Jul 22, 2009

WSO2 Identity Server 2.0.0 is released.

The WSO2 Identity Server team is pleased to announce the release of version 2.0.0 of the Open Source WSO2 Identity Server (IS).

IS 2.0.0 release is available for download at [1].

This is based on revolutionary the WSO2 Carbon [2] framework, Middleware a la carte'.

All the major features have been developed as pluggable Carbon components.

New Features
1. Entitlement Engine with XACML 2.0 support.
2. Claim based Security Token Service.
3. Extension points for SAML assertion handling.
4. XMPP based multi-factor authentication.
5. Improved User Management.
6. Claim Management.
7. User Profiles and Profile Management.
8. XKMS.
9. Separable front-end & back-end - a single front-end server can be used to administer several back-end servers.
10. Bug fixes and enhancements.

Other Features
1. Information cards provider supporting Managed Information Cards backed by user name / password and self-issued cards.
2. Information cards support for SAML 1.1/2.0 token profiles.
3. OpenID provider.
4. Multi-factor authentication with information cards.

How to Run
1. Extract the downloaded zip.
2. Go to the bin directory in the extracted folder.
3. Run the wso2server.sh or wso2server.bat as appropriate.
4. Point your browser to the URL https://localhost:9443/carbon
5. Use "admin", "admin" as the user name and password.
6. If you need to start the OSGi console with the server use the property -DosgiConsole when starting the server

Known issues
All the known issues have been filed here [3],[4]. Please report any other issues you find as JIRA entries.

Contact us

WSO2 Identity Server developers can be contacted via the mailing lists:
For Users: identity-user@wso2.org
For Developers: identity-dev@wso2.org

Alternatively, questions can also be raised in the Identity Server forum at http://wso2.org/forum/308


WSO2 Inc. offers a variety of professional Training Programs, including training on general Web services as well as WSO2 Identity Server,
Apache Axis2, Data Services and a number of other products. For additional support information please refer to http://wso2.com/training/course-catalog/



WSO2 Inc. offers a variety of development and production support programs, ranging from Web-based support up through normal business
hours, to premium 24x7 phone support. For additional support information please refer to http://wso2.com/support/

For more information on WSO2 Identity Server, visit the WSO2 OxygenTank[5].

Thank you for your interest in WSO2 Identity Server.

-The WSO2 Identity Server team

Jul 19, 2009

Learn SOA security in a brain friendly manner

Have you ever tried to study SOA Security? It is kind of time taking and a bit of complex job. It contains a huge stack of standards like WS Security, WS Security Policy, WS Trust, WS Username Token Profile, SAML, and many more down the line, and a lot of new buzz words, terminology. You might have gone through each of these documents, spent hours in finding the relationship among them. It needs days of brainstorming and lot of hands on experience, believe me..

But this is the best point to start learning SOA Security, build the big picture, and then go into deep. This presentation by Prabath Siriwardena, who leads the WSO2 Security Team touches all the corners of SOA Security in a brain friendly manner. He has adopted a Head First * like style in presenting the concepts.


If you are into SOA, definitely it is worth going through this. It won't take much time, but it will ended up giving you the essense of SOA Security.

Jul 1, 2009

Analyse the classpath of a running Java program

Sometimes we come across scenarios where it is required to analyze the classpath of a running java program to make sure that the correct libraries are picked up. In my scenario, I wanted to check whether an endorsed jar has been picked instead of the jar that comes with the JDK. Few of the possible ways of doing this is,

  • Use the '-verbose:class' argument with the 'java' command when starting the program.

  • Use 'System.getProperty("java.class.path");' inside the program to print the classpath.

But both these issues have constraints, thus have a limited usability when it comes to third party application. But the following solution will be more elegant and it can be used while running the java application which might have been developed by us or some other party.

- First locate the process ID of the Java application. If you are on Linux this can be easily done using the system monitor or you can select the hard way, the terminal ;-)

- Once you have identified PID, execute the command, 'lsof -p <PID>' (If you have a large number of dependent libraries, you can take the output of this command into a file by executing 'lsof -p <PID> > <path/to/file>' )

- This will generate the list of open files of that process. This contains the list of JARs, the program keeps in its classpath.