News

July 6th, 2010 - OpenASelect SAML2 IdP Profile v1.2 and SAML2 Authentication Method v1.1 released

As of today, new versions of our OpenASelect SAML2 (Security Assertion Markup Language v2.0) components are available:

  • SAML2 IdP Profile v1.2
  • SAML2 Authentication Method v1.1

The releases contain mainly new functionality like full support for the single logout profile and better support for proxying information when part of a federation.

Features

Some of the new features in both components are:

  • The Single Logout Profile is now fully implemented
  • The OpenSAML library is upgraded to version 2.3.1
  • Added support for publishing SP and IdP metadata separately
  • Added support for proxying many elements from the AuthnRequest
  • Added support for adding contact person information and extensions in metadata.

For the full list of features and bugfixes you can check the IdP Profile releasenotes and the Authentication Method releasenotes.

Downloads, documentation and support

The SAML2 IdP Profile v1.2 is available for immediate download here. For installation check the installation and configuration guide or the migration guide.

The SAML2 Authentication Method v1.1 is available for immediate download here. For installation check the installation and configuration guide or the migration guide.

Register at the website in order to receive important announcements and stay informed of OpenASelect developments. Registration also gives you access to the community forum and allows you to submit bug reports.

May 10th, 2010 - OpenASelect Server v1.4 released

Today we released the OpenASelect Server v1.4.

This version adds a number of new features, including support for Single Logout via the A-Select 1.x and A-Select WS protocols. It also offers simplified configuration and contains several bug fixes. Single Logout via SAML2 will be available soon in a separate release. The website has been updated with new deployment and configuration guides. A migration guide, for updating from version 1.3 to 1.4, is also available.

Features

Some of the biggest new features of OpenASelect Server v1.4 are:

  • Added a force action pre-authorization method.
  • Added support for asynchronous and synchronous logout in the A-Select Profile and A-Select WS Profile.
  • Added a user page application in the Web SSO that shows TGT information and user attributes instead of the old user information page.
  • Added login support to the new user page.
  • Added support for generic user id's containing '@' characters in the Password Authentication Method.
  • Added an API call that indicates if a user already has a SSO cookie (SSO query).
  • Added support for mobile browsers.
  • Added support for IdP role TGT alias storage.

For the full list of features and bugfixes: see releasenotes.

Downloads, documentation and support

The OpenASelect Server v1.4 is available for immediate download here. For installation check the installation and configuration guide or the migration guide.

Register at the website in order to receive important announcements and stay informed of OpenASelect developments. Registration also gives you access to the community forum and allows you to submit bug reports.

August 18th, 2009 - OpenASelect TOAST v1.0 released

Today we released a new tool: OpenASelect TOAST v1.0.

The Test OpenASelect Server Tool (TOAST) is a PHP based application which can be used as an example application protected by an OpenASelect Server using the A-Select WS protocol.

Downloads, documentation and support

The OpenASelect TOAST v1.0 can be downloaded from the OpenASelect download page. For installation and configuration you can check the readme.

Register at the website in order to receive important announcements and stay informed of OpenASelect developments. Registration also gives you access to the community forum and allows you to submit bug reports.

August 11th, 2009 - OpenASelect Server v1.3 released

Today we released the OpenASelect Server v1.3. This release contains many enhancements and fixes a number of small bugs.

Features

New features of OpenASelect Server v1.3 are:

  • Added a force action pre-authorization method.
  • Added a force authentication action for pre-authorization methods.
  • Added support for storing remote A-Select organizations in the dynamic configuration database.
  • Added optional http timeout configuration to A-Select Remote Authentication Method.
  • Added support for browser back button when authenticating at a remote A-Select organization.
  • Added support for storing a custom stylesheet location in the dynamic configuration database.
  • Added event logging when sessions or tgts expire.
  • Added a JNDI account mapper for mapping between OpenASelect user IDs and LDAP/Active Directory accounts.
  • Changed TGT id syntax, so the single sign-on cookie values doesn't have to be escaped anymore by the used servlet container (like Tomcat).
  • Increased compatibility with database servers other than PostgreSQL by making queries configurable.
  • The "oa.prop" configuration file may be placed anywhere in the servlet classpath now.

For the full list of features and bugfixes: see releasenotes.

Downloads, documentation and support

The OpenASelect Server v1.3 is available for immediate download here. For installation check the installation and configuration guide or the migration guide.

Register at the website in order to receive important announcements and stay informed of OpenASelect developments. Registration also gives you access to the community forum and allows you to submit bug reports.

June 26th, 2009 - OpenASelect SAML2 Authentication Method v1.0 released

Today we released the OpenASelect SAML2 Authentication Method v1.0 for the OpenASelect Server. The SAML2 (Security Assertion Markup Language v2.0) authentication method allows OpenASelect to operate as a SAML2 compliant service provider.

