WSO2 Identity Server

• Content
• Home

Downloads

• Releases

Documentation

• Installation Guide
• Adminstrator Guide
• Identity Server in Production Environment
• User Guide
• External References

Get Involved

• Mailing Lists

Project Information

• Project Team
• Issue Tracking
• License

Welcome to WSO2 Identity Server v2.0.2!

[Download] | [Documentation Home] | [Release Note]

WSO2 Identity Server, v2.0.2 Administrator's Guide

This document provides information and instructions on the functionality of the Management Console of WSO2 Identity Server.

Your feedback on WSO2 Identity Server is most appreciated. Please send them to our mailing lists.

Content

Login to Admin Console

Download and install Identity Server as in here.

Point your browser to https://host:port/carbon. If you haven't changed the default settings then you should be able to login to https://localhost:9443/carbon using user name "admin" and password "admin".

Entitlement

Policies

This allows to define, import and evaluate entitlement policies defined in XACML 2.0.

External References:

• Identity Server 2.0.2 as an XACML engine
• Adding fine-grained authorization for proxy services in WSO2 ESB

Configure Identity Server

User Management

WSO2 Identity Server works out of the box with the default internal user store. Also we can configure Identity Server to work with external user stores via Active Directory, LDAP and JDBC.

External References:

• Connecting WSO2 Identity Server to an LDAP based User Store
• Connecting WSO2 Identity Server to a JDBC external User Store
• Setting up Apache Directory Studio as the LDAP User Store
• How to use Active Directory with WSO2 Carbon Based Products

Claim Management

The Claim Management component of the Identity Server enables to map a set of attributes from the underlying user store to a set of defined claims The Claim Management component of the WSO2 Carbon enables to map a set of attributes from the underlying user store to a set of defined claims The underlying user store can be either the external user store or the internal user store. A set of claims are identified as a dialect.

• http://wso2.org/claims : Default dialect for WSO2 Carbon
• http://schemas.xmlsoap.org/ws/2005/05/identity : Default dialect for Information Cards
• http://axschema.org : Default dialect for OpenID Attribute EXchange
• http://schema.openid.net/2007/05/claims : Default dialect for OpenID Simple Registration

Profile Management

The Profile Configuration Management component of the Identity Server allows to add/modify and delete profile configuration. The profile configuration controls how user's empty claim values behave in his profile. If a Claim in a user's profile is not given a value explicitly, then it is given a value based on the following configuration.

• Inherited - This means retrieve the value of the corresponding claim in the default profile and use it. This is the default behavior.
• Overridden - Leave the empty value as it is, don't try to retrieve it from anywhere else.
• Hidden - Hide this claim in the profile.

Key Stores

Key store management manages the keys that are stored in a database. A Key store must contain a key pair with a certificate signed by a trusted Certification Authority (CA). The WSO2 Carbon uses the JKS type private key called WSO2 Carbon.

XKMS

WSO2 Carbon ships with an in built XKMS trust web service which is being built on top of XKMS specification and consists of 5 services which can be used to simplify key management

• Register service
• Locate service
• Validate service
• Revoke service
• Recover service
• Reissue service

Logging

This shows the existing Log4j configuration. And it also allows you to modify existing configuration. You can either modify the global Log4j configuration, an Appender or a Logger. If you select Persist all Configurations Changes check box, all the modifications will be persisted and they will be available even after a server restart.

Manage Identity Server

Cards Issuer

The Information Cards issuer component of the Identity Server enables to configure cards issuer settings

• Card Name: Display name of the downloaded Information Card
• Valid Period: Valid period of an issued card in number of days
• Supporting Token Types: Tokens types being supported
• Symmetric binding used: Specifies whether to use symmetric binding or not

Security Token Service

The Security Token Service component of the Identity Server to configure the generic STS to issue claim based security tokens

External References:

• Security Token Service with WSO2 Identity Server 2.0.2
• WSO2 Identity Server + Claim aware proxy services with ESB
• Extending WSO2 Identity Server 2.0.2 to handle custom SAML assertions

Shutdown/Restart

You can use the Shutdown/Restart feature to shutdown and restart the server. The machine can be shutdown gracefully or forcefully. The available options are:

• Graceful shutdown
• Forced shutdown
• Graceful Restart
• Immediate Restart

Registry

Browse

This component can be used to browse the resources stored in the Registry.

Search

All resources found in the Registry, can be searched through this interface. Search could be refined by optionally providing, resource name, created date range, updated date range, tags, comments, property name, property value and the content

Monitor

System Statistics

This shows some statistics related to the WSO2 Data Services instance. They include free memory, request count, server name, server start time, system up time, active services, total memory, average response time, minimum response time and maximum response time.

System Logs

This displays all the system logs. You can also search for a particular log using the Search Logs feature.