OpenAM (Open Access Management) originated as OpenSSO, (Open Single Sign-On) an access management system created by Sun Microsystems and now owned by Oracle Corporation. OpenAM is a fork which was initiated following Oracle's purchase of Sun.
Announced by Sun Microsystems in July 2005,[3] OpenSSO was based on Sun Java System Access Manager, and was the core of Sun's commercial access management and federation product, OpenSSO Enterprise (formerly Sun Access Manager and Sun Federation Manager).
In July 2008, Sun announced paid support for regular "Express" builds of OpenSSO. Sun's stated intent was that express builds would be released approximately every three months, allowing customers early access to new features.[4]
In September 2008, Sun announced OpenSSO Enterprise 8.0, the first commercial product derived from the OpenSSO project.[5] OpenSSO Enterprise 8.0 was released in November 2008.[6]
OpenSSO Enterprise won the "Security" category of the Developer.com Product of the Year 2009 awards.[7]
In May 2009, shortly after Oracle's acquisition of Sun was announced, OpenSSO Enterprise 8.0 Update 1 was released.
Oracle completed their acquisition of Sun Microsystems in February 2010, and shortly thereafter removed OpenSSO downloads from their website in an unannounced policy change. OpenSSO was forked as OpenAM, developed and supported by ForgeRock.[8]
ForgeRock announced in February 2010 that they would continue to develop and support OpenSSO from Sun now that Oracle had chosen to discontinue development on the project.[9] ForgeRock renamed the product to OpenAM as Oracle retained the rights to the name OpenSSO. ForgeRock also announced that they would continue delivering on the original Sun Microsystems roadmap.[10][11] It was sponsored by ForgeRock until 2016.[12][13]
In November 2016, without any official statement, ForgeRock closed OpenAM source code, renamed OpenAM to ForgeRock Access Management and began distributing source code under a paid, commercial license.[12]
OpenAM supports more than 20 authentication methods out-of-the-box. OpenAM has the flexibility to chain methods together along with Adaptive Risk scoring, setup Multi-factor authentication or to create custom authentication modules based on the JAAS (Java Authentication and Authorization Service) open standard. Integrated Windows Authentication is also supported to enable a completely seamless, heterogeneous OS and Web application SSO environment.
OpenAM provides authorization policy from basic, simple, coarse-grained rules to highly advanced, fine-grained entitlements based on XACML (eXtensible Access Control Mark-Up Language). Authorization policies are abstracted from the application, allowing developers to quickly add or change policy as needed without modification to the underlying application.
The adaptive risk authentication module is used to assess risks during the authentication process, and to determine whether to require that the user complete further authentication steps. Adaptive risk authentication determines, based on risk scoring, whether more information from a user is required when they log in. For example, a risk score can be calculated based on an IP address range, access from a new device, account idle time, etc., and applied to the authentication chain.
Federation services securely share identity information across heterogeneous systems or domain boundaries using standard identity protocols (SAML, WS-Federation, OpenID Connect). Quickly set up and configure service provider or cloud service connections through the Fedlet, OAuth2 Client, OAuth2 Provider, or OpenIG Federation Gateway. The OpenIG Federation Gateway is a component of OpenAM providing a SAML2 compliant enforcement point and allows businesses to quickly add SAML2 support to their applications with little to no knowledge of the standard. In addition, there is no need to modify the application or install any plugin or agent on the application container. Out-of the-box tools enable simple task-based configuration of G Suite, ADFS2, along with many other integration targets. OpenAM can also act as a multiprotocol hub, translating for providers who rely on other, older standards. OAuth2 support is an open standard for modern federation and authorization, allowing users to share their private resources with tokens instead of credentials.
OpenAM provides multiple mechanisms for SSO, whether the requirement is enabling cross-domain SSO for a single organization, or SSO across multiple organizations through the Federation Service. OpenAM supports multiple options for enforcing policy and protecting resources, including policy agents that reside on web or application servers, a proxy server, or the OpenIG (Identity Gateway). OpenIG runs as a self-contained gateway and protects web applications where installing a policy agent is not possible.
To enable high availability for large-scale and mission-critical deployments, OpenAM provides both system failover and session failover. These two key features help to ensure that no single point of failure exists in the deployment, and that the OpenAM service is always available to end-users. Redundant OpenAM servers, policy agents, and load balancers prevent a single point of failure. Session failover ensures the user's session continues uninterrupted, and no user data is lost.
