Replace custom authentication by WSO2 Identity Server?

Question

Just want to get the idea if I am looking into the right direction. We have the simple PHP application which do authenticate users by their name and password. So we do just md5 (of password) comparison. I am looking if we can replace this custom authentication by WSO Identity Server? But I am stuck in the terminology :( I were able to run WSO2 Identity Server. But what to do next? How to solve our simple task? Should I create Service Provide or Identity Provider ? Or should I use Resident one? Moreover how should I configure them?

• Configure Claims (Do I need this?)
• Configure just-in-time provisioning (Do I need this?)
• Configure outbound provisioning connectors (Do I need this?)

Answer 1

You can use WSO2 IS to authenticate users for your web application. Since you authenticate users by username and password, the best solution is to deploy WSO2 IS over your user store of the application. And then given that your web application supports SAML2 SSO , you can register your web application at WSO2 IS as a Service Provider. WSO2 IS will act as the Identity Provider here. The following documentation will help you to achieve your scenario.

Web Application side modification examples :-

http://wso2.com/library/articles/2010/07/saml2-web-browser-based-sso-wso2-identity-server/

Configuring user stores :-

https://docs.wso2.com/display/IS500/Working+with+User+Stores

Registering the Service Provider :-

https://docs.wso2.com/display/IS500/Working+with+the+Service+Provider

Answer 2

Since your client web application is PHP, you can integrate a well known PHP SAML framework like SimpleSAMLPHP with your client. Then you can integrate the client application with Identity Server. I have written a blog post [1] on working with SimpleSAMLPHP and WSO2 Identity Server. You can refer it and get the idea.

[1] http://tharindue.blogspot.com/2015/05/setting-up-wso2-identity-server-as.html

Answer 3

I have used SAML since 2014 in the company that I work, WSO2-IDP(SAML) is a great security protocol when you have many systems in your environment. ( if you have just one system ) I think that you dont need to use SAML. You can keep with the simple autenticantion.

Another characteristic SAML is a protocol that will be used by human, if you need integrate with another systems maybe you should use another protocol like oauth2.

With a WSO2-IDP in your environment you will get more one element to be managed.

To configure SAML with PHP https://docs.wso2.com/display/IS500/SAML2+IdP+with+SimpleSAMLphp+Service+Provider

To configure you app on WSO2-IDP

1. Register a new service provider
2. If you need to create rules based on your URLs and permissions, first you need do add a new entitlement policy.
3. After your rules created you will publish your rules.

Answer 4

WSO2 IS supports SSO through SAML or OpenID Connect. You need first enable your PHP application to support SAML or OpenID Connect. If done you need to configure a service provider with a corresponding inbound protocol at Identity Server.