Tuesday, December 20, 2011

OpenAM Fedlet

A customer asked me what's a OpenAM Fedlet and its usage. 

There isn't a lot of detailed document on OpenAM Fedlet. But this article from Oracle is great!

ForgeRock's documentation only has a section on Using Fedlets in Java Web Applications.

In layman term, this is my interpretation of Fedlet:

Basically, big organizations with budget will be using OpenAM Federation service.

e.g. One organization will install OpenAM to act as IdP (Identity Provider), while the rest of the organizations will enable their applications to be SAMLv2 -ready. These applications will then act as SP (Service Provider).

However, this takes time and effort and money.

Smaller organizations will definitely not be able to overhaul their applications to be SAMLv2-ready, as it is not cost-effective. So the way to go is to just deploy Fedlets (generated from OpenAM servers).

The Fedlet will act like a bridge between the OpenAM server (acting as IdP) and the applications.

It's simple and neat.


1 comment:

  1. Hi,

    I'm new to OpenAM and was quite interested in doing the federation part.I have deployed OpenAM as IdP on one server and have deployed a simple web application with two jsp's on another server. I have configured the same with Circle of Trust and have created a fedlet.zip. As per the documentation, I have to just integrate the fedlet in my running application to eneble SSO. I have merged the required files as in the README.txt which comes in fedlet.zip and have tested the federation connectivity which works well. However when I run my application separately, I don't see any SSO taking place. Please comment on this as I'm stuck on.

    Thanks in Advance