This slide deck explores the advantages of choosing an open source IAM solution and the enhancements and customizations that are made possible with this model.
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Benefits of Using Open Source IAM
1. Benefits of Using Open Source IAM
Ajanthan Balachandran, Lead Solution Engineer, WSO2
2. Agenda
2
● Why IAM and what are the IAM deployment options?
● Why open source IAM?
● Risks of opting for open source IAM and mitigations
● What to look for while choosing open source IAM
● Introduction to WSO2 Identity Server
● Customizations in WSO2 Identity Server
● Migrating from proprietary IAM
● Demo
5. IAM in Digital Value Proposition
5
Connect everyone to digital assets securely, with the correct level of
access control
● Source of competitive differentiation
● Increases business agility
● Secure all aspects of your brand
● Easy access anywhere, anytime
● Enhance user experience
● Compliance
6. IAM Deployment Models
What are the choices for building IAM solutions?
● Commercial off the shelf products
● Identity as service (IDaaS)
● Open source software
● Home grown solutions
6
8. By 2021, open-source IAM
components will be used for one or
more IAM functions by 30% of
organizations, up from 20% at the end
of 2016."
Gartner,
Options for Open-Source Identity and
Access Management: 2017 Update,
8 March 2017
9. Reasons for Choosing Open Source IAM
9
● Freedom
● Extensibility
● Lower cost
Benefits of an open source deployment
10. Freedom Open Source IAM
10
● Freedom to
■ Use
■ Study
■ Improve
■ Redistribute
No vendor locking
11. Extensibility
11
● Highly customizable due to flexible architecture
● No need to negotiate for customization
● Source code is open, free to examine and customize
Flexibility to customize
12. Lower Cost
12
● Lower initial cost
● Lower maintenance cost
● No need to pay for additional features
● No cost for upgrade
Higher ROI
13. Lower Cost
13
● Lower initial cost
● Lower maintenance cost
● No need to pay for additional features
● No cost for upgrade
Higher TCO
15. Risk and Mitigation
15
● Relying on community
WSO2 Subscription offers technical and maintenance support
● OSS project stalling
WSO2 IAM is backed by WSO2
50 million users are using daily
● Challenges in keeping inhouse talent
WSO2 subscription has incident and development support
There is no prerequisite of having local SME
17. How to Choose Open Source IAM
● Open source, not just open core
● Ease of extension and customization
● Integration with heterogeneous technology stacks
● Ease of integration with new applications in the security ecosystem
17
18. How to Choose Open Source IAM
● Cloud vs on-premise deployments and interconnectivity needs
● Ensuring that you can incorporate latest algorithms and security protocols
when they emerge
● Compliance with security and industry regulations
● Open standards support
18
20. What
One Platform for All Identity Needs
20
WSO2 Identity Server is an open source IAM product that
federates and manages identities across all enterprise and
cloud service environments.
22. Focus Areas Of WSO2 Identity Server
● SSO & Identity Federation
● Strong Authentication
● Account Management and Identity Provisioning
● Access Control
● Privacy
● API and Microservices Security
One Platform for All Identity Needs
22
23. Highlights Of WSO2 Identity Server
● Open source
● Highly extensible
● Support for open standards in SSO, Authentication and access control
● Built-in support for social logins and strong authentication systems
● Accommodates large scale deployments over millions of users (50mn+)
● Easy and flexible deployment
23
25. 25
Architecture
Service providers External Apps
Google Apps
Request processor
Response generator
SAML SSO
OAuth
OpenID-connect
Passive STS
Inbound Provisioning
SCIM
SOAP
Inbound Authenticators
Outbound Provisioning
Federated Authenticators
SAML SSO
OAuth
OpenID-connect
Passive STS
Facebook
Yahoo
Google
Microsoft
SCIM
SOAP
Google
Salesforce
Authentication framework
IN
SP to Local
Claims Mapping
Local to IdP
Claims Mapping
OUT
Local to SP
Claims
Mapping
IdP to Local
Claims
Mapping
JIT
Provisioning
Provisioning Framework
User Store Manager
LDAP AD JDBC
Local Authenticators
Username /
Password
IWA
27. Extending User Management
27
● User stores
○ LDAP, AD, Databases, MongoDB, etc.
● User store operations listeners
● Using the User Management Errors Event Listener
● Customizing error messages
● Custom password validator
34. Migrating Users and Attributes
34
● Standard user stores can be connected via configurations
○ LDAP or Active Directory
● Configure proprietary IAM as Idp as interim solution
○ Just in time provisioning
● Write custom user store
● Import users from csv or xls
35. Migrating Applications
35
● Supporting open standards for application integration
○ OpenID connect/OAuth2/SAML2/WS-federation/CAS
● Ability to add custom federation protocol as an extension
36. Migrating Configurations
36
● Automation through remote APIs
○ OAuth2 DCR
○ Product APIs
● Exchanging configuration data through standard metadata import/export
○ SAML SP/IDP metadata
○ OpenID connect discovery
● Reusing CSS/HTML for look and feel customizations
40. Summary
● Open Source IAM
○ Freedom to use, operate and redistribute
○ Highly customizable
○ Lower initial implementation and maintenance cost
● WSO2 IAM
○ Provides compelling features sets as commercial
○ Has lots of extension points for customization
○ Backed by a commercial entity
Benefits of Open Source IAM and WSO2 IAM
40