1 / 55

WSO2 Identity Server

WSO2 Identity Server. Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server. An open source Identity & Entitlement management server. Authentication. LDAP. AD. JDBC. Authentication. An open source Identity & Entitlement management server.

iolana
Download Presentation

WSO2 Identity Server

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. WSO2 Identity Server Prabath Siriwardena Senior Software Architect

  2. An open source Identity & Entitlement management server

  3. An open source Identity & Entitlement management server Authentication LDAP AD JDBC

  4. Authentication

  5. An open source Identity & Entitlement management server Authentication Single Sign On SAML2 Kerberos WS-Fed Passive

  6. OpenID • Decentralized Single Sign On • Single user profile • Widely used for community & collaboration aspects • Multifactor Authentication [Infocard, XMPP] • OpenID relying party components

  7. SAML2 • Single Sign On / Single Logout • Widely used *aaS providers [Google Apps, Salesforce] • SAML2 Web SSO Profile • SAML2 Attribute Profile • Distributed Federated SAML2 IdPs • Used in WSO2 StratosLive

  8. Single Sign-On WS-Fed Passive SharePoint

  9. An open source Identity & Entitlement management server Provisioning Authentication Single Sign On SPML SCIM

  10. Provisioning

  11. Provisioning to heterogeneous systems Google Adaptor SF Adaptor

  12. Open standards for provisioning 2012 : SCIM 1.1 2011 : SCIM 1.0 2011 : RESTPML 2010 : SCIM community 2006 : SPML 2.0 2003 : SPML 1.0 2003 : WS-Provisioning 2001 : OASIS PS TC

  13. Open standards for provisioning Provisioning Service Point

  14. System for Cross-domain Identity Management /Users SCIM Service Provider /Groups SCIM Consumer

  15. System for Cross-domain Identity Management add-user.json { "schemas":[], "name":{"familyName":”siriwardena","givenName":”prabath"}, "userName":”prabath","password":”prabath123", "emails":[{"primary":true,"value":”prabath@yahoo.com","type":"home"}, {"value":”prabath@wso2.com","type":"work"}] } curl command curl -v -k --user admin:admin -d @add-user.json --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Users

  16. System for Cross-domain Identity Management add-group.json { "schemas": ["urn:scim:schemas:core:1.0"], "id": "idnext", "displayName": "IdentityNext", } curl command curl -v -k --user admin:admin -d @add-group.json --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Groups

  17. System for Cross-domain Identity Management

  18. Federated Provisioning Patterns Domain A Provisioning Service Provider Provisioning Service Provider Domain B Provisioning Service Provider SCIM Consumer Domain C One way provisioning

  19. Federated Provisioning Patterns Domain A Provisioning Service Provider Provisioning Service Provider Domain B Provisioning Service Provider SCIM Consumer Domain C One way provisioning with broker mode

  20. Federated Provisioning Patterns Domain A Provisioning Service Provider SCIM Consumer Provisioning Service Provider Domain B Provisioning Service Provider SCIM Consumer Domain C SCIM Consumer Bi-directional provisioning

  21. Federated Provisioning Patterns Domain A Provisioning Service Provider SCIM Consumer Provisioning Service Provider Provisioning Service Provider Domain B Provisioning Service Provider SCIM Consumer Domain C SCIM Consumer Multi-directional provisioning with a centralized PSP

  22. Federated Provisioning Patterns Domain A Provisioning Service Provider 3 SAML2 IdP 2 4 1 Domain B Just-in-time provisioning with SAML2

  23. Federated Provisioning Patterns Domain A 4 Provisioning Service Provider 3 SAML2 IdP 2 5 1 Domain B Just-in-time provisioning with SAML2

  24. Multi-tenancy Provisioning Service Provider facilelogin.com wso2.com SCIM Consumer (wso2.com) SCIM Consumer (facilelogin.com)

  25. WSO2 Charon

  26. An open source Identity & Entitlement management server Provisioning Authentication Single Sign On Auditing XDAS

  27. Auditing

  28. An open source Identity & Entitlement management server Provisioning Authentication Single Sign On Auditing Delegation WS-TRUST

  29. Delegation

  30. OAuth Evolution

  31. OAuth Evolution

  32. OAuth Evolution

  33. OAuth Evolution

  34. OAuth • Identity Delegation • Securing RESTful services • 2-legged & 3-legged OAuth 1.01 • XACML integration with OAuth • OAuth 2.0 support with Authorization Code, Implicit, Resource Owner Credentials, Client Credentials

  35. An open source Identity & Entitlement management server Provisioning Authentication Single Sign On Federation Auditing Delegation SAML2 WS-TRUST

  36. Federation

  37. Security Token Service • Supports WS-Trust 1.3/1.4 • SAML 1.0/1.1/2.0 token profiles • Claim management

  38. Federation Patterns Resource Security Token Service Consumer App Domain A Domain B Cross Domain Authentication with WS-Trust

  39. Federation Patterns Cross Domain Authentication with Kerberos and WS-Trust

  40. Federation Patterns Decentralized Federated SAML2 IdPs

  41. Federation Patterns Decentralized Federated SAML2 IdPs

  42. Federation Patterns Decentralized Federated SAML2 IdPs

  43. An open source Identity & Entitlement management server Role Based Access Control

  44. Attribute Based Access Control An open source Identity & Entitlement management server Role Based Access Control

  45. Attribute Based Access Control An open source Identity & Entitlement management server Role Based Access Control Policy Based Access Control XACML

  46. Attribute Based Access Control An open source Identity & Entitlement management server Role Based Access Control SOAP Policy Based Access Control XACML / WS-XACML

  47. Attribute Based Access Control An open source Identity & Entitlement management server Role Based Access Control REST SOAP Policy Based Access Control XACML

  48. XACML • The de-facto standard for authorization • XACML 3.0 • Support for multiple PIPs • Policy distribution • Decision / Attribute caching • UI wizard for defining policies • Notifications on policy updates • TryIt tool

  49. XACML EntitlementService EntitlementPolicyAdminService SOAP/Thrift/WS-XACML SOAP Policy Administration Point Policy Decision Point Attribute Finder Extensions Decision Cache Extensions Attribute Cache XACML Engine Default Finder Policy Cache LDAP

  50. XACML

More Related