Features

It currently supports the following features:

  • Web Browser SSO Profile
  • Single Logout Profile
    • only synchronous logout is currently supported
  • Support for unsolicited authentication responses

Supported Protocol Bindings

  • HTTP Redirect Binding
  • HTTP POST Binding
  • SAML SOAP Binding
  • HTTP Artifact Binding

Requirements

This release requires:

  • OpenASelect Server v1.2 or newer
  • SAML2 Profile v1.1 or newer

Downloads, documentation and support

The SAML2 Authentication Method v1.0 is available for immediate download here. For installation check the SAML2 Authentication Method installation and configuration guide.

Register at the website in order to receive important announcements and stay informed of OpenASelect developments. Registration also gives you access to the community forum and allows you to submit bug reports.

April 17th, 2009 - OpenASelect SAML2 IdP Profile v1.1 released

Today we released the SAML2 IdP profile v1.1 for the OpenASelect Server. The SAML2 (Security Assertion Markup Language v2.0) profile allows OpenASelect to operate as a SAML2 compliant identity provider. This version of the SAML2 Profile implements the Web Single Sign-On (SSO) feature, Single Logout, and the Artifact Resolution protocol.

Supported SAML Profiles

  • Web Browser SSO Profile
  • Single Logout Profile
    • Partially implemented; Logout requests are not distributed to other session participants.
  • Artifact Resolution Profile

Supported Protocol Bindings

  • SAML SOAP Binding
  • HTTP Redirect Binding
  • HTTP POST Binding
  • HTTP Artifact Binding

Supported NameID Formats

  • urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
  • urn:oasis:names:tc:SAML:2.0:nameid-format:transient
  • urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified

Features

New features of SAML2 IdP profile v1.1 are:

  • Uses the alias storage functionality from OA Server 1.1+ instead of a profile-specific implementation
  • Added support for storing requestor-specific configuration as dynamic configuration in the database
  • Persistent user ids are now stored as regular aliases
  • Added support for optional storage of authnContext type as an authentication profile property in the dynamic configuration database

For the full list of changes: see releasenotes.

Requirements

  • This release requires OpenASelect Server v1.2 or newer.

Downloads, documentation and support

SAML2 IdP Profile v1.1 is available for immediate download here. For installation check the SAML2 IdP Profile installation and configuration guide.

Register at the website in order to receive important announcements and stay informed of OpenASelect developments. Registration also gives you access to the community forum and allows you to submit bug reports.

March 31th, 2009 - OpenASelect OpenID IdP Profile v1.1 released

We're happy to announce the release of the OpenID IdP profile v1.1 for OpenASelect Server. The protocol profile allows the OpenASelect Server to operate as an OpenID 1.1 and 2.0 compliant Identity Provider.

Since OpenASelect Server v1.1 the OpenID Profile is separately released from the Server.

OpenID IdP profile v1.1 supports the following specifications:

  • OpenID Authentication 1.1
  • OpenID Authentication 2.0
  • OpenID Simple Registration Extension 1.0
  • OpenID Simple Registration Extension 1.1
  • OpenID Attribute Exchange Extension 1.0 (Fetch)

Features

New features of OpenID IdP profile v1.1 are:

  • Separated public and private association store
  • Added support for SREG 1.1
  • Added support for AX 1.0 (Fetch)

For the full list of changes: see releasenotes.

Requirements

  • This release requires OpenASelect Server v1.2 or newer.

Downloads, documentation and support

OpenID IdP Profile v1.1 is available for immediate download here. For installation check the OpenID IdP Profile installation and configuration guide.

Register at the website in order to receive important announcements and stay informed of OpenASelect developments. Registration also gives you access to the community forum and allows you to submit bug reports.

March 20th, 2009 - OpenASelect Server v1.2 released

The OpenASelect development team is proud to announce the release of OpenASelect Server v1.2.

Features

New features of OpenASelect Server v1.2 are:

  • Added a sequence to the authentication methods in the dynamic configuration database
  • Added a sequence to the authorization methods in the dynamic configuration database
  • Added a sequence to the authentication profiles in the dynamic configuration database
  • Moved attribute gathering moment from protocol profiles to web sso (before postauthorization)
  • Added users organization id to the event logging if available

For the full list of changes: see releasenotes.

Compatibility note

This release isn't compatible with some of the older, separately downloadable authentication methods. The following authentication method versions can be used with this release:

Downloads, documentation and support

OpenASelect Server v1.2 is available for immediate download here.

The http://www.openaselect.org website provides an installation guide, configuration instructions, and other technical documentation. Register at the website in order to receive important announcements and stay informed of OpenASelect developments. Registration also gives you access to the community forum and allows you to submit bug reports.

March 4th, 2009 - OpenASelect Server v1.1 released

The OpenASelect development team is proud to announce the release of OpenASelect Server v1.1. Most of the work done on this version has focused on making it as reliable and robust as possible. In addition, we have developed new functionality since v1.0.

