Identity Server supports for both In-bound and Out-bound provisions. First let try to understand what is meant by Out/In provisioning In-bound provisioning Provisioning users/groups to Identity Server’s user stores by an application (Service Provider). Supported via SCIM Standard. Also there is a SOAP based web service API. Users/Groups would be created in primary or secondary […]
In my previous posts, we talked about securing BE service with WSO2ESB. But, there are some issues with way that we have configured when it comes to production developments. In this blog post, we are trying to overcome from them. OK, let see what has happened with previous blog posts. 1. This post; we discussed how […]
If you are using Identity Server for user and role management,You may wonder how we could manage user’s attributes with it. In identity server, each user store attribute can be mapped as a claim. Therefore you need to go through claim management and properly map your LDAP/AD/JDBC user store attributes with the claim uris defined […]
If you are working on developing, integrating and testing SAML2 based SSO scenarios; It would be really useful, If we can trace the SAML2 messages that are going here and there. Once of the great tool that we can use for this, is the SSO Tracer It is just a firefox plugin and you can install it in […]
In LDAP user object contains different attributes such as uid, cn , email and so on. Some of the attributes can be unique. As an example normally uid and email can be unique attributes for user. Once you connect your LDAP with an application, application can use one of unique attribute in LDAP to authenticate […]
In my previous post, we discussed how we can invoke a user name token secured BE service. Let see, how we could invoke a Basic auth secured service using ESB. This is more easier as we just want to configure ESB property mediator to add Basic authentication header in to out going messages. However […]
Last time using this blog post, We discussed on load testing the XACML PDP using Jmeter. We uses the HTTPS transport for calling the Web Service API that has been exposed by the PDP. With Identity Server, we can also use Thrift protocal to communicate with PDP. It is said that thrift is more faster […]
When you are working with JAVA applications and JAVA based server, you may need to configure a Java key store (JKS) file. Self signed keystore can be easily created with keytool command. But if you have a private key and a CA signed certificate of it, You can not create a key store with just […]
When your keystore is compromised, you must change the password of it… Also when you are using/testing IDM products that are shipped with default keystores, It is always better to use them by changing the default passwords. Passwords of JKS files can be easily changed by using java keytool command as following… Use following keytool command to change the key store password […]
In my previous blog post we went through how you can configure the SAML2 SSO web application with Identity Server. Users authenticate to Identity Server by proving username/password. These username/password must be authenticated with the enterprise user store that identity server has been deployed. Therefore only the user who are in the enterprise user store […]