Tuesday, April 5, 2016

Identity Patterns with the WSO2 Identity Server
Service provider-specific user stores

Problem:
  • The business users need to access multiple service providers supporting multiple heterogeneous identity federation protocols. 
  • When the user gets redirected to the identity provider, the users only belong to the user stores specified by the corresponding service provider, should be able to login or get an authentication assertion. 
  • In other words, each service provider should be able to specify from which user store it accepts users.
Solution:
  • Deploy the WSO2 Identity Server as an identity provider over multiple user stores and register all the service providers. 
  • Extend the pattern 18.0 Fine-grained access control for service providers to enforce user store domain requirement in the corresponding XACML policy. 
  • Use a regular expression to match allowed user store domain names with the authenticated user’s user store domain name. 
  • Products: WSO2 Identity Server 5.0.0+ 

1 comments:

emanuelmaruio said...

Sudden situated up you rate in truth I'm normal devotee of your web page on-line and I've an investigate this whole situated up till spare you and that I sincerely find it no longer suitable to remain as hundreds as exceptionally a decent purchase. I of late got here at last of your blog and were breaking down along. Feel free to surf college paper writing service