Considering a Customer IAM Provider to Enhance your WSO2 API Manager?

Why WSO2 Identity Server fits the bill well?

Introduction

It is true that WSO2 API Manager [1] can integrate with most Customer IAM (CIAM) vendors out there in the market, with efforts ranging from integrating using standard endpoints and messages with no-code configurations, to writing Java plug-ins to integrate with non-standard endpoints and messages. Among these options you have The WSO2 Identity Server [2] which is one of the most advanced CIAM products in the market that is targeted for organizations that are embracing a developer-first culture. It is secure, scalable, API-driven, extensible and uniquely customizable to meet every organizations’ challenging business needs in a dynamic application landscape. You don’t have to take my word for it. Find what Forrester analysts have to say about WSO2 Identity Server’s CIAM capabilities [3]. What’s more? The WSO2 Identity Server is also released under the same license as WSO2 API Manager — Apache 2.0: the most business friendly open source license.

Single Sign-on for API Portals

In terms of single sign-on for API portals, all CIAM vendors are more or less on par because, WSO2 API Manager supports standard OpenID Connect based integration for its portals [4].

However, beyond this integration is where the WSO2 Identity Server capabilities outshine its competitors. Refer to my story on “WSO2 API Key Manager vs. WSO2 Identity Server” [5], where I highlight some of the key capabilities of the WSO2 Identity Server.

WSO2 Identity Server vs. 3rd Party OAuth 2.0 Authorization Server

In terms of the integration of WSO2 API Manager with WSO2 Identity Server vs. a 3rd party authorization server for the OAuth 2.0 functionality, the WSO2 Identity Server download comes pretty much ready to plug-and-play. There are few jars and webapps to be copied and configurations to be made, and you are done. However, if you want to integrate a 3rd party authorization server, then there is a requirement to implement some custom connectors [6,7]. While WSO2 officially supports a set of connectors already for selected IAM vendors, developing a new connector for a new IAM vendor could take around 2 weeks for a WSO2 API Manager product expert and at least a month for someone who is new to the product.

Unique capabilities to WSO2 API Manager and WSO2 Identity Server Solutions

1. One-time-tokens for OAuth 2.0
2. CSRF protection for OAuth 2.0 access tokens in single page applications (SPA).

Having a different API Management solution?

What if you have a different API Management solution than WSO2 API Manager? Is WSO2 Identity Server still a viable and good option to be used as the IAM provider?

WSO2 Identity Server is one of the most advanced API-driven CIAM products in the market, that is compliant with most identity related API standards in the industry and also provides out-of-the-box Rest APIs for the capabilities that are not catered by standard APIs. You don’t have to take my word for it. Find what Kuppinger Cole analysts have to say about WSO2 Identity Server’s Identity APIs [8].

References

[1] https://wso2.com/api-management/

[2] https://wso2.com/identity-and-access-management/

[3] https://wso2.com/resources/analyst-reports/the-forrester-wave-customer-identity-and-access-management-q4-2020/

[4] https://medium.com/@johann_nallathamby/identity-federation-for-wso2-api-manager-e434b53c8f7c

[5] https://johann-nallathamby.medium.com/wso2-api-km-vs-is-km-d6354972df8c

[6] https://apim.docs.wso2.com/en/latest/install-and-setup/setup/distributed-deployment/configure-a-third-party-key-manager/

[7] https://apim.docs.wso2.com/en/latest/develop/extending-api-manager/extending-key-management/extending-the-key-manager-interface/

[8] https://wso2.com/resources/analyst-reports/kuppingercole-identity-api-platforms-2019/