authenticator and provisioning connector in wso2 identity server

Authenticator and Provisioning Connectors in WSO2 IS

Rajjaz Mohammed, WSO2Email: rajjaz@wso2.com

Kathees Rajendram, WSO2Email: kathees@wso2.com

Agenta

o Introduction

o Product Overview

o Authentication

o OAuth2/OpenID connect Authentication

o Multi Factor Authentication

o User Provisioning & Management

o Demo

Introduction

Why ?

o Bring Your Own Identity

o Identity is maintained in one domain, accessed in other domains

o Social network identities (Facebook, LinkedIN, Google)

o Open APIs

o Multi Factor Authentication support

o Bring Your Own Device

Product Overview

WSO2 Identity Servero 5th Generation Product

o Current version 5.1.0

o Why did we build it?

o Federated identity and entitlement is a key part of any distributed architecture

o SSO is important but need to federate and bridge across SSOs

o Based on WSO2 Carbon platform, which provides support for multi-tenancy, logging, clustering, and other common services

Architecture

Benefits

o Scenario-driven configuration

o Large number of scenarios supported out of the box,through simple configuration

o Single Sign On

o Federated Identity

o User Provisioning and Management

o Extensible & Customizable - Custom Authenticators

Authentication & SSO

Authentication

o Extensible user stores integration

o Security for APIs and Web Services

o Web Single Sign On for heterogeneous systems

o Highly configurable and extensible authentication flows

o Federation and Social integration

Authenticatorso Local Authenticators

o Basic Authenticator - Username, password

o IWA and X509 Authenticator – Zero password login

o FIDO (Fast Identity Online) - Multi Factor authentication

o Federated

o OAuth2/OpenID Connect Authenticator - LinkedIn, Facebook and Twitter

o Two factor Authenticator- Mepin, Clef, Tiqr, SMS and Email OTP

o SAML 2.0 Web SSO Authenticator

o WS-Federation (Passive) Authenticator

OAuth2/OpenID Connect Authenticator

Understanding OAuth 2.0

Amazon Authenticator

Multi Factor Authenticator

Configurable Authentication Flow

o Multi-Step : Add any number of authentication steps

o Multi-Option : Add any number of authenticators for a step

Multi-Option Authentication Flow

Clef Authenticator

o Two factor authenticatoro Scanning dancing wave using Phone

https://store.wso2.com/store/assets/isconnector

WSO2 IS Store….

User Provisioning and Management

Provisioning and Management

o Just In Time Provisioning

o Highly extensible User Provisioning Framework

o Users and groups management

o Accounts and Policies Management

o Self Service Dashboard

o Logging and Monitoring

o Custom user management workflows – user specificapprovals, multi-step approvals, approvals requiring multiple roles

Just In Time Provisioning

o Federated Identities can be provisioned into the WSO2Identity Server while federating

o Users can be provisioned to any primary or secondaryuser store

o JIT provisioned users can be provisioned to any othersystems instantly

Demo

Q & A

Thank You!

References

https://docs.wso2.com/display/IS510/Architecturehttps://docs.wso2.com/display/ISCONNECTORS/Creating+a+Third+Party+Authenticator+or+Connector+and+Publishing+in+WSO2+Storehttps://docs.wso2.com/display/ISCONNECTORS/Clef+Authenticatorhttps://store.wso2.com/store/assets/isconnector?sort=recenthttps://github.com/wso2-extensions/archetypes/blob/master/is-authenticator-archetype/setup.txthttp://wso2experience.blogspot.com/2016/01/wso2-is-custom-authenticator.html