Content Comparison

A token is a simple string that is passed as an HTTP header of a request. Access tokens authenticate API users and applications and ensure better security, e.g., preventing DoS attacks. If a token that is passed with a request is invalid, the request is discarded in the first stage of processing. WSO2 Identity Server supports four following token types of access tokens:

• Application access tokens: These tokens identify and authenticate token: This token identifies and authenticates an entire application. You can invoke all the APIs associated with an application using a single application access token.
• User access tokens: These tokens identify token: This token identifies the end user of an application, e.g., the end user of a mobile application deployed on a different device.ID token:
• Refresh token: When an access token expires, you have to obtain a new access token to access the API. A refresh token enables to obtain a new access token without a user intervention and use it to regain access to the API.
• ID token: This is a JSON Web Token (JWT) containing the user's authentication status and profile information in the form of claims.

The responsibility of inbound authenticators is to identify and parse all the incoming authentication requests and then build the corresponding response. A given inbound authenticator has two parts.

1. Request Processor
2. Response Builder

For each protocol supported by WSO2 IS, there should be an inbound authenticator. This architecture component includes inbound authenticators for SAML 2.0, OpenID, OpenID Connect, OAuth 2.0, and WS-Federation (passive). In other words, the responsibility of the SAML 2.0 request processor is to accept a SAML request from a service provider, validate the SAML request and then build a common object model understood by the authentication framework and handover the request to it. The responsibility of the SAML response builder is to accept a common object model from the authentication framework and build a SAML response out of it. Both the request processors and the response builders are protocol aware, while the authentication framework is not coupled to any protocol.

See Identity Server Architecture for more information.

The service provider can define how to authenticate users at the Identity Server, for authentication requests initiated by it. While doing that, each service provider can define multiple steps and for each step it can pick more than one authenticatorsauthenticator. The authentication framework will track all the authenticators in each step and will proceed to the next step only if the user authenticates successfully in the current step. Its It's an AND between steps while its an OR between the authenticators in a given step.

See Identity Server Architecture for more information.

SOAP, originally defined as Simple Object Access protocol, is a protocol specification for exchanging structured information in the implementation of Web services. It relies on XML Information Set for its message format, and usually relies on other application layer protocols, most notably Hypertext Transfer Protocol (HTTP) or Simple Mail Transfer Protocol (SMTP), for message negotiation and transmission.

SAML profile requires agreements between system entities regarding identifiers, binding support, end points, certificates and so forth. A metadata specification is used to describe this information in a standard way .