Developer access
OpenAM provides client application programming interfaces with Java and C APIs and a RESTful API that can return JSON or XML over HTTP, allowing users to access authentication, authorization, and identity services from web applications using REST clients in their language of choice. OAuth2 also provides a REST Interface for the modern, lightweight federation and authorization protocol.
^"Sun Microsystems Extends Leadership Position in Identity Management — First Vendor To Open Source Web Single Sign-On Technology". Sun Microsystems. 2005-07-13.
^"Sun Microsystems Announces Sun OpenSSO Express". Sun Microsystems. 2008-07-23.
^"Sun Microsystems Unveils OpenSSO Enterprise — Next-Generation Access Management, Federation and Secure Web Services Solution". Sun Microsystems. 2008-09-30.
^"Sun OpenSSO Enterprise 8.0 Revenue Release (RR) is official". Sun Microsystems. 2008-11-11.[permanent dead link]
^. Developer.com. 2009-01-14. Archived from the original on 2011-12-13. Retrieved 2016-08-28.
^. The H. 24 February 2010. Archived from the original on 8 December 2013.
openam, open, source, access, management, entitlements, federation, server, platform, supported, open, identity, platform, community, admin, consoleinitial, releasenovember, 2008, 2008, opensso, february, 2010, 2010, forgerock, march, 2018, 2018, community, st. OpenAM is an open source access management entitlements and federation server platform Now it is supported by Open Identity Platform Community 2 OpenAMOpenAM Admin ConsoleInitial releaseNovember 11 2008 2008 11 11 OpenSSO February 7 2010 2010 02 07 Forgerock OpenAM March 1 2018 2018 03 01 OpenAM Community Stable releaseRelease 14 8 1 1 October 31 2023 2023 10 31 Repositoryhttps github com OpenIdentityPlatform OpenAMWritten inJavaOperating systemLinux Solaris Windows Mac OS AIXAvailable inEnglish French German Spanish Japanese Korean Simplified Chinese and Traditional ChineseTypeIdentity and access managementLicenseCDDLWebsitegithub wbr com wbr OpenIdentityPlatform wbr OpenAM wbr OpenAM Open Access Management originated as OpenSSO Open Single Sign On an access management system created by Sun Microsystems and now owned by Oracle Corporation OpenAM is a fork which was initiated following Oracle s purchase of Sun Contents 1 History 2 Features 3 See also 4 References 5 External linksHistory editAnnounced by Sun Microsystems in July 2005 3 OpenSSO was based on Sun Java System Access Manager and was the core of Sun s commercial access management and federation product OpenSSO Enterprise formerly Sun Access Manager and Sun Federation Manager In July 2008 Sun announced paid support for regular Express builds of OpenSSO Sun s stated intent was that express builds would be released approximately every three months allowing customers early access to new features 4 In September 2008 Sun announced OpenSSO Enterprise 8 0 the first commercial product derived from the OpenSSO project 5 OpenSSO Enterprise 8 0 was released in November 2008 6 OpenSSO Enterprise won the Security category of the Developer com Product of the Year 2009 awards 7 In May 2009 shortly after Oracle s acquisition of Sun was announced OpenSSO Enterprise 8 0 Update 1 was released Oracle completed their acquisition of Sun Microsystems in February 2010 and shortly thereafter removed OpenSSO downloads from their website in an unannounced policy change OpenSSO was forked as OpenAM developed and supported by ForgeRock 8 ForgeRock announced in February 2010 that they would continue to develop and support OpenSSO from Sun now that Oracle had chosen to discontinue development on the project 9 ForgeRock renamed the product to OpenAM as Oracle retained the rights to the name OpenSSO ForgeRock also announced that they would continue delivering on the original Sun Microsystems roadmap 10 11 It was sponsored by ForgeRock until 2016 12 13 In November 2016 without any official statement ForgeRock closed OpenAM source code renamed OpenAM to ForgeRock Access Management and began distributing source code under a paid commercial license 12 Several free and open source forks of OpenAM now exist under the Common Development and Distribution License The Open Identity Platform Community which has opted to carry on the OpenAM Community name now that ForgeRock has re branded the commercial product The Wren Security community which has opted to re brand OpenAM to Wren AM to avoid conflict with ForgeRock s original product Features editOpenAM supports the following features 14 Authentication OpenAM supports more than 20 authentication methods out of the box OpenAM has the flexibility to chain methods together along with Adaptive Risk scoring setup Multi factor authentication or to create custom authentication modules based on the JAAS Java Authentication and Authorization Service open standard Integrated Windows Authentication is also supported to enable a completely seamless heterogeneous OS and Web application SSO environment Authorization OpenAM provides authorization policy from basic