/
Identity Server Features

This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Identity Server Features

Feature

Description

System and User Identity Management
  • Easy integration with enterprise LDAP, Microsoft Active Directory, or any JDBC database
  • Comprehensive UIs to configure more than one user stores in a multi tenanted manner.
  • Extensible identity management including password polices, account locking, self sign-up, account recovery, account confirmation etc for external applications over APIs
  • One Time Password support
  • Multifactor authentication
  • Single Sign-On (SSO) via OpenID, SAML2 and Kerberos KDC
  • SSO bridging between on-premises systems and Cloud apps
  • Provisioning via SCIM instead of legacy SPML
  • Implement REST security with OAuth 2.0* and XACML
  • Delegation via OAuth 1.0a, OAuth 2.0*, and WS-Trust.
  • Federation via OpenID, SAML2, and WS-Trust STS
  • OpenID Connect 1.0 on top of OAuth 2.0 to get user authentication events and user claims to the external applications.
  • Integration with Microsoft SharePoint with Passive STS support
  • Flexible profile management for users supporting multiple profiles per user
  • Auditing via XDAS
  • Credential mapping across different protocols
Entitlement Management
  • Role-based access control (RBAC)
  • Attribute-based or claim-based access control via XACML, WS-Trust, OpenID, OpenID Connect and claim management
  • Fine-grained policy-based access control via XACML
  • Advanced entitlement auditing and management
  • Entitlement management for any REST or SOAP calls
XACML 2.0/3.0 Support
  • User-friendly interface for policy editing
  • Multiple Policy Information Point (PIP) support
  • 'TryIt' tool for exploring policy impact
  • Policy distribution to various Policy Decision Points (PDPs)
  • Policy decision and attribute caching
  • High-performance network protocol (over Thrift) for PEP/PDP interaction
  • Notifications for policy updates
Lightweight, Developer-Friendly, and Easy to Deploy
  • Complete SOAP API for integrating/embedding into any application or system
  • Pluggable workflows for privileged operations
  • Extensibility for pluggable authenticators, alternative user stores, XACML/SAML extension points, and more
  • Clustering for high-availability deployment
  • Choice of deployment to on-premises servers or to private or public Cloud (WSO2 StratosLive Identity-as-a-Service) without configuration changes
  • Integrated with WSO2 Enterprise Service Bus for authorization and all WSO2 Carbon products for authentication
Management and Monitoring
  • Comprehensive management and monitoring Web console with enterprise-level security and SAML2 SSO
  • Built-in collection and monitoring of standard access and performance statistics
  • JMX MBeans for monitoring and management of key metrics
  • Integrates with WSO2 Business Activity Monitor for operational audit and KPI monitoring and management
  • Flexible logging support with integration to enterprise logging systems
  • Centralized configuration management across different deployment environments with lifecycle management and versioning through integration with WSO2 Governance Registry

Open Source Components of WSO2 Identity Server

  • WSO2 Carbon
  • Apache Axis2 (SOAP)
  • Apache Axiom (High performance XML Object Model)
  • Apache Rampart/Apache WSS4J (WS-Security, WS-SecureConversation)
  • Apache Rahas (WS-Trust)
  • WS-Addressing implementation in Axis2
  • Apache Neethi (WS-Policy)
  • WS-SecurityPolicy implementation in Axis2
  • Apache XML Schema
  • OpenID4Java
  • SunXACML
  • OpenSAML2
  • Apache Directory Server
  • Apache Oltu

Related content

Identity Server Features
Identity Server Features
More like this
Key Concepts
More like this
Key Concepts
More like this
Key Concepts
More like this
Key Concepts
More like this