Identity and Access Management Using WSO2 Identity Server 5.10.0 — Part-1

Security is always a main concern in enterprise systems, so when we building the applications it is a must to implement proper security functionalities along with the business logic. Working on both at the same time is complex situation for developers as to consider multiple entry points of threat while designing the security framework.

To overcome this, there are many opensource and paid IAM solution providers. It can be cloud, on-premise or hybrid. In this article I’m going to dive into the WSO2 IAM solution. The main purpose of this article is to understanding the architecture of the WSO2 IS and how the message flow works inside it through example implementation for each.

Before moving on we will check the connection between identity and access through a simple diagram.

Identity and Access

As the diagram explains the identity can be a person or any other application which tries to get a resource to get it job done.

  1. Why WSO2?
  2. WSO2 IAM Architecture and Message Flow
  3. WSO2 IAM Extension Points in Architecture Diagram
  4. Message Flow with Sample implementations for Typical Scenarios
  • WSO2 IS as OAuth 2.0 Authorization Server
  • Single Sign-on Implementation ( SAML, OIDC, WS-Federation )
  • Multi-Factor Authentication ( MFA )
  • Adaptive Authentication
  • Identity Federation
  • Identity Federation with Social Login
  • Provisioning

The question why WSO2, is always comes along with why opensource? There was a time that people thought that opensource is less secure and using that in production is bit risky. But in the current emerging world opensource software's conquering the market and also have high value when comes to adoption.

When we compare [1] the features of other opensource IAM solutions, i got below stats from:

[1] https://sourceforge.net/software/compare/WSO2-Identity-Server-vs-Identity-Manager-OpenIAM-vs-Soffid-IAM-vs-Apache-Syncope/

where i compared below IAMs ( openIAM, Apache Syncope, WSO2, MidPoint, Soffid, Gluu ) and filtered the below list based on max available features.

And then when comparing the WSO2 IAM with OpenIAM with other options got the below:

As I mentioned in my previous blogs, it is always easy to understand when we add our understanding into a Flow Diagram. Because pictures always remain in our memory and even if we look at after sometime we will be able to understand the things that explained through the diagram.

Below is the WSO2 IS architecture diagram along with flow of messages.

Note: This diagram is developed based on wso2 documentation [2] and also based on my understanding on the WSO2 IS message flow.

[2] https://is.docs.wso2.com/en/5.10.0/get-started/architecture/

If the below diagram is not clear can view through this.

Here my main intention is to give an idea on the extension points locations in the above mentioned architecture. Have included some of the extension points in the diagram, which i have came across.

More guide on this can be found at [3] and [4].

[3] https://is.docs.wso2.com/en/next/learn/extension-points-for-oauth/

[4] https://is.docs.wso2.com/en/5.10.0/develop/writing-a-custom-password-validator/

If the below diagram is not clear click here for expansion.

Will continue some detailed explanation on the Extension points and samples in my next blog — Part — 2 of this…

Senior Tech Lead — Enterprise Integration | WSO2 Certified Solution Architect | https://ajanthane.blogspot.com/

Senior Tech Lead — Enterprise Integration | WSO2 Certified Solution Architect | https://ajanthane.blogspot.com/