WSO2 Identity Server

Question

Is there a way to simple validate username and password with WSO2 Identity Server from remote application?

My scenario:

1. Client sends username:password to Server
2. Server validate it in WSO2 IS
3. Server creates session for Client.

So how to do simple validation of username and password without logging in into WSO2 IS?

Answer 1

If the user is an external entitity to your application, ideally your application should not gain access to that user's credentials. This should passed to the Identiy Server itself without proxying the credentials through your application.

Further, if you want the Identity Server to maintain an SSO (Single Sign On) session for your user, you might want to use a standerdized authentication (SSO) protocol like OpenIdConnect with WSO2 to cater both the aobve mentioned reasons.

By doing so, your users will redirected to the WSO2 server's authentication endpoiint's login window (thorugh the browser of course) for login. (Rather than providing the credentials to your application's login) Also, if you have any other applications that are also registerd with WSO2 IS as a service provider application, and the user tries to authenticate to that application as well from the same browser, WSO2 will notice there is an already created session for this user from this browser using the attached cookies and authenticate that user without asking for their credentials back.

WSO2 OpenIdConnect

Answer 2

You can try the AuthenticationAdmin API of the WSO2 Identity Server - https://[hostname]:9443/services/RemoteUserStoreManagerService?wsdl

Use the authenticate method, it will return true or false for the authentication event. Remember this is an admin service, so you need to be authenticated to consume this service.