Monday, October 6, 2014

WSO2 Identity Server 5.0.0 : Resident Identity Provider & Resident Service Provider

The WSO2 Identity Server 5.0.0 takes the identity management into a new direction. No more there will be federation silos or spaghetti identity anti-patterns. The authentication framework we introduced in IS 5.0.0 powers this all. Along with the authentication framework, we absorbed the concept of service providers and identity providers into the core Identity Server architecture.

WSO2 Identity Server (IS) can mediate authentication requests between service providers and identity providers, at the same time WSO2 IS itself acts as a service provider and an identity provider. When it acts as a service provider - that is known as the resident service provider - and when it acts as an identity provider - that is known as the resident identity provider.

What does IS do as the resident service provider?

Currently the only occasion IS acts as the resident service provider is while adding users to the system. You can enable provisioning configurations against the resident service provider. Say for example, if you try to add users to the system via the SCIM API and authenticate to it using HTTP basic authentication, then the system will read the provisioning configurations from the resident service provider. (If the user authenticates to the SCIM API with OAuth credentials, then the system will load the configuration corresponding to the service provider who owns the OAuth client id).

At the same time if you want to configure outbound provisioning for any user management operation done via the Management Console, SOAP API  or the SCIM API, then also you need to configure out bound provisioning identity providers against the resident service provider. That means, based on the outbound configuration, users added from the Management Console, will also be provisioned to external systems like Salesforce and Google Apps.

What does IS do as the resident identity provider?

If you are a service provider and wants to send an authentication request or a provisioning request to the Identity Server (say, via SAML, OpenID, OpenID Connect, SCIM, WS-Trust) -  what matters for you is the resident identity provider configuration.

Resident identity provider configuration is a one time configuration for a given tenant. It basically shows you the identity server's metadata - like the endpoints. Later we plan to make this configuration available as a downloadable metadata file. In addition to the metadata, if you want to secure the WS-Trust endpoint with a security policy - this where you have to do that too.


9 comments:

Julian Lee said...
This comment has been removed by the author.
Craig Hawes said...

Hi there,

I'm getting an error when trying to open the resident Identity provider "Error while loading Identity Provider"

Where should i be looking to resolve this. i.e. where is the config for it?

Many thanks

Prabath Siriwardana said...

What is the exception you see in the log file (wso2carbon.log) ?

caiyan said...

raybans
coach factory outlet
air jordan retro
adidas super color
coach factory outlet
canada goose outlet online
canada goose outlet
ray ban sunglasses discount
coach outlet
pandora charms
20611019caiyan

chenmeinv0 said...

ugg boots sale
coach outlet store online
coach outlet store online clearances
cheap jordan retro
tommy hilfiger clothing
air max 1
louis vuitton handbags
air max uk
canada goose outlet
louis vuitton outlet stores
2016.12.27xukaimin

dong dong23 said...

louboutin outlet
michael kors handbags
christian louboutin shoes
michael kors bags
polo ralph lauren
cheap mlb jerseys
coach outlet
cheap ray ban sunglasses
true religion sale
prada handbags
2017.5.6chenlixiang

John said...

polo ralph lauren outlet
red bottom heels
adidas nmd runner
louis vuitton outlet online
coach factory outlet online
ralph lauren outlet
hermes bags
coach factory outlet online
adidas yeezy boost
coach factory outlet
20170714yuanyuan

raybanoutlet001 said...

cheap nfl jerseys
minnesota vikings jerseys
ugg boots
ugg boots
tennessee titans jersey
polo ralph lauren
fitflops sale
hermes belts
cleveland cavaliers jerseys
adidas nmd

1111141414 said...

kobe shoes
yeezys
basketball shoes
real jordans
http://www.uggoutlet.uk
ferragamo belt
air jordan shoes
nike air force 1 low
michael kors factory outlet
jordan retro