Future of IAM

Image by https://lifars.com/2020/03/zero-trust-security-report-2019/

Identity Security

This focuses on securing individual identities throughout the cycle of accessing critical assets.

Nowadays Identity Security is a very crucial thing to consider as the trend is more towards cloud-based solutions, not on-premise ones. With the multi-cloud solutions and the worldwide pandemic situation, the users (employees, customers, partners) access the applications from different locations and different devices. So with the thousands of entry points, the network perimeter becomes more open to the cyber attackers as the attackers keep innovating. Cyber-attacks often happen by initiating the initial compromise and then executing the full attack. …


Controlling our own identity by ourselves

What is Self Sovereign Identity?

In the physical world, we use different types of techniques to prove our identity on different occasions. For example, we use a driving license, national identity card, or passport to prove our identity to certain parties in different scenarios. In the digital world, we can’t use those paper-based methods to prove our identity. Hence usually we use other ways like passwords, biometrics, or even hardware devices to prove our identity. Even though we can prove our identity using one of the above mechanisms, we don’t have a decentralized identity there. In such scenarios, we…


Multi-Factor Authentication

First of all, what is ‘Authentication’? Simply ‘Authentication’ is the process of distinctly identifying a certain entity. As the name implies the Multi-Factor Authentication is to use multiple factors to identify a certain entity.

Those factors can be categorized as ;

  • Knowledge factor
  • Ownership factor
  • Inherence factor

Knowledge Factor

The knowledge factor is some hidden information that the user knows. This can be a password, username, answer to a security question, PIN or an address. The user should be responsible for not exposing this information to the outside. …


Future of IAM

Conventional identity management deals with two types of accounts. They are ,

  • User accounts
  • Privileged Accounts

User accounts have a limited set of privileges to access different resources. Some examples are online shopping accounts, social media accounts and many more. Those resources are protected using an authentication mechanism such as passwords tokens, biometric method, etc.

Privileged accounts are not merely user accounts, but they provide administrative or specialized levels of access based on higher levels of permissions. These accounts are used in organizations to run the business effectively and maintain sensitive data. …


User On-boarding

What is User On-boarding in IAM

User on-boarding is a very broad topic, first of all let’s check what’s the wikipedia definition for user on-boarding

User on-boarding is the process of improving a person’s success with a product or service. This term is often used in reference to software products, and it can be done in a manual or automated way.

When a new employee is hired or when an employee is leaving the company, it is a big process to include or exclude him to the organization. I have listed few tasks that need to be carried out when a new employee is hired.

  • Add…


Future of SCIM2

Charon is a greek mythology that wikipedia says,

Charon is the ferryman of Hades who carries souls of the newly deceased across the rivers Styx and Acheron that divided the world of the living from the world of the dead

When it comes with the context WSO2 and SCIM2, Charon is an open source library, which implemented SCIM protocol which is an open standard for Identity Provisioning.

  • Implements SCIM protocol.
  • Fully open source, so the community can contribute to it.
  • Contains extension points
  • Spec compliance

Charon library is made from main 4 component


WSO2 IAM Team

Summer Release: WSO2 Identity Server is the latest success story of WSO2 Identity and Access Management team. After a marathon effort we are glad to release v5.8.0 with few new features, major improvements and some bug fixes

What is new?

So far WSO2 Identity Server supported OIDC Session Management as the OIDC logout mechanism. From v5.8.0 onwards it supports for OIDC Backchannel logout as well.

OpenID Connect Backchannel logout is a mechanism by which Relying Party (RP) applications are logged out with logout requests communicated directly between RPs and OpenID Providers (OP) bypassing the User Agent. …


This is the first blog of Provisioning Blog series with WSO2 Identity Server.

User Provisioning

User Provisioning is an important aspect of the Identity Federation. In simple terms, user provisioning in IAM is to create, update or delete a user account from the system and manage users by providing them access to the resources.

Provisioning APIs are required to manage users in a remote system. For example, Identity Server can be used to manage users and groups. An organization can have an administrative portal which requires to communicate with the Identity Server to manage the users and groups.

So the provisioning APIs…


Usually when objects are no longer used by an application those object should be garbage collected. But if these objects are still referenced, then the garbage collector can not remove these objects from the working memory. Further there are some objects stay in the memory through out the life of the application (Ex: static variables). So such applications consume more and more memory and it leads to OOM issues.

In wso2 I have few experiences analyzing memory leaks in some production systems. The possibility of having memory leaks in a production system is bit high as those systems run longer…


How to use Mutual TLS with client id and client secret In wso2 IS 5.5.0

This authenticator has the same architecture as the mutual authenticator, https://docs.wso2.com/display/IS550/Mutual+TLS+for+OAuth+Clients.

The only difference is we need to pass the client secret as an query param in the token request. In order to consume the request we need to follow the steps as below. 1. Verify whether the org.wso2.carbon.identity.oauth2.token.handler.clientauth.tlswithidsecret-1.0.7.jar exists in <IS_Home/repository/components/dropins 2. To enable this feature put following configurations in identity.xml which is located in <IS_HOME>/repository/conf/identity

<EventListener type=”org.wso2.carbon.identity.core.handler.AbstractIdentityHandler” name=”org.wso2.carbon.identity.oauth2.token.handler.clientauth.tlswithidsecret.MutualTLSWithIdSecretAuthenticator” orderId=”200" enable=”true”>

3. In order to get a successful authentication, the certificate which is imported…

Associate Technical Lead @ WSO2

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store