Search
 
Attention: Please visit our one stop website. http://www.picketlink.org
 
 
PicketLink is an umbrella project for security and identity management for Java Applications.

PicketLink is an important project under the security offerings from JBoss. The overall leadership of Security at JBoss is managed by Anil Saldhana.

 

What components are available under PicketLink projects?

For latest information, please refer to http://www.picketlink.org

  • IDM: Provide an object model for managing Identities (Users/Groups/Roles) and associated behavior using different identity store backends like LDAP and RDBMS.
  • Federated Identity:  Support SAMLv2, WS-Trust and OpenID.
  • XACML:  Oasis XACMLv2 implementation.
  • Negotiation: Provide SPNego/Kerberos based Desktop SSO.

Who are the developers on this project?

PicketLink is an important project under the security offerings from JBoss. The overall leadership of Security at JBoss is managed by Anil Saldhana.

Project sponsor is Dr.Mark Little, JBoss CTO.

All are welcome to contribute to this open source project.

Developers on this project (current and former):

  • Anil Saldhana
  • Boleslaw Dawidowicz
  • Stefan Guilhen
  • Sohil Shah
  • Pedro Igor
  • Shane Bryzak
  • Bruno Oliviera
  • Marek Posolda
  • Stian
  • Marko
  • Jeff Yu
  • Daniel Bevenius
  • Marcel Kolsteren (Seam Integration Lead - Community Volunteer)
  • Marcus Moyses
  • Darran Lofthouse
  • Babak Mozzafari

Is PicketLink Officially supported by JBoss/RedHat via Enterprise Platforms (EAP, SOA-P etc)?

PicketLink is a community project. It is slowly making its way into the Enterprise Platforms sold by Red Hat Inc.

  • PicketLink is available in EAP, EPP and SOA. Full support or Tech Preview depends on the platform and version.
  • As always, please contact your Red Hat sales person for more information.

Additional Reference: http://community.jboss.org/wiki/PicketLinkRoadMap

Support

PicketLink is a community project available from JBoss Community. Its support mechanism is the user forum listed in "community" menu item above.

Testimonials

  • "Picketlink is the simplest solution for Seam based apps". (From the forums)
  • Used in production at http://www.frrry.com/  (Seam based web application from Netherlands).

Why the name "PicketLink"?

A Picket Fence is a secure system of pickets joined together via some type of links.  Basically, the Pickets by themselves do not offer any security. But when they are brought together by linking them, they provide the necessary security.  This project is that link for other security systems or systems to bring together or join, to finally provide the necessary secure system.

What is the difference between PicketLink and PicketBox?

PicketLink is the Identity Management project from JBoss.  PicketBox acts as the foundation for PicketLink. PicketBox provides the authentication, authorization, audit and other security functionality needed for Java applications.

What about the road map?

http://community.jboss.org/wiki/PicketLinkRoadMap

Blog Posts

JBoss CommunityProjects (including WildFlyAs): OpenSSL HeartBleed Vulnerability
Apr 9, 2014 1:33 PM by Anil Saldhana
I want to take this post to summarize that "JBoss community projects including WildFly Application Server are not directly affected by the OpenSSL HeartBleed Vulnerability".


JBossWeb APR

JBossWeb APR functionality requires OpenSSL 0.9.7 or 0.9.8 which is not affected by this vulnerability.
https://docs.jboss.org/jbossweb/2.1.x/apr.html


I have consulted the Red Hat Security Response Team before posting this note. We continue to monitor the situation.
Feel free to report any anomalies using http://www.jboss.org/security

We do recommend taking the appropriate precautions.

Please use the links in the references section for gauging indirect exposure to the HeartBleed vulnerability.

Indirect exposure may be possible:
  • Maybe you have a web server in front of JBoss/WildFly Application Server that may be affected.
  • Maybe your operating system on which the JBoss community projects are running may be affected.
  • Maybe you have OpenSSL v1.0.1 used by your application infrastructure. 


    References

    Please refer to the following articles for more information:

    Official OpenSSL Official Advisory: https://www.openssl.org/news/secadv_20140407.txt
    HeartBleed Information: http://www.heartbleed.com

    Red Hat Official Announcement: https://access.redhat.com/site/announcements/781953

    CVE:  https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160

    Amazon Web Services Advisory: https://aws.amazon.com/amazon-linux-ami/security-bulletins/ALAS-2014-320/



    Official Linux Distribution Pages

    https://rhn.redhat.com/errata/RHSA-2014-0376.html
    http://www.ubuntu.com/usn/usn-2165-1/ 

    SAML vs OAuth: Which one to use?
    Nov 21, 2013 11:00 AM by Anil Saldhana
    Please follow my DZone article on this important topic: http://architects.dzone.com/articles/saml-versus-oauth-which-one
    PicketBox XACML v2.0.9.Final Released
    Jun 17, 2013 12:49 PM by Anil Saldhana
    PicketBox XACML v2.0.9.Final has been released.

    You can download it from http://www.jboss.org/picketbox/downloads

    Information available at https://community.jboss.org/wiki/PicketBoxXACMLJBossXACML

    Mostly a bug fix release. Except that we have made the PDP evaluation configurable with locks.

    Release Notes - PicketBox - Version picketbox_xacml_2.0.9.Final

    Bug

    • [SECURITY-738] - XACML DatabaseResourceAttributeLocator fails when used with Oracle 11g Driver
    • [SECURITY-742] - JBossPDP.evaluate() lock should be flexible

    Enhancement

    • [SECURITY-734] - Slow policy evaluation with a large number of policy sets

    Release

    View more blog posts