Release 1.x‎ > ‎


OpenPTK is an open source project that provides a collection of tools and sample applications that Web and Java developers can use to integrate custom applications with user provisioning systems. Using industry standard interfaces, developers can build flexible user management applications that support Enterprise-class, department/group level and Web 2.0 type user provisioning environments.


Most intranet and Internet applications require user authentication. Applications either have an intergrated data store (e.g. RDBMS) or leverage an network service (e.g. LDAP) for validating users. Managing the "life cycle" of user data has become challenging. There are different user provisioning strategies:

  • An enterprise typically implements a provisioning solution such as Sun's Identity Manager to manage user data across multiple applications and services.
  • Departments (or group level) many only have a single application that has a dedicated user data store. The volume of user management activities is usually small.
  • Web 2.0, Internet facing, applications typically leverage a scaleable / available network service for storing user information.


Organizations need to implement a set of basic user management capabilities. For End Users, a solution needs to provide; "Forgotten Password" and "Self Service" functionality. For User Administration, a solution needs to provide fundemental Create, Read, Update, Delete and Password operations. Provisioning solutions and user data stores most likely provide these basic user management capabilities through their native interfaces. The problem is that these native interfaces may not meet the organization's requirements. Organizations have expressed the need to intergrate user management systems with different custom "End User" experiences/interfaces. Commonly requested interfaces include:

Remote Web Interface: Organizations need a Web interface, for user provisioning, that can be deployed remotely from the system that host the provisioning solution.
Command Line Interface: Administrators need an interface that allows them to perform provisioning from a comamnd-line interface, either interactively or from a shell script.
Portal / Portlet Interface: Enterprise and Departmental organizations may have to provide user provisioning interfaces into an existing Portal infrastructure.
WSDL-based Web Service: Developers need to integrate user provisioning into a SOA environment and are requiring Web Services that can be used by SOA development tools.

Because of these requirements for custom end-user experiences, organizations will build applications that leverage different types of development environments. The "End User" application (experience) may need to support a rich-native desktop interface, a browser-based interface, a Web Service or a command-line interface. Developers will design solutions that integrate an orgaization's interface experience with the various user data stores. Developers will most likely have to learn the details related to interacting with the various user data stores. Web developers may not be prepared to deal with Java APIs that are need to access the data store(s).


Project OpenPTK is a three-tier architecture which enables developers to focus on the business application interface, not on the underlying user data store. There's a number of "Consumer Tier" interfaces which address various development options. The "back-end" user data store is abstracted through the "Service Tier". The "Framework Tier" integrates the Consumer and Service tiers while also managing configurations, logging/debugging and provisioning operations.

Project OpenPTK Architecture

Unable to render embedded object: File (OpenPTK_Arch.png) not found.

Consumer Tier interfaces/examples:
User Management Lite (UML) A JSPs/Taglib-based web application which provides basic user administration, and self-service functions.
Command Line Interface (CLI) Provides basic provisioning operations. The CLI can be part of custom scripts that administrators can use to automate provisioning tasks.
JSR-168 Portlets Provides "Forgotten Password", "Self Service" and "User Administration" capabilities. These portlets can be integrated into a customers existing JSR-168 compliant Portal server.
WSDL-based Web Service Provides User provisioning operations. Web Service clients (e.g. Java CAPS and soapUI) can reference the WSDL from this service and create custom integration solutions.
Service Tier implementations:
SPML The Service Provisioning Markup Language is the external interface used by Sun's Identity Manager user provisioning solution.
SPE Sun's Identity Manager, user provisioning solution, contains a Service Provider Edition interface for user provisioning.
JNDI The Java Naming and Directory Interface API is used to access LDAP-based (e.g. OpenDS ) user data stores.
JDBC The Java Database Connectivity API is used to access Relational Database user data stores (e.q. MySQL).

Developers can use Project OpenPTK's interfaces and APIs to handle user provisioning operations without having to worry about the back-end user data stores. User provisioning applications that leverage Project OpenPTK can easily support multiple different user data stores through the use of its flexible configuration mechanism.

Project OpenPTK is a formal open source project hosted on and is part of the Identity Management community. Project OpenPTK founders: Scott Fehrman, Derrick Harcey and Terry Sigle are Pre-Sales Systems Engineers supporting Sun's Identity Management products.

The Project OpenPTK site contains source code (via svn), documentation, distributions and tracks issues. Anyone is welcome to join the community as an Observer and please subscribe to the "user" and "announce" mailing lists.


  • Enables development of custom flexible provisioning interfaces to identity repositories
  • Multiple interfaces: Java API, JSP Taglib, JSR-168, Web Service (WSDL)
  • Multiple repositories: SPML, JNDI, JDBC
  • Sample applications:
    • User Management Lite
    • Command Line Interface
    • Portlets (self service, user administration)

Project Profile

Code Base Over 90% of the code within the project is Java source files. Sample applications leverage Java Server Pages, XML configuration files and a few shell scripts.
Free Distribution All components are freely (re)distributable. The entire project is offered as source code. Pre-packaged WAR files and zip files are provided for milestone releases as a convenience.
Commercial Product There is currently no commercial offering for this project from Sun. External organizations may offer a commercial distribution.
Sun does not currently have a standard support offering for this project.
This project is complimentary to Sun's Identity Management products
Competing Projects There are no known competing open source projects.
Competing Distributions There are no known competing distributions of this project
Competing Products Competing commercial Identity Management products may offer certain features that compete with this project. These companies could include: Oracle, IBM, CA

Community Profile

Governance The Governance model is based on the Glassfish model. It's available on the project website.
Code put back follows the Governance model regardless of being a Sun employee
License The CDDL is exclusively used for this project with no modifications.
Infrastructure The projects official site

is used for all project information and collaboration. Source code is accessible via "svn" from this same site.

Contributions All enhancements and new features are evaluated by, and need to be committed by, the Project Owners. Bug fixes can be committed by Project Owners and Committers.
Dynamics Community members are those interested in creating custom provisioning interfaces to meet custom business requirements.
This project will typically be distributed as an embedded component of specific business solutions that compliment Sun user repository offerings.
Adoption The community is using this project to extend the capabilities of Sun (and non-Sun) products related to building custom user provisioning solutions.