January 2010

Here we are now. The European commission has officially blessed Oracle’s bid for Sun Microsystems. I do think Oracle is a great opportunity to rebound and move forward even though sadness and regrets are very much present today. Thanks to James Gosling for creating this great picture below (his blog post is here):

Sun RIP (by James Gosling)

Thanks to my colleague Hua Cui, our OAuth implementation for OpenSSO is now upgraded to the latest 1.0a revision of the spec. There is no legacy support for (now deprecated) the 1.0 version (the version field hasn’t been changed in OAuth which, to me at least, does suggest deprecation of the previous release).

Since the signature mechanism in itself is not changed, there’s no update necessary to our Jersey OAuth signature library.

Give it a try!

Many people reading my previous posts about our OpenID extension for OpenSSO asked me where is the OP (OpenID Provider) code in the OpenSSO repository. The answer is that there’s no code for it (right now) and the reason for this is that we thought deployers would likely develop their own OP with all the appropriate checks in place. But since I do get these requests and to complete the example I described in previous posts, Below is the source code for the simplest (i.e. dumbest) OP one can think of.

To refresh our memories after the holiday break, the role of the OP web application is to hand out the metadata related to the OpenID identifiers of (presumably known) users. That metadata (in the form of an html page with metadata placed in the <head> section) points to the location of the related OpenID server (for both versions 1 & 2).

In the present example, we will simply hand out that information to any appropriately formed URL (see this post). A real OP should probably verify that the OpenID identifier used corresponds to an existing user.

Please note that for the code below I chose to make my life easier and used the Jersey API to quickly create a simple web application. You can of course use servlets instead (or whatever) but REST is so easy with Jersey!

Apologies for the formatting but the string is way too long to fit in any way I tried. The key parts of that string are the two <link rel=…> elements which define the OpenID endpoints. Of course you’ll need to change those to match your deployment.

import javax.ws.rs.Path;
import javax.ws.rs.GET;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.UriInfo;

* REST Web Service
* @author Hubert A. Le Van Gong <hubert.levangong at Sun.COM>

public class OP {
private UriInfo context;

String standard_profile = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
+ "<!DOCTYPE html PUBLIC\"-//W3C//DTD XHTML 1.0 Transitional//EN\"
+ \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\" >\n"
+"<html xmlns=\"http://www.w3.org/1999/xhtml\">\n"
+ " <head>\n"
+" <link rel=\"openid.server\" href=\"http://openid.example.com:49723/openid/service\"/>\n"
+" <link rel=\"openid2.provider\" href=\"http://openid.example.com:49723/openid/service\"/>\n"
+" <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\"/>\n"
+" <title>OpenSSO OpenID provider</title>\n"
+" <link rel=\"stylesheet\" type=\"text/css\" href=\"style.css\" />\n"
+" </head>\n"
+" <body>\n"
+" <div class=\"body\">\n"
+" <h2>This OpenID provider is based upon OpenID4Java & supports the following protocols</h2>\n"
+" <UL>\n"
+" <li>OpenID Authentication 2.0</li>\n"
+" <li>OpenID Authentication 1.1 (in compatibility mode)</li>\n"
+" <li>OpenID Attribute Exchange 1.0</li>\n"
+" <li>OpenID Simple Registration 1.0 and 1.1, draft 1</li>\n"
+" </UL>\n"
+" </div>\n"
+" <h2> To see the OpenID ID, view the source of this html page (usually achieved by right-clicking on the page)</h2>"
+" <div>\n"
+" </div>\n"
+" </body>\n"

/** Creates a new instance of OP */
public OP() {

* Retrieves representation of an instance of OP
* @return an instance of java.lang.String
public String gethtml() {
return standard_profile;