Embed Size (px)
Citation preview
Authenticator and Provisioning Connectors in WSO2 IS
Rajjaz Mohammed, WSO2Email: [email protected]
Kathees Rajendram, WSO2Email: [email protected]
Agenta
o Introduction
o Product Overview
o Authentication
o OAuth2/OpenID connect Authentication
o Multi Factor Authentication
o User Provisioning & Management
o Demo
Introduction
Why ?
o Bring Your Own Identity
o Identity is maintained in one domain, accessed in other domains
o Social network identities (Facebook, LinkedIN, Google)
o Open APIs
o Multi Factor Authentication support
o Bring Your Own Device
Product Overview
WSO2 Identity Servero 5th Generation Product
o Current version 5.1.0
o Why did we build it?
o Federated identity and entitlement is a key part of any distributed architecture
o SSO is important but need to federate and bridge across SSOs
o Based on WSO2 Carbon platform, which provides support for multi-tenancy, logging, clustering, and other common services
Architecture
Benefits
o Scenario-driven configuration
o Large number of scenarios supported out of the box,through simple configuration
o Single Sign On
o Federated Identity
o User Provisioning and Management
o Extensible & Customizable - Custom Authenticators
Authentication & SSO
Authentication
o Extensible user stores integration
o Security for APIs and Web Services
o Web Single Sign On for heterogeneous systems
o Highly configurable and extensible authentication flows
o Federation and Social integration
Authenticatorso Local Authenticators
o Basic Authenticator - Username, password
o IWA and X509 Authenticator – Zero password login
o FIDO (Fast Identity Online) - Multi Factor authentication
o Federated
o OAuth2/OpenID Connect Authenticator - LinkedIn, Facebook and Twitter
o Two factor Authenticator- Mepin, Clef, Tiqr, SMS and Email OTP
o SAML 2.0 Web SSO Authenticator
o WS-Federation (Passive) Authenticator
OAuth2/OpenID Connect Authenticator
Understanding OAuth 2.0
Amazon Authenticator
Multi Factor Authenticator
Configurable Authentication Flow
o Multi-Step : Add any number of authentication steps
o Multi-Option : Add any number of authenticators for a step
Multi-Option Authentication Flow
Clef Authenticator
o Two factor authenticatoro Scanning dancing wave using Phone
https://store.wso2.com/store/assets/isconnector
WSO2 IS Store….
User Provisioning and Management
Provisioning and Management
o Just In Time Provisioning
o Highly extensible User Provisioning Framework
o Users and groups management
o Accounts and Policies Management
o Self Service Dashboard
o Logging and Monitoring
o Custom user management workflows – user specificapprovals, multi-step approvals, approvals requiring multiple roles
Just In Time Provisioning
o Federated Identities can be provisioned into the WSO2Identity Server while federating
o Users can be provisioned to any primary or secondaryuser store
o JIT provisioned users can be provisioned to any othersystems instantly
Demo
Q & A
Thank You!
References
https://docs.wso2.com/display/IS510/Architecturehttps://docs.wso2.com/display/ISCONNECTORS/Creating+a+Third+Party+Authenticator+or+Connector+and+Publishing+in+WSO2+Storehttps://docs.wso2.com/display/ISCONNECTORS/Clef+Authenticatorhttps://store.wso2.com/store/assets/isconnector?sort=recenthttps://github.com/wso2-extensions/archetypes/blob/master/is-authenticator-archetype/setup.txthttp://wso2experience.blogspot.com/2016/01/wso2-is-custom-authenticator.html
