Some years ago I have used many open source tools to cover identity management projects, there was not a unique tool that allows me to cover the entire life cycle of identity management projects. Only as a sample, I list of tools that I used in my last projects:
|Directory or LDAP servers||Virtual Directory or Proxy LDAP servers||PKI||AuthN/AuthZ Servers|
|Apache DS||Penrose Virtual Directory (http://holisticsecurity.wordpress.com/2010/12/22/authentication-penrose-directory-liferay)||OpenSSL||CAS|
|CentOS Directory Server||DogTag||JOSSO|
For further information, you can see my post on Identity Management (http://holisticsecurity.wordpress.com/2010/11/17/identity-management-portal-ecm-bpm-projects).
Well, now developing projects related to identity management or authentication and authorization services to business applications is easier thanks to many of the security and management of identities features that are required are included in an unique product called WSO2 Identity Server.
The WSO2 Identity Server (aka WSO2 IS) is a WSO2’s product oriented to Identity Management (IdM) perfectly suitable for SOA/BPM projects, SaaS and PaaS projects. WSO2 IS is a free and open source product and helps us to manage all life cycle of IdM’s projects, its main functionalities for the current version (4.5.0) are:
- Identity Management
- Multifactor Authentication, Credentials Management (Provisioning via SCIM, User Storage Management using ApacheDS, Multi Users Storage, ), SSO (Kerberos, SAML2, OpenID), Federation (OpenID, SAML2, WS-Trust STS), Delegation (OAuth, WS-Trust), REST security (OAuth, XACML), XKMS (Key Storage and distribution), Account Management (Password Policies, account locking, customizable login pages, account recovery) and out-of-box integration with SaaS apps as Google Apps and Salesforce.
- Entitlement Management
- RBAC, XACML (attribute or claim based access control), WS-Trust, OpenID.
- Fine-graned policy based access control via XACML.
- Authorization for any REST or SOAP calls.
- Integrable and/or Developer friendly
- Many IdM functionalities are exposed as API (SOAP and REST calls).
- Clustering for high available deployment.
- Integrated to WSO2 Enterprise Service Bus for AuthZ and AuthN.
Well, WSO2 IS is constantly evolving, although still is in the version 4.5.0, many of its attractive features are 1-2 years old. The big advantage is that WSO2’s engineers are working hard and WSO2 has an active community supporting it. In this blog we will be publishing a series of articles related to WSO2IS for anyone interested in IdM and security can begin rapidly. Then I leave the official source WSO2 IS resources:
I hope you have been useful.