SailPoint 的快速聯合 (FastFed) SDK 已推出！
Today, SailPoint is proud to announce the release of two MIT licensed, open-source SDKs that implement the current FastFed specification. As of this blog post, the implementer’s draft has just recently been submitted and is awaiting approval.
You can find the source at https://github.com/sailpoint-oss/fastfed-sdk.
For those, like myself, with short attention spans that may have no intention of reading this whole thing, I really do encourage you to continue for more details about the FastFed specification, SailPoint’s involvement, the current state of the codebase, and how you can help better this project.
Sometime in mid-2019, SailPoint joined the FastFed working group. Matt Domsch, SailPoint’s lead architect, wrote a blog post ‘Fast Federation: Onboarding Applications to your Identity Provider’ that discussed what FastFed is and why SailPoint wanted to become involved in the working group. I won’t discuss that here, but for those unfamiliar with FastFed, make sure to check out his blog post.
Around the same time that Matt wrote his blog post, we decided that it would be beneficial for SailPoint and the working group if we put together a simple demo of the FastFed specification. We also wanted to make sure that the SCIM provisioning (Identity Governance) aspect of the specification was properly represented. After some internal discussions, I started to implement the specification.
Darin McAdams from Amazon has lead authoring the specification and the rest of the amazing working group had done considerable work on the specification before SailPoint was involved. As I am sure you can imagine, the specification when SailPoint joined in September of 2019 was still actively being developed. Regardless, we decided to go ahead and get ahead of the curve and attempt to create a demo, a rolling work in progress that would allow us to verify that the specification at each iteration worked in a demonstrable way and prove to the working group that the specification was progressing toward something actually implementable.
Development, Demos, and Open-Sourcing
Early development iterations of the demo were quick throw away codebases that proved that the FastFed’s SAML-based authentication handshake worked, but as I continued implementing the specification, the codebase was constantly changing, including multiple rewrites as the specification matured. It became clear that all the work we were putting in would be highly beneficial outside of just our involvement in the working group.
At that point, I suggested that SailPoint consider letting me write a FastFed SDK that we could open-source, along with three examples: an Identity Provider for SSO, a Governance Provider for SCIM provisioning, and an Application Provider. These would hopefully speed up adoption of the standard, give collaborators the ability to contribute to the project, and create a potential collaborative reference implementation.
As the development took place, we came back to the working group with suggestions backed by actual issues we had in implementing aspects of the specification. We adjusted the codebase accordingly with each accepted suggestion/clarification that made it into the specification. Over time, the changes became much less significant, indicating that the working group was nearing a readiness to release the implementer’s draft. It gave us confidence that it would significantly lessen any changes required to the draft while others scrutinized it and started to implement it.
As a result of this effort, the previously mentioned FastFed SDK implementations are now available. I have implemented a NodeJS SDK and a Java SDK. There are two Angular 8 applications that demonstrate the NodeJS SDK and the FastFed flow/handshake from start to end. Although the versioning is the same for both SDKs, the Java SDK is lagging the more mature NodeJS SDK.
The README is currently sparse, but it should give enough information to get the Docker-ized environment up and running to perform the demo.
Obviously, this is a very early version of our implementation and is meant as a starting point for the FastFed functionality and continuing, collaboratively, the process of filling in places where I have missed functionality outlined in the specifications. This is not an exhaustive list, but on top of that, there is still a lot of work to be done:
- bettering error handling
- error reporting
- implementing test harnesses (my Achilles heel)
- Complete the Java SDK feature parity with the NodeJS SDK.
- Sample Governance Provider to demonstrate using the Java SDK provisioning functionality
Even though it is a work in progress, we decided to release this to the community sooner than later in the hope that the general community can help make FastFed become as widely adopted as we hope it can and should be.
All feedback is more than appreciated and welcomed!