This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Implementing Security in the Identity Server
WSO2 Identity Server provides many methods for implementing and managing security. These are described in the following topics.
- Configuring Transport Level Security
- Saving Access Tokens in Separate Tables
- Timestamp in WS-Security to Mitigate Replay Attacks
- Enabling Java Security Manager
- Mitigating Cross Site Request Forgery (CSRF) Attacks
- Mitigating Authorization Code Interception Attacks
- Mitigating Brute Force Attacks
Related Topics
- The security patch releases can be found here. See the Applying Patches topic for more information on how to apply the security patch to WSO2 IS.
- See Configuring Session Timeout for instructions on how to expire a session for user account security.