Book Review: OpenAM

At half the price, I might have been a little more generous in my rating (but not by much).

The book starts by giving a brief history of the product, in all its various forms and insists upon pointing to Oracle as being the keeper of the flame for OpenSSO, which is hard to swallow given their stated intention to kill it, removing public access to binaries and to a lot of information. I know the author works for them, but really!

The quality of the writing and editing is poor, with incomplete sentences and fairly complex examples running inline with the text. Just changing font isn’t enough, they need to be extracted from the text and presented in isolation. It isn’t clear how much attention the publisher’s editor paid to the content, but apparently not much. For example, the section entitled “Administrating the Server” would more properly be written as ” Administering the Server”.

URLs just appear out of thin air. How is the user supposed to know these? Is there reason and a scheme behind them? (There is, not a particularly wonderful one, but its there).

Two things really stand out as big problems: The mention of areas which are complex, poorly (or not) documented and where users typically have problems. These are written off as “beyond the scope of this book”, about the third time you read that phrase, it starts to get old. Similarly treatment of the GUI, mentioning that a particular screen has many tabs and going on to say that they are mostly not going to be covered:. Well, sorry, that was what I bought the books for! The second problem is the long and complex command-line examples. There is no explanation of the (many) options, just a three or four line horribly complex commands. No discussion of whether the same thing can be achieved in the GUI. Unless you already know how to use the command line tool, this book won’t help.

If you just follow the flow of the book, type in the examples exactly as shown, click the GUI as told, you will get through the book, but at the end will probably not have learned much.

Since federation is one of the principle selling points of OpenSSO, its absence (other than some canned wizards for a couple of somewhat useless examples) is inexcusable. Not covering entitlements similarly.

The book lost its way. It is not a book on internals (although it delves into them in many areas), its not a book on advanced administration, too much is missing, and its not a book on deployment. It touches on all three, but incompletely.

The book follows the same pattern that has been a huge problem for this series of products since DSAME, thinking that it is reasonable that an end user/administrator should end up extracting and editing huge and complex XML files. Sorry, XML is not a user interface, and never should be. Explaining these as part of an internals description would be fine, but as part of the normal administration process is not (this is not entirely the fault of the book’s author).

If you get to the end of the book, you will (maybe) have succeeded in setting up a highly complex system to put password protection on a webserver and tomcat. Something these products can do natively without any help from OpenSSO. Its the next steps that are important, and the ones totally absent from this book.