WSO2 Identity Server - 身份认证服务


Apache
跨平台
Java

软件简介

WSO2 Identity Server 是一个开源的身份认证服务,支持 Information Cards, OpenID 和 XACML

特性:

System and User Identity Management

  • API for integrating identity management to any application

  • Multi-factor authentication

  • Single Sign-On (SSO) via OpenID, SAML2, and Kerberos KDC

  • SSO bridging between on-premise systems and cloud apps

  • Credential mapping across different protocols

  • Auditing via XDAS

  • Delegation via OAuth 1.0a, OAuth 2.0, and WS-Trust

  • Federation via OpenID, SAML2, and WS-Trust STS

  • Integration with Microsoft SharePoint with Passive STS support

  • Implement REST security with OAuth 2.0 and XACML

  • XKMS for key storage and distribution

  • Implement REST security with OpenID Connect

  • Trusted SAML2 Identity Providers per tenant

  • Out-of-the-box integration with Google Apps and Salesforce

  • Customizable login pages for OpenID, OAuth, OpenID Connect, SAML2, and Passive STS

User and Groups Provisioning

  • Support for SCIM 1.0 standard

  • OAuth 2.0 authentication for SCIM

  • Automatic provisioning of users to “Salesforce/Google Apps” or via SPML/SCIM

  • Just-in-time provisioning can be used to create identities “on the fly”

User and Groups Management

    • Web-based application for users, for profile, password, and service providers management
  • Flexible support for user stores, either built-in LDAP (powered by ApacheDS) or external LDAP, Microsoft Active Directory, Apache Cassandra, or any JDBC database

  • Flexible profile management for users supporting multiple profiles per user

    • Multiple user store support
    • Per tenant user stores
  • Account locking on failed user attempts

  • Password validation/expiration policies

  • Account recovery with email and secret questions

Entitlements Management

  • Role based access control (RBAC)

  • Attribute or claim based access control via XACML, WS-Trust, OpenID, and claim management

  • Fine-grained policy based access control via XACML

  • Advanced entitlement auditing and management

  • Entitlement management for any REST or SOAP calls

XACML 2.0/3.0 Support

  • User-friendly interface for policy editing

  • Multiple Policy Information Point (PIP) support

  • TryIt tool for exploring policy impact

  • Policy distribution to various Policy Decision Points (PDPs)

  • Policy decision and attribute caching

  • High performance network protocol (over Apache Thrift) for PEP/PDP interaction

  • Notifications of policy updates

  • Policy Administration Point (PAP) to manage multiple Policy Decision Points (PDP)

  • Customizable policy administration UI

Lightweight, Developer Friendly and Easy to Deploy

  • Complete SOAP API for integrating/embedding into any application or system

  • Pluggable workflows for privileged operations

  • Extensibility for pluggable authenticators, alternative user stores, XACML/SAML extension points, and more

  • Clustering for high available deployment

  • Choice of deployment to on-premise servers, private cloud, or managed cloud, without configuration changes

  • Integrated to WSO2 Enterprise Service Bus for authorization and all WSO2 Carbon products for authentication

Manage and Monitor

  • Comprehensive management and monitoring Web console with enterprise-level security and SAML2 SSO

  • Built-in collection and monitoring of standard access and performance statistics

  • JMX MBeans for key metrics monitoring and management

  • Integrates with WSO2 Business Activity Monitor for operational audit and KPI monitoring and management

  • Flexible logging support with integration to enterprise logging systems

  • Centralized configuration management across different deployment environments with life cycles and versioning with integration to WSO2 Governance Registry