WSO2 Identity Server

In industry first Enterprises Identity Bus(EIB), WSO2 Identity Server(WSO2 IS) is the checkpoint for connecting and maintaining multiple entities across the applications and APIs, cloud and mobile bases.

WSO2 Identity Server is an open source project with a lot of improvements on its newer versions. It is an ongoing project and it is currently releasing it’s version 5.1.0 while I’m writing this blog post.

Why we need this WSO2 Identity Server ?

The Question on each post you read why I’m going to read this post? what are the benefits to reading it? , yes! I know the same question arises from your mind. why we need this identity server?. Here is the answer to your question.

Today’s enterprise’s world lot of entities are connected and the massive amount of security and valuable information are shared remotely in the bat of an eyelid.Normally social login or other federated logins are integrated with enterprises applications. They allow the users to access the confidential information through their social network or other federated network credentials. Here is the problem comes through, The enterprise need to validate the individual identity and ensure the security and the ease of access. here the WSO2 IS do a massive job to overcome this issue.

How the WSO2 IS Architecture is?

The WSO2 IS is built on top of WSO2 Carbon The following diagram shows you about the architecture process flow

WSO2 Identity Server Architecture Process Flow

Service Provider(SP), which is an entity providing web services. It is configured with Identity Providers(Idp). From the above image WSO2 IS is the Idp provider for the service provider. Here, A user of SP is trying to log in with one of the SP application, the request is sent to the Idp’s Inbound authentication component in the above image.You can configure the SP in WSO2 IS following this guide.

Identity Provider, which is responsible for authorization and authentications.

Inbound Authentication Components :

  • SAML SSO – Open standard for representing and exchanging user identity & authentication data.
  • OAuth/OpenId Connect – which is provide 3 phases of authentication flow
    1. Requesting for an access token
    2. Exchanging the access token
    3. Accessing the resources using the access tokens
  • OpenId
  • Passive STS

You can configure any of the Inbound Authentication methods once the requirements are met the request forward to Authentication Framework

Authentication Framework, claim management is a key step of IS. It is used to mapping local user claim to SP and vice versa. also, map local claim to Idp claims. How this claim mapping is useful in the authentication context as follow

  1. Inbound Authentication Component sends the authentication request to the IN channel of the authentication framework.
  2. Claim mapping is checked and if it is done then the request is sent forward to Local Authenticator or Federated Authenticator.
  3. Once the authentication framework is complete then the response is sent from the Local Authenticator / Federated Authenticator OUT channel of the authentication framework.

Learn more about go here.

How to run the Identity Server, Just follow these steps :

  1. Download WSO2 IS from here
  2. Setting up the JAVA_HOME in your environment variable.
  3. Run the server by executing this command in
    in Linux
    in Windows
    wso2server.bat --run
  4. Once the server start is completed. Then open your favourite browser and go the URLhttps://localhost:9443/carbon/
  5. Then you will see the management console UI. go ahead with
    username : admin
    password: admin

References :


Thank you for your reading. Stay tune for more about …..




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s