WSO2 Identity Server System and User Identity ManagementUser and Groups ProvisioningUser and Groups ManagementEntitlements ManagementXACML 2.0/3.0 SupportLightweight, Developer Friendly and Easy to DeployManage and Mon

WSO2 Identity Server System and User Identity ManagementUser and Groups ProvisioningUser and Groups ManagementEntitlements ManagementXACML 2.0/3.0 SupportLightweight, Developer Friendly and Easy to DeployManage and Mon 介绍

WSO2 Identity Server 是一个开源的身份认证服务，支持 Information Cards, OpenID 和 XACML

特性：

API for integrating identity management to any application
Multi-factor authentication
Single Sign-On (SSO) via OpenID, SAML2, and Kerberos KDC
SSO bridging between on-premise systems and cloud apps
Credential mapping across different protocols
Auditing via XDAS
Delegation via OAuth 1.0a, OAuth 2.0, and WS-Trust
Federation via OpenID, SAML2, and WS-Trust STS
Integration with Microsoft SharePoint with Passive STS support
Implement REST security with OAuth 2.0 and XACML
XKMS for key storage and distribution
Implement REST security with OpenID Connect
Trusted SAML2 Identity Providers per tenant
Out-of-the-box integration with Google Apps and Salesforce
Customizable login pages for OpenID, OAuth, OpenID Connect, SAML2, and Passive STS

- Web-based application for users, for profile, password, and service providers management
Flexible support for user stores, either built-in LDAP (powered by ApacheDS) or external LDAP, Microsoft Active Directory, Apache Cassandra, or any JDBC database
Flexible profile management for users supporting multiple profiles per user
- Multiple user store support
- Per tenant user stores
Account locking on failed user attempts
Password validation/expiration policies
Account recovery with email and secret questions

Role based access control (RBAC)
Attribute or claim based access control via XACML, WS-Trust, OpenID, and claim management
Fine-grained policy based access control via XACML
Advanced entitlement auditing and management
Entitlement management for any REST or SOAP calls

User-friendly interface for policy editing
Multiple Policy Information Point (PIP) support
TryIt tool for exploring policy impact
Policy distribution to various Policy Decision Points (PDPs)
Policy decision and attribute caching
High performance network protocol (over Apache Thrift) for PEP/PDP interaction
Notifications of policy updates
Policy Administration Point (PAP) to manage multiple Policy Decision Points (PDP)
Customizable policy administration UI

Complete SOAP API for integrating/embedding into any application or system
Pluggable workflows for privileged operations
Extensibility for pluggable authenticators, alternative user stores, XACML/SAML extension points, and more
Clustering for high available deployment
Choice of deployment to on-premise servers, private cloud, or managed cloud, without configuration changes
Integrated to WSO2 Enterprise Service Bus for authorization and all WSO2 Carbon products for authentication

Comprehensive management and monitoring Web console with enterprise-level security and SAML2 SSO
Built-in collection and monitoring of standard access and performance statistics
JMX MBeans for key metrics monitoring and management
Integrates with WSO2 Business Activity Monitor for operational audit and KPI monitoring and management
Flexible logging support with integration to enterprise logging systems
Centralized configuration management across different deployment environments with life cycles and versioning with integration to WSO2 Governance Registry