Over a million developers have joined DZone.

WSO2 Identity Server 5.0.0: Resident Identity Provider & Resident Service Provider

DZone's Guide to

WSO2 Identity Server 5.0.0: Resident Identity Provider & Resident Service Provider

· IoT Zone ·
Free Resource

WSO2 is the only open source vendor to be named a leader in The Forrester Wave™: API Management Solutions, Q4 2018 Report. Download the report now or try out our product for free.

The WSO2 Identity Server 5.0.0 takes the identity management into a new direction. No more there will be federation silos or spaghetti identity anti-patterns. The authentication framework we introduced in IS 5.0.0 powers this all. Along with the authentication framework, we absorbed the concept of service providers and identity providers into the core Identity Server architecture.

WSO2 Identity Server (IS) can mediate authentication requests between service providers and identity providers, at the same time WSO2 IS itself acts as a service provider and an identity provider. When it acts as a service provider - that is known as the resident service provider - and when it acts as an identity provider - that is known as the resident identity provider.

What does IS do as the resident service provider?

Currently the only occasion IS acts as the resident service provider is while adding users to the system. You can enable provisioning configurations against the resident service provider. Say for example, if you try to add users to the system via the SCIM API and authenticate to it using HTTP basic authentication, then the system will read the provisioning configurations from the resident service provider. (If the user authenticates to the SCIM API with OAuth credentials, then the system will load the configuration corresponding to the service provider who owns the OAuth client id).

At the same time if you want to configure outbound provisioning for any user management operation done via the Management Console, SOAP API  or the SCIM API, then also you need to configure out bound provisioning identity providers against the resident service provider. That means, based on the outbound configuration, users added from the Management Console, will also be provisioned to external systems like Salesforce and Google Apps.

What does IS do as the resident identity provider?

If you are a service provider and wants to send an authentication request or a provisioning request to the Identity Server (say, via SAML, OpenID, OpenID Connect, SCIM, WS-Trust) -  what matters for you is the resident identity provider configuration.

Resident identity provider configuration is a one time configuration for a given tenant. It basically shows you the identity server's metadata - like the endpoints. Later we plan to make this configuration available as a downloadable metadata file. In addition to the metadata, if you want to secure the WS-Trust endpoint with a security policy - this where you have to do that too.

IAM is now more than a security project. It’s an enabler for an integration agile enterprise. If you’re currently evaluating an identity solution or exploring IAM, join this webinar.


Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}