Since this version the OpenID IdP profile is no longer part of the core server package. From this release on the OpenID profile must be downloaded seperately.

Features

New features of OpenASelect Server v1.1 are:

  • Post Authorization support in the WebSSO module
  • Extended template stylesheet customization options
  • Centralized internal database configuration
  • Optionally outputting static http headers (e.g. a P3P header) when setting the single sign-on cookie
  • Support for storage of specific requestorpool and authentication profile properties in the dynamic configuration database

For the full list of changes: see releasenotes.

Downloads, documentation and support

OpenASelect Server v1.1 is available for immediate download here.

The http://www.openaselect.org website provides an installation guide, configuration instructions, and other technical documentation. Register at the website in order to receive important announcements and stay informed of OpenASelect developments. Registration also gives you access to the community forum and allows you to submit bug reports.

October 31th, 2008 - OpenASelect Server v1.0 released

The OpenASelect development team is proud to announce the release of OpenASelect Server v1.0. Most of the work done on this version has focused on making it as reliable and robust as possible. In addition, we have developed new functionality since v0.1.

Features

Standout features of OpenASelect v1.0 are:

  • A flexible user interface that supports localization and can be easily customized;
  • Provides both Single Sign-On and Single Sign-Out;
  • Provides multiple, chainable authentication methods ranging from weaker (e.g. password-based authentication) to stronger (e.g. PKI-based authentication) methods. OpenASelect selects available authentication methods based on a combination of application preference, user attributes, and server configuration;
  • Supports multiple user databases, including Active Directory, generic LDAP, and SQL databases;
  • Supports identity federation through various protocols. OpenASelect is also able to translate between different protocols, allowing it to act as a gateway between, for example, SAML V2.0 and A-Select 1.x service- and identity providers;
  • OpenASelect is compatible with SAML V2.0, OpenID 2.0, and A-Select 1.x identity providers, including DigiD and the SURFfederation;
  • Full support for redundant and failover server configurations;
  • The engine has been designed to be extensible without having to modify the core. New authentication and authorization methods, attribute gatherers, protocol translators, and account translators can be added to OpenASelect in the form of components that can be plugged into the engine;
  • The server can be monitored via SNMP and can be triggered to re-read its configuration without having to restart the entire server.

Downloads, documentation and support

OpenASelect v1.0 is available for immediate download here.

The http://www.openaselect.org website provides an installation guide, configuration instructions, and other technical documentation. Register at the website in order to receive important announcements and stay informed of OpenASelect developments. Registration also gives you access to the community forum and allows you to submit bug reports.

October 24th, 2008 - OpenASelect PKI Authentication v1.0 released

The PKI Authentication Method for the OpenASelect Server has been released and is available for download. This authentication method authenticates users by verifying the client certificate delivered via the user agent. If the certificate is valid and signed by a trusted Certificate Authority (CA), the user is authenticated for the authentication method. The installation and deployment instructions can be found in the PKI Authentication Method guide. The distributions can be downloaded from the download section.

October 14th, 2008 - SAML 2.0 IdP Profile v1.0 released

We're happy to announce the release of the SAML 2.0 IdP Profile v1.0 for OpenASelect Server. The protocol profile allows OpenASelect Server to operate as a SAML 2.0 compliant Identity Provider. Currently this version implements Web Single Sign-On (SSO), Single Logout, and the Artifact Resolution protocol of the SAML 2.0 standard. The distributions can be downloaded from the downloads page in the IDP profiles category.

October 6th, 2008 - Secret Question Authentication v1.0 released

The Question Authentication Method is now available for download. This authentication method authenticates users by verifying their answer to a previously chosen question. The challenging question and corresponding answer are typically chosen by the user during a registration process. This authentication method is non-identifying. Hence, it cannot be used as a standalone authentication method and should therefore only be used in conjunction with an n-factor authentication scheme. The distributions can be downloaded from the downloads page.

September 16th, 2008 - DigiD Burger Authentication v1.0 released

The OpenASelect support for DigiD Burger Authentication is now available for download. This authentication method allows your OpenASelect Server to authenticate users by federating with DigiD. The distributions can be downloaded from the downloads page.

August 20th, 2008 - Monitoring Helper released

The OpenASelect Server Monitoring helper is now available for download. This extension allows you to view current system information of your OpenASelect Server. The 0.1 alfa version can be downloaded from the downloads page.

July 11th, 2008 - OpenASelect released

We have released OpenASelect Server 0.1 alfa, the first public release.

Documentation

OpenASelect Server

Overview

Features

Interconnectivity

Guide & References

Developers

OpenASelect

Integrators

Discussion

Browse source

Tickets

Downloads

 
© Alfa & Ariss B.V. All rights reserved | Privacy | Disclaimer | Contact