Quoting from one of my initial posts on SCIM:
"Today the enterprise IT solutions adopt products and services from multiple cloud providers in order to accomplish various business requirements. Hence it is no longer sufficient to maintain user identities only in corporate LDAP.
In most cases, SaaS providers also need dedicated user accounts created
for the cloud service users, which raises the need of proper identity
provisioning mechanisms to be in place."
Identity Server(IS) 4.0.0 which is a 100% open source Enterprise Identity & Entitlement Management Server, supports the open standard SCIM for identity provisioning as I have mentioned in my previous posts as well.
With this, WSO2 Stratos Live next release will also be supporting SCIM for Identity Provisioning.
This post is about implementing a use case of identity provisioning from on-premise to cloud using Identity Server and Stratos (here, same IS distribution can be used to simulate Stratos IS with multi-tenancy aspects).
Following diagram gives an overview of the deployment:
Use case:
Two organizations called wso2.com and willpower.org have their on-premise enterprise Identity Management Solutions running with Identity Server.
Both these organizations use cloud services offered by WSO2 StratosLive and have created tenants in there.
Now, they want to provision the user account, identity management operations such as creating/deleting users and groups, updating user identity attributes etc which happens in their on-premise Identity Server to the respective tenants they have in StratosLive, as shown in the above diagram.
Implementation:
In this case, Identity Server running inside the organizational boundaries of each organization act as SCIM consumers and the Identity Server as a Service running in StratosLive acts as a SCIM Service Provider.
Each organization can register SCIM provider configurations pointing to their tenant space in SLive, within enterprise IS instances.
Following is a step by step guide for this.
Step1: setup
Download and unzip IS distribution into three different folders (to represent instances at: 1.wso2, 2.willpower, 3.SLive)
Increment Ports->PortOffset element in carbon.xml s.t three instances are running in following ports:
IS of WSO2: 9443
IS of Willpower: 9444
SLive IS: 9445
You can find more details on how to do this step from the step1 of my previous post.
Step 2: creating tenants
Login as admin to the IS instance that simulates Stratos IS in our setup and create two tenants named "wso2.com" and "willpower.com".
Screen shots of the steps shown below:
Step3: registering SCIM providers
Now login to IS instances of WSO2 and WillPower organizations as admin user and register SCIM provider configurations pointing to their respective tenant spaces in SLive IS instance.
For a more detailed guide on how to register SCIM providers, please refer to step3 of my previous post.
Example configurations shown below:
Step 4: testing provisioning
Now you can test creating/deleting/updating users, groups in organizational IS instances and verify that they are provisioned to particular tenant space of each organization in SLive IS instance.
That's it... Thanks..!
"Today the enterprise IT solutions adopt products and services from multiple cloud providers in order to accomplish various business requirements. Hence it is no longer sufficient to maintain user identities only in corporate LDAP.
Identity Server(IS) 4.0.0 which is a 100% open source Enterprise Identity & Entitlement Management Server, supports the open standard SCIM for identity provisioning as I have mentioned in my previous posts as well.
With this, WSO2 Stratos Live next release will also be supporting SCIM for Identity Provisioning.
This post is about implementing a use case of identity provisioning from on-premise to cloud using Identity Server and Stratos (here, same IS distribution can be used to simulate Stratos IS with multi-tenancy aspects).
Following diagram gives an overview of the deployment:
Two organizations called wso2.com and willpower.org have their on-premise enterprise Identity Management Solutions running with Identity Server.
Both these organizations use cloud services offered by WSO2 StratosLive and have created tenants in there.
Now, they want to provision the user account, identity management operations such as creating/deleting users and groups, updating user identity attributes etc which happens in their on-premise Identity Server to the respective tenants they have in StratosLive, as shown in the above diagram.
Implementation:
In this case, Identity Server running inside the organizational boundaries of each organization act as SCIM consumers and the Identity Server as a Service running in StratosLive acts as a SCIM Service Provider.
Each organization can register SCIM provider configurations pointing to their tenant space in SLive, within enterprise IS instances.
Following is a step by step guide for this.
Step1: setup
Download and unzip IS distribution into three different folders (to represent instances at: 1.wso2, 2.willpower, 3.SLive)
Increment Ports->PortOffset element in carbon.xml s.t three instances are running in following ports:
IS of WSO2: 9443
IS of Willpower: 9444
SLive IS: 9445
You can find more details on how to do this step from the step1 of my previous post.
Step 2: creating tenants
Login as admin to the IS instance that simulates Stratos IS in our setup and create two tenants named "wso2.com" and "willpower.com".
Screen shots of the steps shown below:
Step3: registering SCIM providers
Now login to IS instances of WSO2 and WillPower organizations as admin user and register SCIM provider configurations pointing to their respective tenant spaces in SLive IS instance.
For a more detailed guide on how to register SCIM providers, please refer to step3 of my previous post.
Example configurations shown below:
Step 4: testing provisioning
Now you can test creating/deleting/updating users, groups in organizational IS instances and verify that they are provisioned to particular tenant space of each organization in SLive IS instance.
That's it... Thanks..!
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.