The WSO2 Identity Server is the ultimate solution for Identity and Authentication solutions for any kind of systems. But we need to know the conceptual knowledge in order to use it properly.

The best ever server which I used in my organization for identity solutions. It provides multiple identity solutions such as OAuth, OpenID, SSO, Provisioning, JIT, Multi-Factor Authentication, Fine-grained access control, SOAP and many more. The most likely feature is that you don't need to do any implementations as it has whatever you need for identity or authentication systems. You can integrate your authentication system with WSO2 identity server by doing some configurations in the GUI itself. For example, if you want OAuth to be implemented for your organization, just provide your callback URL, application name and that's it! It is that simple. It makes developers' life easier.

The major problem I am always having with WSO2 identity software is that they release latest versions of identity server and the java version differs for almost all the versions and hence it hard to find which version is it requiring. Therefore it is a bit hard to make the identity server runs for the first time. Further, to enable some specific feature, we should edit the configuration files in the installation folder of identity server.

I train people in WSO2 Identity Server for all kinds of purposes, from being a IdP (Identity Provider) itself to all kinds of other scenarios including SAML SSO, OpenID Connect and all kinds of Federated Authentication scenerios.

The WSO2 software is based on a common code base called Carbon and is open source so can be inspected, downloaded and changed / extended when needed. There are extention points that will allow skilled Java developers to create custom pieces of code to suit specific needs without changing the source code of the product, simply adding to the software. A number of extentions are in the store.wso2.com like federated authenticators, provisioning connectors and so on that will allow you the extend the product (e.g. bitly for federated authentication) but you can write and add your own. There is support for FIDO (U2F) but also adaptive authentication where script based rules will determine if a added layer of security is needed. There ate new additions in each version like UMA (User Managed Access) that was introduced recently. All in all, a full fledged product with lots of functionality and extensibility. Works with other WSO2 Products as well.

The product is a complex product for people to understand. As a WSO2 trainer i know that this is the most difficult product to master. The current version (on Carbon 4.x.x) has a large number of config files that govern the product and allow you to tailor the product to your configuration. However, due to this and the fact that you want / need to keep up with security updates and quarterly releases (not to mention product support where you can create new updates using WSO2 Update Manager) you need to invest time in creating Ansible scripts to automate the deployment part (i.e. configuring new releases to match current settings). As with ANY software product, having great documentation is key to getting the most out of the product in a reasonable amount of time. This is of course part of WSO2's task but everyone can help to improve it.

We have overall good experience but it has a huge learning curve. This impacts our time to market very greatly. The solutions are there to be built upon, but the approach to solution is quite tricky and sometimes really confusing. The security aspects require a more fine-tuning than what is currently offered. A better documentation would definitely benefit the WSO2 product line as a whole and not just this product.

Open Source Customizable Enhancable Scalable

Security Documentation Samples and Examples Community Support

On Whirlpool we use some basic functions on Identity Server. It's used on API Cloud, but ,in my opinion, it could become an integrated package that automatically comes on API Cloud. For example, now we can't identify which application is calling our APIs and the calls by usage path. We just can do it using WSO2 EI and integrating it on Grafana. If we had everything on the same page, it ould be much better for us. As the admin on Whirlpool API Cloud, I think Identity server in general is a good tool to be used to guarantee the security of our APIs. We don't use all functions of it, but by seeing many use cases on WSO2 webinars and it benefits, I think we can move all our security to Identity Server and start using SSO.

It's a an open-source tool that has a big community working and discussing about it. WSO2 provides frequently maintenances and updates on it. It removes the need on external tools to keep our environment safe and also provides a better access on APIs that call Whirlpool SAP. It can be used on-premise or on cloud.

Developing and integrating on WSO2 IS needs some technical knowledge and it's not much easy to do without a base. Also it could have a geo-location identifier that automatically guides users to WSO2 servers based on their location. Also it could came integrated with WSO2 API Cloud.

It allows solving the issue of user provisioning, improving access times for a new employee, unique SSO authentication, robust double authentication factor

The product opensource, adapts easily to changes, always incorporates new features, very easy to manage, there is a connector for many applications. the self-service portal is a great help, and adaptive authentication allows you to configure your accesses in a granular way. The support team is excellent

The module of reports is very light, the configuration of the authorization requires expertise, for small installations, the subscription model by processor is a bit expensive