Anton Sidorov homepage

Bookmark this to keep an eye on my project updates!

Follow me on GitHub

IAM WSO2 Identity Server

Реализация функции Identity and Access Management (IAM) решений.

Фичи

  • [Custom Flow](https://is.docs.wso2.com/en/latest/references/concepts/authentication/adaptive-authentication/
  • RBAC, ABAC

arch arch

Плюсы-Минусы

Плюсы

  • Open Source

Минусы

  • Зависимость от БД - узкое место
    • Остался только Redis, который хранит сессии аутентификации и выданные в них JWT и refresh-токены.
    • ВТБ опыт

Compare

Vs Keycloak

  • WSO2 Identity Server allows you to configure as many data sources as you wish. Also it can mix and match various data sources such as JDBC, LDAP, Active Directory or even another WSO2 Identity Server instance for persistence. So, WSO2 Identity Server allows you to configure multiple data sources and multiple user stores (domains) whereas in Keycloak, you are limited to a single data source and a single user store.
  • WSO2 Identity Server allows you to do that in a more flexible way. With WSO2 Identity Server, you can configure external identity providers per-application whereas in Keycloak, per-application IdP binding is not supported.
  • Multi Tenant App: WSO2 Identity Server calls them “tenants” and Keycloak calls them “realms”.
  • WSO2 Identity Server allows you to generate OTPs and send them over on e-mail or SMS, which Keycloak does not support out of the box.
  • Identity Federation
    • Identity federation is about relying on another identity provider for authenticating your users. This enables things like social log in, where users can log in to applications via Facebook or Twitter or from some other platform.
  • Identity Provisioning
    • In simple terms, identity provisioning means creating users on-the-fly as they are authenticated. And it comes in two variations;
      • inbound provisioning - means you create users locally while they are authenticated externally
      • and outbound provisioning - means you create users elsewhere while they are authenticated locally. Keycloak only supports the first variation; inbound user provisioning. With WSO2 Identity Server, you get both inbound and outbound user provisioning capabilities. Also, per-application user provisioning is another feature that is supported only by WSO2 Identity Server.

Vs Gluu