Replacing WSO2 Identity Server with WSO2 API Manager

Question

I am implementing Authentication and Authorization with wso2-apim and wso2-is since there are some duplicate features between is and apim I think that would be good to omit is and use apim instead to support my Authentication needs. Is it a good idea?

Answer 1

Let me first explain the relationship between APIM and IS. All the WSO2 products has the same kernel. How they differ is from the features which are installed on top of this kernel.

If we take the APIM it has the specific features such as api gateway, key manager and couple of applications (publisher and store). If we take the IS it has many identity related features such as identity federation, oauth, SSO, xacml etc.

I believe your deployment will be a distributed deployment which is more api management centric. In such a deployment, you normally have api publisher/store, key manager and gateway separated. All these three roles are played by the same product. But, if you also have some authentication/authorization related requirements and if you believe these requirements can expand in the future, its better to use the Identity server in the deployment.

When doing so, what you need to do is, install the token management feature of APIM to Identity Server. This is being used by many users. Refer the below document. https://docs.wso2.com/display/AM1100/Configuring+WSO2+Identity+Server+as+the+Key+Manager