simple coarse grained rules to highly advanced fine grained entitlements based on XACML eXtensible Access Control Mark Up Language Authorization policies are abstracted from the application allowing developers to quickly add or change policy as needed without modification to the underlying application Adaptive risk authentication The adaptive risk authentication module is used to assess risks during the authentication process and to determine whether to require that the user complete further authentication steps Adaptive risk authentication determines based on risk scoring whether more information from a user is required when they log in For example a risk score can be calculated based on an IP address range access from a new device account idle time etc and applied to the authentication chain Federation Federation services securely share identity information across heterogeneous systems or domain boundaries using standard identity protocols SAML WS Federation OpenID Connect Quickly set up and configure service provider or cloud service connections through the Fedlet OAuth2 Client OAuth2 Provider or OpenIG Federation Gateway The OpenIG Federation Gateway is a component of OpenAM providing a SAML2 compliant enforcement point and allows businesses to quickly add SAML2 support to their applications with little to no knowledge of the standard In addition there is no need to modify the application or install any plugin or agent on the application container Out of the box tools enable simple task based configuration of G Suite ADFS2 along with many other integration targets OpenAM can also act as a multiprotocol hub translating for providers who rely on other older standards OAuth2 support is an open standard for modern federation and authorization allowing users to share their private resources with tokens instead of credentials Single sign on SSO OpenAM provides multiple mechanisms for SSO whether the requirement is enabling cross domain SSO for a single organization or SSO across multiple organizations through the Federation Service OpenAM supports multiple options for enforcing policy and protecting resources including policy agents that reside on web or application servers a proxy server or the OpenIG Identity Gateway OpenIG runs as a self contained gateway and protects web applications where installing a policy agent is not possible High availability To enable high availability for large scale and mission critical deployments OpenAM provides both system failover and session failover These two key features help to ensure that no single point of failure exists in the deployment and that the OpenAM service is always available to end users Redundant OpenAM servers policy agents and load balancers prevent a single point of failure Session failover ensures the user s session continues uninterrupted and no user data is lost Developer access OpenAM provides client application programming interfaces with Java and C APIs and a RESTful API that can return JSON or XML over HTTP allowing users to access authentication authorization and identity services from web applications using REST clients in their language of choice OAuth2 also provides a REST Interface for the modern lightweight federation and authorization protocol See also edit nbsp Computer programming portalGlassFish OpenDS OpenDJ OpenIDM List of single sign on implementationsReferences edit OpenAM Downloads GitHub Open Identity Platform Community GitHub Sun Microsystems Extends Leadership Position in Identity Management First Vendor To Open Source Web Single Sign On Technology Sun Microsystems 2005 07 13 Sun Microsystems Announces Sun OpenSSO Express Sun Microsystems 2008 07 23 Sun Microsystems Unveils OpenSSO Enterprise Next Generation Access Management Federation and Secure Web Services Solution Sun Microsystems 2008 09 30 Sun OpenSSO Enterprise 8 0 Revenue Release RR is official Sun Microsystems 2008 11 11 permanent dead link Winners of the Developer com Product of the Year 2009 Are Announced Developer com 2009 01 14 Archived from the original on 2011 12 13 Retrieved 2016 08 28 Oracle kills OpenSSO Express ForgeRock steps in The H 24 February 2010 Archived from the original on 8 December 2013 ForgeRock Extending Sun s OpenSSO Platform InternetNews OpenSSO neglected by Oracle gets second life Archived 2012 10 15 at the Wayback Machine ForgeRock Picks Up Sun s Open Source Identity Datamation a b ForgeRock has shuttered the open source community and no longer allows new development on their platform under a permissive license timeforafork June 1 2017 Archived from the original on 2017 10 03 Retrieved 2022 11 01 OpenAM product no longer being publicly developed by ForgeRock stackoverflow com ForgeRock Access Management OpenAM fork External links editForgerock Official Website proprietary OpenAM at Open Hub OpenSSO inactive project page OpenSSO at Open Hub OpenSSO Freecode Retrieved from https en wikipedia org w index php title OpenAM amp oldid 1184407768, wikipedia, wiki, book, books, library,
