Can WSO2 API Manager be used with a separate Identity Server as IdP, without sharing the database? All documentation and tutorials point to a special version of IS and sharing the database, and I'd like to avoid that.
You can configure WSO2 API Manager with an external IDP without using WSO2 IS. I think this blog will be helpful for you. In this blog, Keycloak has been used as the federated IDP for SSO.
Thanks.
Yes, you can configure IS as federated Identity Provider. This blog has steps to configure WSO2 IS as federated IdP for API Manager.
Related
We are using WSO2 Identity Manager. We have a requirement to verify user credentials and authorization by making a call to NetIQ Identity and Access Management.
I am not familiar with the NetIQ Identity and Access Management solution; looks like it supports OAuth2 and OpenID Connect protocols. You can use federated authentication capabilities of WSO2 Identity Server to achieve what you want. The following documentation links will help you.
Identity Federation: https://is.docs.wso2.com/en/latest/learn/identity-federation
Adding and Configuring an Identity Provider: https://is.docs.wso2.com/en/latest/learn/adding-and-configuring-an-identity-provider/
Configuring OAuth2-OpenID Connect: https://docs.wso2.com/display/IS570/Configuring+OAuth2-OpenID+Connect
i m new learner for wso2
wso2 - oauth, user Management and my other service available in predix.
so i have used wso2 identity server for oauth and user management.
Problem :
1) how to integrate predix(idp)
2) how to used this things using REST API
For your first question, I understood that you need to integrate the mentioned Idp as federated Identity Provider in WSO2 Identity Server. Doc - https://docs.wso2.com/display/IS570/Configuring+Federated+Authentication guides the steps to configure federated authentication.
Currently, WSO2 IS don't have a build in authenticator for the Prefix. But as the Prefix support OIDC flow, you should be able to WSO2 OIDC federated authenticator. Steps can be found here
I haven't got the chance to test with Prefix. But it needs to work
Can someone please clarify when to use API Manager and when to use Identity Server. I see that API Manager comes with Key Manager. Isn't that sufficient. I am really confused. Any help would be helpful.
Many thanks....
I hope this explaination will help you out,
WSO2 Identity Server
WSO2 Identity Server is a fully fledged Identity Management Solution which supports Authentication, Authorization, Single Sign-On and Identity Federation to name a few capabilities. WSO2 Identity Server supports almost all major identity protocols such as SAML, OAuth2, OpenID Connect etc.Take a look at this page to get an idea about the capabilities of WSO2 Identity Server.
WSO2 API Manager
WSO2 API Manager, on the other hand, focuses on managing your APIs. Managing life cycle of your APIs, Authorization, Throttling, applying policies on API consumers are some of the functionalities handled by API manager. API manager has several components such as publisher, store, gateway, key manager, traffic manager that clearly separates different aspects of API Management.
So the Key manager component is responsible for managing OAuth applications, generate, validate and revoke OAuth2 Tokens. API has an inbuilt key manager component to handle these functionalities.
API Manager also offers the flexibility to use an external key manager instead of its inbuilt one should you require to do so. This external key manager needs to confirm to an interface specified by API manager. By default, API has an implementation of this interface that allows WSO2 Identity Server to used an external key manager.
So whether or not you want to use Identity Server or any other external key manager is totally dependent on your use case and the API traffic.
You can use WSO2 Identity Server for all the authentication/authorization stuff:
XACML Architecture solution.
SSO with anothers webapps or WSO2 tools.
Implement a Oauth2 autorization mechanish
Federate authentication
etc....
You can uso WSO2 API Manager for expose unsecure resultful apis or webservices as secure apis using Oauth with monitoring and billings functionallities
The key manager functionallity properly decouples the operations for creating OAuth applications and validating access tokens so that you can even plug in a third party-authorization server for key validations.
In a DEV enviroment you can work with WSO2 API Manager without the WSO2 Identity Server at all.
In a production enviroment it's recommended to use a separate WSO2 API Manager as a Key Manager or use the WSO2 Identity Server as the Key Manager
i am newbie to the WSO2 identity server 5.0 service pack one.
I've been so confused lately that, what is different between identity provider and an outbound authentication?
How can i usage each of them ?
if i define a custom user store authentication, when must be used a custom authentication in Authentication endpoint? what is difference and usage each of them?
Identity providers are providing identity for users to interact with a system. As an example here in wso2 identity server we can configure Facebook as an Identity Provider(IDP). By doing this we can allow users to be logged into Service Providers using facebook credentials. you can follow the blog in [1] to test Wso2 IS with facebook IDP. Otherthan facebook we can use google, Live, Yahoo, etc. as IDP with IS.
[1] http://prasadtissera.blogspot.com/2014/04/login-with-facebook-for-wso2-identity.html
Thanks
I am new to WSO2 API Manager and Identity Server. I have one requirement - to use customized OAUTH2.0 in WSO2 IS with WSO2 API Manager. Could you please let me know If there are any samples or examples for this requirement.
You can register your custom Oauth Provider as IDP in WSO2 Identity Server. You can refere this blog [Federated Authentication] OpenID-Connect IDP with WSO2 Identity Server on how to do that.
WSO2 API Manager don't support this. So, You have to combine WSO2 Identity Server with API Manager (Identity Server as Key Manager with API Manager).