WSO2 Identity Server

WSO2 Identity Server 是一个开源的身份认证服务，支持 Information Cards, OpenID 和  XACML

特性：

System and User Identity Management

• API for integrating identity management to any application

• Multi-factor authentication

• Single Sign-On (SSO) via OpenID, SAML2, and Kerberos KDC

• SSO bridging between on-premise systems and cloud apps

• Credential mapping across different protocols

• Auditing via XDAS

• Delegation via OAuth 1.0a, OAuth 2.0, and WS-Trust

• Federation via OpenID, SAML2, and WS-Trust STS

• Integration with Microsoft SharePoint with Passive STS support

• Implement REST security with OAuth 2.0 and XACML

• XKMS for key storage and distribution

• Implement REST security with OpenID Connect

• Trusted SAML2 Identity Providers per tenant

• Out-of-the-box integration with Google Apps and Salesforce

• Customizable login pages for OpenID, OAuth, OpenID Connect, SAML2, and Passive STS

User and Groups Provisioning

• Support for SCIM 1.0 standard

• OAuth 2.0 authentication for SCIM

• Automatic provisioning of users to "Salesforce/Google Apps" or via SPML/SCIM

• Just-in-time provisioning can be used to create identities "on the fly"

User and Groups Management

• Web-based application for users, for profile, password, and service providers management

• Flexible support for user stores, either built-in LDAP (powered by ApacheDS) or external LDAP, Microsoft Active Directory, Apache Cassandra, or any JDBC database

• Flexible profile management for users supporting multiple profiles per user

• Multiple user store support

• Per tenant user stores

• Account locking on failed user attempts

• Password validation/expiration policies

• Account recovery with email and secret questions

Entitlements Management

• Role based access control (RBAC)

• Attribute or claim based access control via XACML, WS-Trust, OpenID, and claim management

• Fine-grained policy based access control via XACML

• Advanced entitlement auditing and management

• Entitlement management for any REST or SOAP calls

XACML 2.0/3.0 Support

• User-friendly interface for policy editing

• Multiple Policy Information Point (PIP) support

• TryIt tool for exploring policy impact

• Policy distribution to various Policy Decision Points (PDPs)

• Policy decision and attribute caching

• High performance network protocol (over Apache Thrift) for PEP/PDP interaction

• Notifications of policy updates

• Policy Administration Point (PAP) to manage multiple Policy Decision Points (PDP)

• Customizable policy administration UI

Lightweight, Developer Friendly and Easy to Deploy

• Complete SOAP API for integrating/embedding into any application or system

• Pluggable workflows for privileged operations

• Extensibility for pluggable authenticators, alternative user stores, XACML/SAML extension points, and more

• Clustering for high available deployment

• Choice of deployment to on-premise servers, private cloud, or managed cloud, without configuration changes

• Integrated to WSO2 Enterprise Service Bus for authorization and all WSO2 Carbon products for authentication

Manage and Monitor

• Comprehensive management and monitoring Web console with enterprise-level security and SAML2 SSO

• Built-in collection and monitoring of standard access and performance statistics

• JMX MBeans for key metrics monitoring and management

• Integrates with WSO2 Business Activity Monitor for operational audit and KPI monitoring and management

• Flexible logging support with integration to enterprise logging systems

• Centralized configuration management across different deployment environments with life cycles and versioning with integration to WSO2 Governance Registry