Meetup at WSO2 Jaffna office

1. Authenticator and Provisioning
Connectors in WSO2 IS
Rajjaz Mohammed, WSO2
Email: rajjaz@wso2.com
Kathees Rajendram, WSO2
Email: kathees@wso2.com

2. Agenta
o Introduction
o Product Overview
o Authentication
o OAuth2/OpenID connect Authentication
o Multi Factor Authentication
o User Provisioning & Management
o Demo

3. Introduction

4. Why ?
o Bring Your Own Identity
o Identity is maintained in one domain, accessed in other
domains
o Social network identities (Facebook, LinkedIN, Google)
o Open APIs
o Multi Factor Authentication support
o Bring Your Own Device

5. Product Overview

6. WSO2 Identity Server
o 5th Generation Product
o Current version 5.1.0
o Why did we build it?
o Federated identity and entitlement is a key part of any
distributed architecture
o SSO is important but need to federate and bridge across SSOs
o Based on WSO2 Carbon platform, which provides support for
multi-tenancy, logging, clustering, and other common services

7. Architecture

8. Benefits
o Scenario-driven configuration
o Large number of scenarios supported out of the box,
through simple configuration
o Single Sign On
o Federated Identity
o User Provisioning and Management
o Extensible & Customizable - Custom Authenticators

9. Authentication & SSO

10. Authentication
o Extensible user stores integration
o Security for APIs and Web Services
o Web Single Sign On for heterogeneous systems
o Highly configurable and extensible authentication flows
o Federation and Social integration

11. Authenticators
o Local Authenticators
o Basic Authenticator - Username, password
o IWA and X509 Authenticator – Zero password login
o FIDO (Fast Identity Online) - Multi Factor authentication
o Federated
o OAuth2/OpenID Connect Authenticator - LinkedIn, Facebook and
Twitter
o Two factor Authenticator- Mepin, Clef, Tiqr, SMS and Email OTP
o SAML 2.0 Web SSO Authenticator
o WS-Federation (Passive) Authenticator

12. OAuth2/OpenID Connect
Authenticator

13. Understanding OAuth 2.0

14. Amazon Authenticator

15. Multi Factor Authenticator

16. Configurable Authentication Flow
o Multi-Step : Add any number of authentication steps
o Multi-Option : Add any number of authenticators for a step

17. Multi-Option Authentication Flow

18. Clef Authenticator
o Two factor authenticator
o Scanning dancing wave using Phone

19. https://store.wso2.com/store/assets/isconnector
WSO2 IS Store….

20. User Provisioning and Management

21. Provisioning and Management
o Just In Time Provisioning
o Highly extensible User Provisioning Framework
o Users and groups management
o Accounts and Policies Management
o Self Service Dashboard
o Logging and Monitoring
o Custom user management workflows – user specific
approvals, multi-step approvals, approvals requiring multiple roles

22. Just In Time Provisioning
o Federated Identities can be provisioned into the WSO2
Identity Server while federating
o Users can be provisioned to any primary or secondary
user store
o JIT provisioned users can be provisioned to any other
systems instantly

23. Demo

24. Q & A

25. Thank You!

26. References
https://docs.wso2.com/display/IS510/Architecture
https://docs.wso2.
com/display/ISCONNECTORS/Creating+a+Third+Party+Authenticator+or+Connec
tor+and+Publishing+in+WSO2+Store
https://docs.wso2.com/display/ISCONNECTORS/Clef+Authenticator
https://store.wso2.com/store/assets/isconnector?sort=recent
https://github.com/wso2-extensions/archetypes/blob/master/is-authenticator-
archetype/setup.txt
http://wso2experience.blogspot.com/2016/01/wso2-is-custom-authenticator.
html