WSO2 Identity Server 5.0.0: Resident Identity Provider & Resident Service Provider
Join the DZone community and get the full member experience.Join For Free
The WSO2 Identity Server 5.0.0 takes the identity management into a new direction. No more there will be federation silos or spaghetti identity anti-patterns.
The authentication framework
we introduced in IS 5.0.0 powers this all. Along with the
authentication framework, we absorbed the concept of service providers
and identity providers into the core Identity Server architecture.
WSO2 Identity Server (IS) can mediate authentication requests between service providers and identity providers, at the same time WSO2 IS itself acts as a service provider and an identity provider. When it acts as a service provider - that is known as the resident service provider - and when it acts as an identity provider - that is known as the resident identity provider.
What does IS do as the resident service provider?
Currently the only occasion IS acts as the resident service provider is while adding users to the system. You can enable provisioning configurations against the resident service provider. Say for example, if you try to add users to the system via the SCIM API and authenticate to it using HTTP basic authentication, then the system will read the provisioning configurations from the resident service provider. (If the user authenticates to the SCIM API with OAuth credentials, then the system will load the configuration corresponding to the service provider who owns the OAuth client id).
At the same time if you want to configure outbound provisioning for any user management operation done via the Management Console, SOAP API or the SCIM API, then also you need to configure out bound provisioning identity providers against the resident service provider. That means, based on the outbound configuration, users added from the Management Console, will also be provisioned to external systems like Salesforce and Google Apps.
If you are a service provider and wants to send an authentication request or a provisioning request to the Identity Server (say, via SAML, OpenID, OpenID Connect, SCIM, WS-Trust) - what matters for you is the resident identity provider configuration.
Published at DZone with permission of Prabath Siriwardena, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.