WSO2 Identity Server身份认证服务
WSO2 Identity Server 是一个开源的身份认证服务,支持 Information Cards, OpenID 和 XACML
特性:
System and User Identity Management
API for integrating identity management to any application
Multi-factor authentication
Single Sign-On (SSO) via OpenID, SAML2, and Kerberos KDC
SSO bridging between on-premise systems and cloud apps
Credential mapping across different protocols
Auditing via XDAS
Delegation via OAuth 1.0a, OAuth 2.0, and WS-Trust
Federation via OpenID, SAML2, and WS-Trust STS
Integration with Microsoft SharePoint with Passive STS support
Implement REST security with OAuth 2.0 and XACML
XKMS for key storage and distribution
Implement REST security with OpenID Connect
Trusted SAML2 Identity Providers per tenant
Out-of-the-box integration with Google Apps and Salesforce
Customizable login pages for OpenID, OAuth, OpenID Connect, SAML2, and Passive STS
User and Groups Provisioning
Support for SCIM 1.0 standard
OAuth 2.0 authentication for SCIM
Automatic provisioning of users to "Salesforce/Google Apps" or via SPML/SCIM
Just-in-time provisioning can be used to create identities "on the fly"
User and Groups Management
Web-based application for users, for profile, password, and service providers management
Flexible support for user stores, either built-in LDAP (powered by ApacheDS) or external LDAP, Microsoft Active Directory, Apache Cassandra, or any JDBC database
Flexible profile management for users supporting multiple profiles per user
Multiple user store support
Per tenant user stores
Account locking on failed user attempts
Password validation/expiration policies
Account recovery with email and secret questions
Entitlements Management
Role based access control (RBAC)
Attribute or claim based access control via XACML, WS-Trust, OpenID, and claim management
Fine-grained policy based access control via XACML
Advanced entitlement auditing and management
Entitlement management for any REST or SOAP calls
XACML 2.0/3.0 Support
User-friendly interface for policy editing
Multiple Policy Information Point (PIP) support
TryIt tool for exploring policy impact
Policy distribution to various Policy Decision Points (PDPs)
Policy decision and attribute caching
High performance network protocol (over Apache Thrift) for PEP/PDP interaction
Notifications of policy updates
Policy Administration Point (PAP) to manage multiple Policy Decision Points (PDP)
Customizable policy administration UI
Lightweight, Developer Friendly and Easy to Deploy
Complete SOAP API for integrating/embedding into any application or system
Pluggable workflows for privileged operations
Extensibility for pluggable authenticators, alternative user stores, XACML/SAML extension points, and more
Clustering for high available deployment
Choice of deployment to on-premise servers, private cloud, or managed cloud, without configuration changes
Integrated to WSO2 Enterprise Service Bus for authorization and all WSO2 Carbon products for authentication
Manage and Monitor
Comprehensive management and monitoring Web console with enterprise-level security and SAML2 SSO
Built-in collection and monitoring of standard access and performance statistics
JMX MBeans for key metrics monitoring and management
Integrates with WSO2 Business Activity Monitor for operational audit and KPI monitoring and management
Flexible logging support with integration to enterprise logging systems
Centralized configuration management across different deployment environments with life cycles and versioning with integration to WSO2 Governance Registry