4

I need to implement an Identity Server for our org and have been trying to get my head around the various options available. Requirement are

  1. Single IdP, to which other IdPs can link and provide authentication/authorization. Eg, connect to ADFS of another organization or a forms auth database of another org via endpoint?
  2. Single Sign On (SSO) to users accessing the system
  3. Should work across organizations - allow other organizations to access restricted resource by trusting their IdPs and tokens issued by them
  4. Have user and role management via a UI

I have narrowed down on the below three

  1. Shibboleth - this I understand is SAML 2.0 based only, does not spports JWTs, so might not work with all clients. Not sure if this can link to other providers, like ADFS and get tokens from there
  2. WSO2- This supports both SAML and JWT. Can link to other providers for federation
  3. Thinktecture IdentityServer 3.0 - the newest kid in the block, developed as a Katana middleware and highly configurable via code.

Can you tell me which one would be more suitable, pros/cons of each with regards to the requirements? Are there any specific differences that I need to consider (other than first two being OOTB solutions and 3rd one being a nuget package to be configured in code)?

sppc42
  • 2,994
  • 2
  • 31
  • 49

1 Answers1

1

What you have to choose is depend on what you have to implement and how faster you have to implement. My answer might be little bit bias. I think WSO2 Identity Server is the best product that you can use in your scenario as to your requirements. I can give you simple example.

Shibboleth doesn't support JWT so as you mentioned might not work with all the clients. Thinktecture IS is in it's early ages and need lots of knowledge to configure. But if you look at WSO2 IS, it is matured product which uses by many people and has active updates and version releases and powered by the very powerful middleware WSO2Carbon. If you just checkout the product page here you can see the features available. It's the complete list of features that an identity provider must have. Also it is very easy to use as it has a administrator management user interface to carry out all functionalities including user and role management. If you read through documentation you will be able to use product easily without any hard work. Rest of all the requirements you mentioned available in WSO2 IS.

I think that will be enough for you to decide which product you need to use to implement your solution.

Nipuna Marcus
  • 213
  • 1
  • 6