Reputation: 211
Replace custom authentication by WSO2 Identity Server?
Just want to get the idea if I am looking into the right direction. We have the simple PHP application which do authenticate users by their name and password. So we do just md5 (of password) comparison. I am looking if we can replace this custom authentication by WSO Identity Server? But I am stuck in the terminology :( I were able to run WSO2 Identity Server. But what to do next? How to solve our simple task? Should I create Service Provide or Identity Provider ? Or should I use Resident one? Moreover how should I configure them?
- Configure Claims (Do I need this?)
- Configure just-in-time provisioning (Do I need this?)
- Configure outbound provisioning connectors (Do I need this?)
Upvotes: 1
Views: 947
Answers (4)
Reputation: 1337
I have used SAML since 2014 in the company that I work, WSO2-IDP(SAML) is a great security protocol when you have many systems in your environment. (if you have just one system) I think that you dont need to use SAML. You can keep with the simple autenticantion.
Another characteristic SAML is a protocol that will be used by human, if you need integrate with another systems maybe you should use another protocol like oauth2.
With a WSO2-IDP in your environment you will get more one element to be managed.
To configure SAML with PHP https://docs.wso2.com/display/IS500/SAML2+IdP+with+SimpleSAMLphp+Service+Provider
To configure you app on WSO2-IDP
- Register a new service provider
- If you need to create rules based on your URLs and permissions, first you need do add a new entitlement policy.
- After your rules created you will publish your rules.
Upvotes: 1
Reputation: 464
Since your client web application is PHP, you can integrate a well known PHP SAML framework like SimpleSAMLPHP with your client. Then you can integrate the client application with Identity Server. I have written a blog post [1] on working with SimpleSAMLPHP and WSO2 Identity Server. You can refer it and get the idea.
[1] http://tharindue.blogspot.com/2015/05/setting-up-wso2-identity-server-as.html
Upvotes: 1
Reputation: 779
You can use WSO2 IS to authenticate users for your web application. Since you authenticate users by username and password, the best solution is to deploy WSO2 IS over your user store of the application. And then given that your web application supports SAML2 SSO , you can register your web application at WSO2 IS as a Service Provider. WSO2 IS will act as the Identity Provider here. The following documentation will help you to achieve your scenario.
Web Application side modification examples :-
http://wso2.com/library/articles/2010/07/saml2-web-browser-based-sso-wso2-identity-server/
Configuring user stores :-
https://docs.wso2.com/display/IS500/Working+with+User+Stores
Registering the Service Provider :-
https://docs.wso2.com/display/IS500/Working+with+the+Service+Provider
Upvotes: 1
Reputation: 457
WSO2 IS supports SSO through SAML or OpenID Connect. You need first enable your PHP application to support SAML or OpenID Connect. If done you need to configure a service provider with a corresponding inbound protocol at Identity Server.
Upvotes: 0
Related Questions
- WSO2 IS Custom authenticator with property files
- How to perform WSO2 user authentication
- How to create custom authentication in wso2 identity server 5.3
- WSO2 single sign on with Identity Server
- WSO2 Identity Server Authentication
- WSO2 Identity Server - Customize SAMLSSOAuthenticator
- Customized OAUTH2.0 with WSO2 API Manager
- WSO2 identity server api
- How to login in WSO2 solutions using Identity Server
- wso2 identity: how to implement and use custom authenticator?