Using WSO2 for Authentication and Authorization for web based Enterprise Applications

0
votes

We want to use WSO2 as IAM framwork for our Internal and external applications.

We have below 3 main requirements.

  1. WSO2 should be able to Authenticate user using LDAP (Active Directory for Internal Employees ) or other data source for external users.

  2. We want to configure API access level in WSO2 example : ROLE based Authorization (or Policy based ) where we can configure who can access which web API with Http verb.

  3. We should be able dynamically add/update/delete users , update Authorization policies/ roles through WSO2 API.

Please let me know if this is out of box supported in community edition or we have to buy any licenses for the same.

Note: I have installed the server and playing around as well.

1
wso2wso2is

1 Answers

0
votes

Yes these requirements are possible with WSO2 IS (Product stack)

  1. You can easily plug an existing LDAP user store to WSO2 IS. (https://docs.wso2.com/display/IS530/Configuring+a+Read-write+LDAP+User+Store)
  2. I am not 100% clear about what you are asking here. But if you are talking about IS APIs (Which specified in point number 3) you can do them solely with IS by little customization or else you can use WSO2 ESB with entitlement mediator to add XACML policies.
  3. There are SOAP admin services(Non standard but able to update authorization polices etc) and REST services. (Standard SCIM 2.0 for user operations) https://docs.wso2.com/display/IS530/Calling+Admin+Services https://docs.wso2.com/display/IS530/SCIM+1.1+APIs