This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, go to https://wso2.com/documentation/.
Identity Federation
Identity and access management requirements are rapidly evolving over the years. Organizations cannot survive with authentication and authorization mechanisms that only span a single boundary of trust. Hence, these organizations often provide and consume services across trust boundaries, which may include partners, subsidiaries, customers or suppliers and may span across multiple buildings, cities, states, countries and even continents. Identity federation and Single Sign On (SSO) come into the picture to provide and consume these services across trust boundaries.
Identity federation and SSO have similarities as well as key differences. Identity federation is a mechanism that allows authentication across different enterprises in different trust domains based on a trust factor. This makes access easy, as users do not have to remember a different set of credentials for every application they use. However, the users have to provide their credentials to each one of the applications separately although the credentials used are the same. On the other hand, SSO enables users to provide their credentials once and obtain access to multiple applications. In SSO, the users are not prompted for their credentials when accessing each application until their session is terminated.
The following topics discuss the various features that are key to using Identity Federation and Single-Sign-On (SSO).
- Evolution of Identity Federation Standards
- Federated Authentication
- Identity Federation with WS-Trust
- Configuring SAML2 Single-Sign-On Across Different WSO2 Products
- See Configuring an Identity Provider for instructions on how to configure an identity provider so that identity federation is possible.