wso2 identity server n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
WSO2 Identity Server PowerPoint Presentation
Download Presentation
WSO2 Identity Server

Loading in 2 Seconds...

play fullscreen
1 / 55

WSO2 Identity Server - PowerPoint PPT Presentation


  • 322 Views
  • Uploaded on

WSO2 Identity Server. Prabath Siriwardena Director – Security Architecture. An open source Identity & Entitlement management server. An open source Identity & Entitlement management server. Authentication. LDAP. AD. JDBC. Authentication.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'WSO2 Identity Server' - dirk


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
wso2 identity server

WSO2 Identity Server

Prabath Siriwardena

Director – Security Architecture

slide5

An open source Identity & Entitlement management server

Authentication

Single Sign On

SAML2

Kerberos

WS-Fed Passive

slide6

OpenID

  • Decentralized Single Sign On
  • Single user profile
  • Widely used for community & collaboration aspects
  • Multifactor Authentication [Infocard, XMPP]
  • OpenID relying party components
slide7

SAML2

  • Single Sign On / Single Logout
  • Widely used *aaS providers

[Google Apps, Salesforce]

  • SAML2 Web SSO Profile
  • SAML2 Attribute Profile
  • Distributed Federated SAML2 IdPs
  • Used in WSO2 StratosLive
slide8

Single Sign-On

WS-Fed Passive

SharePoint

slide9

An open source Identity & Entitlement management server

Provisioning

Authentication

Single Sign On

SPML

SCIM

slide12

Open standards for provisioning

2012 : SCIM 1.1

2011 : SCIM 1.0

2011 : RESTPML

2010 : SCIM community

2006 : SPML 2.0

2003 : SPML 1.0

2003 : WS-Provisioning

2001 : OASIS PS TC

slide13

Open standards for provisioning

Provisioning Service Point

slide14

System for Cross-domain Identity Management

/Users

SCIM Service Provider

/Groups

SCIM Consumer

slide15

System for Cross-domain Identity Management

add-user.json

{

"schemas":[],

"name":{"familyName":”siriwardena","givenName":”prabath"},

"userName":”prabath","password":”prabath123",

"emails":[{"primary":true,"value":”prabath@yahoo.com","type":"home"}, {"value":”prabath@wso2.com","type":"work"}]

}

curl command

curl -v -k --user admin:admin -d @add-user.json --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Users

slide16

System for Cross-domain Identity Management

add-group.json

{

"schemas": ["urn:scim:schemas:core:1.0"],

"id": "idnext",

"displayName": "IdentityNext",

}

curl command

curl -v -k --user admin:admin -d @add-group.json --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Groups

slide18

Federated Provisioning Patterns

Domain A

Provisioning Service Provider

Provisioning Service Provider

Domain B

Provisioning Service Provider

SCIM Consumer

Domain C

One way provisioning

slide19

Federated Provisioning Patterns

Domain A

Provisioning Service Provider

Provisioning Service Provider

Domain B

Provisioning Service Provider

SCIM Consumer

Domain C

One way provisioning with broker mode

slide20

Federated Provisioning Patterns

Domain A

Provisioning Service Provider

SCIM Consumer

Provisioning Service Provider

Domain B

Provisioning Service Provider

SCIM Consumer

Domain C

SCIM Consumer

Bi-directional provisioning

slide21

Federated Provisioning Patterns

Domain A

Provisioning Service Provider

SCIM Consumer

Provisioning Service Provider

Provisioning Service Provider

Domain B

Provisioning Service Provider

SCIM Consumer

Domain C

SCIM Consumer

Multi-directional provisioning with a centralized PSP

slide22

Federated Provisioning Patterns

Domain A

Provisioning Service Provider

3

SAML2 IdP

2

4

1

Domain B

Just-in-time provisioning with SAML2

slide23

Federated Provisioning Patterns

Domain A

4

Provisioning Service Provider

3

SAML2 IdP

2

5

1

Domain B

Just-in-time provisioning with SAML2

slide24

Multi-tenancy

Provisioning Service Provider

facilelogin.com

wso2.com

SCIM Consumer (wso2.com)

SCIM Consumer (facilelogin.com)

slide26

An open source Identity & Entitlement management server

Provisioning

Authentication

Single Sign On

Auditing

XDAS

slide28

An open source Identity & Entitlement management server

Provisioning

Authentication

Single Sign On

Auditing

Delegation

WS-TRUST

slide34

OAuth

  • Identity Delegation
  • Securing RESTful services
  • 2-legged & 3-legged OAuth 1.01
  • XACML integration with OAuth
  • OAuth 2.0 support with

Authorization Code, Implicit,

Resource Owner Credentials,

Client Credentials

slide35

An open source Identity & Entitlement management server

Provisioning

Authentication

Single Sign On

Federation

Auditing

Delegation

SAML2

WS-TRUST

slide37

Security Token Service

  • Supports WS-Trust 1.3/1.4
  • SAML 1.0/1.1/2.0 token profiles
  • Claim management
slide38

Federation Patterns

Resource

Security Token Service

Consumer App

Domain A

Domain B

Cross Domain Authentication with WS-Trust

slide39

Federation Patterns

Cross Domain Authentication with Kerberos and WS-Trust

slide40

Federation Patterns

Decentralized Federated SAML2 IdPs

slide41

Federation Patterns

Decentralized Federated SAML2 IdPs

slide42

Federation Patterns

Decentralized Federated SAML2 IdPs

slide44

Attribute Based Access Control

An open source Identity & Entitlement management server

Role Based Access Control

slide45

Attribute Based Access Control

An open source Identity & Entitlement management server

Role Based Access Control

Policy Based Access Control

XACML

slide46

Attribute Based Access Control

An open source Identity & Entitlement management server

Role Based Access Control

SOAP

Policy Based Access Control

XACML / WS-XACML

slide47

Attribute Based Access Control

An open source Identity & Entitlement management server

Role Based Access Control

REST

SOAP

Policy Based Access Control

XACML

slide48

XACML

  • The de-facto standard for authorization
  • XACML 3.0
  • Support for multiple PIPs
  • Policy distribution
  • Decision / Attribute caching
  • UI wizard for defining policies
  • Notifications on policy updates
  • TryIt tool
slide49

XACML

EntitlementService

EntitlementPolicyAdminService

SOAP/Thrift/WS-XACML

SOAP

Policy Administration Point

Policy Decision Point

Attribute Finder

Extensions

Decision Cache

Extensions

Attribute Cache

XACML Engine

Default Finder

Policy Cache

LDAP

slide54

What Do We Have Now ?

  • User stores with LDAP/AD/JDBC
  • Multiple user stores
  • OpenID
  • SAML2
  • Kerberos
  • Integrated Windows Authentication
  • Information Cards
  • XACML 2.0/3.0
  • OAuth 1.0a/2.0
  • Security Token Service with WS-Trust
  • SCIM 1.1
  • WS-XACML
  • WS-Fed Passive
slide55

prabath@wso2.com

Thank You…!!!