WSO2 Identity Server

WSO2 Identity Server

WSO2 Identity Server provides sophisticated security and identity management of enterprise web applications, services, and APIs, and makes life easier for developers and architects with its hassle-free, minimal monitoring and maintenance requirements. In its latest version, Identity Server acts as an Enterprise Identity Bus (EIB) — a central backbone to connect and manage multiple identities regardless of the standards on which they are based.

In addition to using role-based access control (RBAC) convention, fine-grained policy based access control, and SSO bridging to make identity and entitlement management effortless, the all-new version of Identity Server now includes features such as identity token transformation and mediation for seamless integration between internal applications and cloud apps such as Salesforce, Google Apps, and Microsoft Office 365; new user and group provisioning capabilities; and multi-option and multi-step authentication to provide flexibility in selecting authentication options and enable robust multi-factor authentication.

Features

System and User Identity Management

  • API for integrating identity management to any application
  • Multi-factor authentication via XMPP for OpenID
  • Single Sign-On (SSO) via OpenID, SAML2, and Kerberos KDC
  • SSO bridging between on-premise systems and cloud apps
  • Credential mapping across different protocols
  • Auditing via XDAS
  • Delegation via OAuth 1.0a, OAuth 2.0, and WS-Trust
  • Federation via OpenID, SAML2, and WS-Trust STS
  • Integration with Microsoft SharePoint with Passive STS support
  • Implement REST security with OAuth 2.0 and XACML
  • XKMS for key storage and distribution
  • Implement REST security with OpenID Connect
  • Trusted SAML2 Identity Providers per tenant
  • Out-of-the-box integration with Google Apps and Salesforce
  • Customizable login pages for OpenID, OAuth, OpenID Connect, SAML2, and Passive STS

User and Groups Provisioning

  • Support for SCIM 1.0 standard
  • OAuth 2.0 authentication for SCIM
  • Automatic provisioning of users to "Salesforce/Google Apps" or via SPML/SCIM
  • Just-in-time provisioning can be used to create identities "on the fly"

User and Groups Management

  • Web-based application for users, for profile, password, and service providers management
  • Flexible support for user stores, either built-in LDAP (powered by ApacheDS) or external LDAP, Microsoft Active Directory, Apache Cassandra, or any JDBC database
  • Flexible profile management for users supporting multiple profiles per user
  • Multiple user store support
  • Per tenant user stores
  • Account locking on failed user attempts
  • Password validation/expiration policies
  • Account recovery with email and secret questions

Entitlements Management

  • Role based access control (RBAC)
  • Attribute or claim based access control via XACML, WS-Trust, OpenID, and claim management
  • Fine-grained policy based access control via XACML
  • Advanced entitlement auditing and management
  • Entitlement management for any REST or SOAP calls

XACML 2.0/3.0 Support

  • User-friendly interface for policy editing
  • Multiple Policy Information Point (PIP) support
  • TryIt tool for exploring policy impact
  • Policy distribution to various Policy Decision Points (PDPs)
  • Policy decision and attribute caching
  • High performance network protocol (over Apache Thrift) for PEP/PDP interaction
  • Notifications of policy updates
  • Policy Administration Point (PAP) to manage multiple Policy Decision Points (PDP)
  • Customizable policy administration UI

Lightweight, Developer Friendly and Easy to Deploy

  • Complete SOAP API for integrating/embedding into any application or system
  • Pluggable workflows for privileged operations
  • Extensibility for pluggable authenticators, alternative user stores, XACML/SAML extension points, and more
  • Clustering for high available deployment
  • Choice of deployment to on-premise servers, private cloud, or managed cloud, without configuration changes
  • Integrated to WSO2 Enterprise Service Bus for authorization and all WSO2 Carbon products for authentication

Manage and Monitor

  • Comprehensive management and monitoring Web console with enterprise-level security and SAML2 SSO
  • Built-in collection and monitoring of standard access and performance statistics
  • JMX MBeans for key metrics monitoring and management
  • Integrates with WSO2 Business Activity Monitor for operational audit and KPI monitoring and management
  • Flexible logging support with integration to enterprise logging systems
  • Centralized configuration management across different deployment environments with life cycles and versioning with integration to WSO2 Governance Registry
WSO2Con

Case Studies

Analyst Reports

White Papers

Awards

Customers

Upcoming Events

07th November
Workshop
Enterprise Identity and API Management

Glossary

  • API - Application Programming Interface
  • JDBC - Java Database Connectivity
  • LDAP - Lightweight Directory Access Protocol
  • REST - Representational state transfer
  • SCIM - System for Cross-domain Identity Management
  • SOAP - Simple Object Access Protocol
  • SPML - Service Provisioning Markup Language
  • SSO - Single sign-on
  • STS - Security Token Service
  • XACML - Xtensible Access Control Markup Language
  • XDAS - Distributed Audit Service
  • XKMS - XML Key Management Service
  • XMPP - Extensible Messaging and Presence Protocol