faboolous faboolous - 6 months ago 52
reST (reStructuredText) Question

WSo2 Identity server - the right choice for my needs?

I've been dropped into a hot potato project...an external entity produced a SOA architecture and we need to implement it now.

Using Drupal as a CMS and starting point of the architecture.
Here's what I think we need to do:

Authentication server

People register through the drupal site. We'd like to reuse the identity created for other (future) services, through a REST API

a) Can I add users to WSO2 Identity Server via a (REST) API?

b) Can I query WSO2IS to authenticate users via a (REST) API (creating a SSO env)?

c) Can I create re-usable profiles in WSO2IS, accessible through a (REST) API?

d) Can I authenticate drupal access via WSO2IS through a (REST) API?

e) Can I query the XACML policies via a (REST) API so that access to a requested service can be evaluated?

  • Other REST APIs we're going to build would use the OAuth functionality of WSO2

The architecture mandates each an authentication, a profiles and a policy (authorization) with XACML (...) module. The alternative is to build it all ourselves but I think we won't have the time for this, but I need to understand if we can do the above mentioned things to make a decision if WSO2IS is a good choice for our needs.

I have read the available documentation, browsed the help system, installed WSO2IS and checked out the interfaces, but couldn't find the responses. The only thing I managed to do is create the OAuth server.

Answer Source

Please find my answers..

a) Yes.. WSO2 Identity Server supports SCIM which is the standard approach for identity provisioning. Also there are web service APIs, that expose user management functions. You can front those web service API using WSO2 APIM and can expose as REST API.

b) Yes.. Apart from REST and web service API, Identity Server supports for authentication methods such as SAML2SSO, OpenID, IWA and so on.

c) Yes.. same as a) you have both options SCIM or Web service API fronted with APIM

d) There is an authentication framework in the WSO2IS, that users can be authenticated with different server.. Basically WSO2IS can act as federated IDP that application knows only to talk to WSO2IS.. WSO2IS can authenticate users from any other IDP, It can be drupal as well

e) Yes.. XACML is supported by WSO2IS... Its PDP API has been exposed via web service API.. but not as a REST API.. but as i mentioned earlier, you can expose it as REST using APIM. However REST support for XACML would be available with the further release

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download