugin is a derivation of the simpleSAMLphp plugin of David O’Callaghan. Thanks to him for getting us started.
SSOCircle and IDPee now support different SAML2 authentication contexts. The SP is now able to require that a user is authenticated at the specified security strength. SSOCircle will determine the current authentication level and if necessary, asking the user to reauthenticate to the stronger security level.
Think of three different types of use cases. For example a simple bookmarking application that is accessed by a mobile device. For convenience you might decide to use a simple MSISDN automatic user recognition at SSOCircle. But if you are now accessing your Email at Google Apps, you definitely like to have a better protection of the emails. SSOCircle now enforces username/password authentication and upgrades your existing session. Consider now you like to regard your companies sales report application. In this case username / password might not be enough. The application may require that you are authenticated by a X.509 client certificate, issued to your Smart Card token.
Read our technical description for a detailed explanation of how all this works, what you have to do to leverage authentication context levels and which levels SSOCircle and IDPee support. Have a look on our secure lightbulb example which complements the previous lightbulb application to a demonstration of how an application might enforce a stronger authentication.
How long does it take to setup an IDP ? Do you really want to read long manuals and fighting with installation and certificates ? Are you dreaming of automagically connect ? IDPee.com, the identity provider enterprise edition comes as a hosted service. Reducing your setup and operational costs, SAML v2 IDP is now getting affordable and manageable without hiring expensive specialists. IDPee comes with advanced security features like client certificate authentication ( automatic enrollement of X.509 certificates in your browser ) or even stronger security with smart card tokens. Different plans are available according to your requirements. We have just started public beta. Please register and start your own private IDP. Your IDP will be reachable by .idpee.com and can be customized to your corporate identity.
SSOCircle has started a pilot to support OpenID. You can now use your SSOCircle account at OpenID relying parties. Just type in <yourSSOCircleID>.ssocircle.com as your personal OpenID URL at the service site and experience SSO that opens up the SAML and the OpenID world.
You can now download a sample SAML 2.0 service provider and install it in your web server. The sample is a static linked C executable which is preconfigured to use SSOCircle as an IDP. You just need a few steps to adopt it to your site. The steps are outlined in solutions.
The download service provider is another sample how federation can ease deployments – and last but not least the download service provider is implemented in PERL leveraging the multi language support of ZXID.
OpenSSO Blogs Kuppinger & Cole Burton Group Identity Blog