Monday, October 6, 2014

WSO2 Identity Server 5.0.0 : Resident Identity Provider & Resident Service Provider

The WSO2 Identity Server 5.0.0 takes the identity management into a new direction. No more there will be federation silos or spaghetti identity anti-patterns. The authentication framework we introduced in IS 5.0.0 powers this all. Along with the authentication framework, we absorbed the concept of service providers and identity providers into the core Identity Server architecture.

WSO2 Identity Server (IS) can mediate authentication requests between service providers and identity providers, at the same time WSO2 IS itself acts as a service provider and an identity provider. When it acts as a service provider - that is known as the resident service provider - and when it acts as an identity provider - that is known as the resident identity provider.

What does IS do as the resident service provider?

Currently the only occasion IS acts as the resident service provider is while adding users to the system. You can enable provisioning configurations against the resident service provider. Say for example, if you try to add users to the system via the SCIM API and authenticate to it using HTTP basic authentication, then the system will read the provisioning configurations from the resident service provider. (If the user authenticates to the SCIM API with OAuth credentials, then the system will load the configuration corresponding to the service provider who owns the OAuth client id).

At the same time if you want to configure outbound provisioning for any user management operation done via the Management Console, SOAP API  or the SCIM API, then also you need to configure out bound provisioning identity providers against the resident service provider. That means, based on the outbound configuration, users added from the Management Console, will also be provisioned to external systems like Salesforce and Google Apps.

What does IS do as the resident identity provider?

If you are a service provider and wants to send an authentication request or a provisioning request to the Identity Server (say, via SAML, OpenID, OpenID Connect, SCIM, WS-Trust) -  what matters for you is the resident identity provider configuration.

Resident identity provider configuration is a one time configuration for a given tenant. It basically shows you the identity server's metadata - like the endpoints. Later we plan to make this configuration available as a downloadable metadata file. In addition to the metadata, if you want to secure the WS-Trust endpoint with a security policy - this where you have to do that too.


Julian Lee said...
This comment has been removed by the author.
Craig Hawes said...

Hi there,

I'm getting an error when trying to open the resident Identity provider "Error while loading Identity Provider"

Where should i be looking to resolve this. i.e. where is the config for it?

Many thanks

Prabath Siriwardana said...

What is the exception you see in the log file (wso2carbon.log) ?

caiyan said...

coach factory outlet
air jordan retro
adidas super color
coach factory outlet
canada goose outlet online
canada goose outlet
ray ban sunglasses discount
coach outlet
pandora charms

chenmeinv0 said...

ugg boots sale
coach outlet store online
coach outlet store online clearances
cheap jordan retro
tommy hilfiger clothing
air max 1
louis vuitton handbags
air max uk
canada goose outlet
louis vuitton outlet stores