This documentation is for WSO2 Identity Server 5.0.0. View documentation for the latest release.
Page Comparison - Working with the Identity Provider (v.4 vs v.5) - Identity Server 5.0.0 - WSO2 Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3
Warning

This page is under construction.

An Identity Provider (IdP) is responsible for issuing identification information and authenticating users by using security tokens like SAML 2.0. This is a favourable alternative to explicitly authenticating a user within a security realm.

WS-Federation (Web Services Federation) describes the management and brokering of trust relationships and security token exchange across Web services and organizational boundaries. WS-Federation is a part of the larger WS-Security framework. For example, WS-Federation builds on the Security Token Service (STS) by providing mechanisms that facilitate interactions. In the WS-Federation Model an Identity Provider is a Security Token Service (STS). Service Providers depend on an Identity Provider or Security Token Service to do the user authentication. OAuth is an important protocol for IdP services as most major Web services are also identity providers, mainly through the use of OAuth. These Web services include Google, Facebook, Yahoo, AOL, Microsoft, PayPal, MySpace, and Flickr among many more. Furthermore, all major email providers offer OAuth IdP services.

In perimeter authentication, a user needs to be authenticated only once (single sign-on) and a security token is sent as a result. This is processed by an Identity Assertion Provider for each system it needs to access.