Starting with WSO2 Identity Server (Security as Service)

Some years ago I have used many open source tools to cover identity management projects, there was not a unique tool that allows me to cover the entire life cycle of identity management projects.

Only as a sample, I list of tools that I used in my last projects:

1.- Directory or LDAP servers:

  • Apache DS
  • OpenLDAP
  • OpenDS
  • CentOS Directory Server
  • Fedora DS

2.- Virtual Directory or Proxy LDAP servers:

3.- PKI

  • OpenSSL
  • OpenCA
  • DogTag
  • TinyCA

4.- AuthN/AuthZ Servers

  • CAS
  • OpenAM
  • OpenSSO
  • Shibboleth
  • SimpleSAMLphp

For further information, you can see my post on Identity Management

Well, now developing projects related to identity management or authentication and authorization services to business applications is easier thanks to many of the security and management of identities features that are required are included in an unique product called WSO2 Identity Server.

WSO2 Identity Server

WSO2 Identity Server

The WSO2 Identity Server (aka WSO2 IS) is a WSO2’s product oriented to Identity Management (IdM) perfectly suitable for SOA/BPM projects, SaaS and PaaS projects.

WSO2 IS is a free and open source product and helps us to manage all life cycle of IdM’s projects, its main functionalities for the current version (4.5.0) are:

1.- Identity Management

  • Multifactor Authentication, Credentials Management (Provisioning via SCIM, User Storage Management using ApacheDS, Multi Users Storage, ), SSO (Kerberos, SAML2, OpenID), Federation (OpenID, SAML2, WS-Trust STS), Delegation (OAuth, WS-Trust), REST security (OAuth, XACML), XKMS (Key Storage and distribution), Account Management (Password Policies, account locking, customizable login pages, account recovery) and out-of-box integration with SaaS apps as Google Apps and Salesforce.

2.- Entitlement Management

  • RBAC, XACML (attribute or claim based access control), WS-Trust, OpenID.
  • Fine-graned policy based access control via XACML.
  • Authorization for any REST or SOAP calls.

3.- Integrable and/or Developer friendly

  • Many IdM functionalities are exposed as API (SOAP and REST calls).
  • Clustering for high available deployment.
  • Integrated to WSO2 Enterprise Service Bus for AuthZ and AuthN.

4.- Managed

Well, WSO2 IS is constantly evolving, although still is in the version 4.5.0, many of its attractive features are 1-2 years old. The big advantage is that WSO2’s engineers are working hard and WSO2 has an active community supporting it.

In this blog we will be publishing a series of articles related to WSO2IS for anyone interested in IdM and security can begin rapidly.

Then I leave the official source WSO2 IS resources:

I hope you have been useful.


Tagged with: , ,
Posted in IAM, PaaS, Security, SOA
4 comments on “Starting with WSO2 Identity Server (Security as Service)
  1. DZone MVB says:

    Hi Roger,

    Is there any chance you’ve used WSO2’s PaaS (WSO2 Cloud) in development before? I’m searching for a reviewer to help with DZone’s IaaS and PaaS guide. I’m a senior editor at My name is Mitch.

    • Hi Mitch,

      yes, We (@Jack_A_Rider and me) have used WSO2’s PaaS but just for internal test purposes.
      Also, We have tried (and fought) with WSO2 AppFactory (on WSO2 PaaS – aka. Stratos).
      If you need further information, don’t hesitate email me.


  2. […] hemos hablado de WSO2 IS y qué ofrece, aquí básicamente listaremos las estrategias de integración que seguiremos cuando queremos hacer […]

  3. Hi Roger,

    I am trying to integrate WSO2IS with alfresco with Single Sign On.
    Can you please help me on this.
    Awaiting for an response from your end.

    Vijay Kumar N

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: