堆栈内存溢出
  简体   繁体   English

用WSO2 Identity Server替换自定义身份验证?

[英]Replace custom authentication by WSO2 Identity Server?

 原文  2014-07-23 13:39:47       authentication/ wso2/ wso2is

问题描述

Just want to get the idea if I am looking into the right direction. 如果我正在寻找正确的方向,只想获得想法。 We have the simple PHP application which do authenticate users by their name and password. 我们有一个简单的PHP应用程序,它通过名称和密码对用户进行身份验证。 So we do just md5 (of password) comparison. 所以我们只做md5(密码)比较。 I am looking if we can replace this custom authentication by WSO Identity Server? 我想看看我们是否可以用WSO Identity Server替换这个自定义身份验证? But I am stuck in the terminology :( I were able to run WSO2 Identity Server. But what to do next? How to solve our simple task? Should I create Service Provide or Identity Provider ? Or should I use Resident one? Moreover how should I configure them? 但我被困在术语中:(我能够运行WSO2身份服务器。但接下来该怎么做?如何解决我们的简单任务?我应该创建服务 提供商还是身份提供商 ?还是应该使用常驻服务 提供商 ?还应该怎么做?我配置它们?

  • Configure Claims (Do I need this?) 配置声明(我需要吗?)
  • Configure just-in-time provisioning (Do I need this?) 配置即时配置(我需要这个吗?)
  • Configure outbound provisioning connectors (Do I need this?) 配置出站配置连接器(我需要吗?)

4 个解决方案

解决方案1
 1  2014-10-06 05:08:04

You can use WSO2 IS to authenticate users for your web application. 您可以使用WSO2 IS对Web应用程序的用户进行身份验证。 Since you authenticate users by username and password, the best solution is to deploy WSO2 IS over your user store of the application. 由于您通过用户名和密码对用户进行身份验证,因此最佳解决方案是在应用程序的用户存储上部署WSO2 IS。 And then given that your web application supports SAML2 SSO , you can register your web application at WSO2 IS as a Service Provider. 然后,假设您的Web应用程序支持SAML2 SSO,您可以在WSO2 IS作为服务提供商注册您的Web应用程序。 WSO2 IS will act as the Identity Provider here. WSO2 IS将在此处充当身份提供者。 The following documentation will help you to achieve your scenario. 以下文档将帮助您实现您的方案。

Web Application side modification examples :- Web应用程序端修改示例: -

http://wso2.com/library/articles/2010/07/saml2-web-browser-based-sso-wso2-identity-server/ http://wso2.com/library/articles/2010/07/saml2-web-browser-based-sso-wso2-identity-server/

Configuring user stores :- 配置用户存储: -

https://docs.wso2.com/display/IS500/Working+with+User+Stores https://docs.wso2.com/display/IS500/Working+with+User+Stores

Registering the Service Provider :- 注册服务提供商: -

https://docs.wso2.com/display/IS500/Working+with+the+Service+Provider https://docs.wso2.com/display/IS500/Working+with+the+Service+Provider

解决方案2
 1  2016-09-20 08:51:22

Since your client web application is PHP, you can integrate a well known PHP SAML framework like SimpleSAMLPHP with your client. 由于您的客户端Web应用程序是PHP,因此您可以将SimpleSAMLPHP等众所周知的PHP SAML框架与您的客户端集成。 Then you can integrate the client application with Identity Server. 然后,您可以将客户端应用程序与Identity Server集成。 I have written a blog post [1] on working with SimpleSAMLPHP and WSO2 Identity Server. 我写了一篇关于使用SimpleSAMLPHP和WSO2 Identity Server的博客文章[1]。 You can refer it and get the idea. 你可以参考它并获得想法。

[1] http://tharindue.blogspot.com/2015/05/setting-up-wso2-identity-server-as.html [1] http://tharindue.blogspot.com/2015/05/setting-up-wso2-identity-server-as.html

解决方案3
 1  2016-09-20 15:00:56

I have used SAML since 2014 in the company that I work, WSO2-IDP(SAML) is a great security protocol when you have many systems in your environment. 自2014年以来,我在我工作的公司使用过SAML,当您的环境中有许多系统时,WSO2-IDP(SAML)是一个很好的安全协议。 ( if you have just one system ) I think that you dont need to use SAML. 如果你只有一个系统 )我认为你不需要使用SAML。 You can keep with the simple autenticantion. 你可以坚持简单的autenticantion。

Another characteristic SAML is a protocol that will be used by human, if you need integrate with another systems maybe you should use another protocol like oauth2. SAML的另一个特征是人类将使用的协议,如果您需要与其他系统集成,您可能应该使用其他协议,如oauth2。

With a WSO2-IDP in your environment you will get more one element to be managed. 在您的环境中使用WSO2-IDP,您将获得更多要管理的元素。

To configure SAML with PHP https://docs.wso2.com/display/IS500/SAML2+IdP+with+SimpleSAMLphp+Service+Provider 使用PHP配置SAML https://docs.wso2.com/display/IS500/SAML2+IdP+with+SimpleSAMLphp+Service+Provider

To configure you app on WSO2-IDP 在WSO2-IDP上配置应用程序

  1. Register a new service provider 注册新的服务提供商
  2. If you need to create rules based on your URLs and permissions, first you need do add a new entitlement policy. 如果您需要根据您的URL和权限创建规则,首先需要添加新的权利策略。
  3. After your rules created you will publish your rules. 创建规则后,您将发布规则。

解决方案4
 0  2014-07-24 09:36:07

WSO2 IS supports SSO through SAML or OpenID Connect. WSO2 IS通过SAML或OpenID Connect支持SSO。 You need first enable your PHP application to support SAML or OpenID Connect. 您首先需要启用PHP应用程序以支持SAML或OpenID Connect。 If done you need to configure a service provider with a corresponding inbound protocol at Identity Server. 完成后,您需要在Identity Server上配置具有相应入站协议的服务提供商。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 WSO2 Identity Server身份验证,返回响应 - WSO2 Identity Server authentication with response in return 使用Kerberos身份验证登录WSO2 Identity Server(IS) - Log in WSO2 Identity Server (IS) with Kerberos authentication 在被动STS WSO2身份服务器中禁用身份验证 - Disabling authentication in Passive STS WSO2 Identity Server WSO2身份服务器未针对租户ldap存储进行身份验证 - WSO2 Identity Server not authentication against tenant ldap store WSO2身份服务器身份验证管理员API身份验证失败 - WSO2 Identity Server AuthenticationAdmin API Authentication Failed 如何销毁WSO2 Identity Server中的身份验证会话? - How to destroy authentication session in WSO2 Identity Server? 在WSO2 Identity Server中处理身份验证请求时出错-NullPointerException - Error when processing the authentication request in WSO2 Identity Server - NullPointerException 如何使用Identity Server WSO2进行Web应用程序的身份验证和授权 - How to use Identity Server WSO2 for authentication and authorization of a web application WSO2 APIM的自定义身份验证 - Custom authentication for WSO2 APIM WSO2身份服务器和同一服务器上的ESB - WSO2 identity server and ESB on same server
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM