[Download] | [Documentation Home] | [ Release Note]

WSO2 Identity Server, v3.2.0 Administrator's Guide

This document provides information and instructions on the functionality of the Management Console of WSO2 Identity Server.

Your feedback on WSO2 Identity Server is most appreciated. Please send them to our mailing lists.

Content

Login to Admin Console

Download and install Identity Server as in here.


Point your browser to https://host:port/carbon. If you haven't changed the default settings then you should be able to login to https://localhost:9443/carbon using user name "admin" and password "admin".

Entitlement

Policies

This allows to define, import and evaluate entitlement policies defined in XACML 2.0. Following feature are supported with this release

  • Create XACML policy using basic or advance policy creation wizards
  • Edit XACML policy using advance UI view or XML view
  • Activate or De-Activate existing XACML policy
  • Import existing XACML policy from file system or from registry
  • Evaluate XACML policies
  • Create basic XACML requests for Evaluation
  • Clear decision cache

External References:

Configure Identity Server

User Management

WSO2 Identity Server works out of the box with the default internal user store.

Also we can configure Identity Server to work with external user stores via Active Directory, LDAP and JDBC.


Please refer User Manager Admin Guide

Claim Management

The Claim Management component of the Identity Server enables to map a set of attributes from the underlying user store to a set of defined claims

The Claim Management component of the WSO2 Carbon enables to map a set of attributes from the underlying user store to a set of defined claims

The underlying user store can be either the external user store or the internal user store.

A set of claims are identified as a dialect.

  • http://wso2.org/claims : Default dialect for WSO2 Carbon
  • http://schemas.xmlsoap.org/ws/2005/05/identity : Default dialect for Information Cards
  • http://axschema.org : Default dialect for OpenID Attribute EXchange
  • http://schema.openid.net/2007/05/claims : Default dialect for OpenID Simple Registration

Profile Management

The Profile Configuration Management component of the Identity Server allows to add/modify and delete profile configuration. The profile configuration controls how user's empty claim values behave in his profile. If a Claim in a user's profile is not given a value explicitly, then it is given a value based on the following configuration.

  • Inherited - This means retrieve the value of the corresponding claim in the default profile and use it. This is the default behavior.
  • Overridden - Leave the empty value as it is, don't try to retrieve it from anywhere else.
  • Hidden - Hide this claim in the profile.

Key Stores

Key store management manages the keys that are stored in a database. A Key store must contain a key pair with a certificate signed by a trusted Certification Authority (CA). The WSO2 Carbon uses the JKS type private key called WSO2 Carbon.

XKMS

WSO2 Carbon ships with an in built XKMS trust web service which is being built on top of XKMS specification and consists of 5 services which can be used to simplify key management

  • Register service
  • Locate service
  • Validate service
  • Revoke service
  • Recover service
  • Reissue service

Logging

This shows the existing Log4j configuration. And it also allows you to modify existing configuration. You can either modify the global Log4j configuration, an Appender or a Logger. If you select Persist all Configurations Changes check box, all the modifications will be persisted and they will be available even after a server restart.

Manage Identity Server

OAuth

WSO2 Identity Server supports 2-legged OAuth

Cards Issuer

The Information Cards issuer component of the Identity Server enables to configure cards issuer settings

  • Card Name: Display name of the downloaded Information Card
  • Valid Period: Valid period of an issued card in number of days
  • Supporting Token Types: Tokens types being supported
  • Symmetric binding used: Specifies whether to use symmetric binding or not

Security Token Service

The Security Token Service component of the Identity Server to configure the generic STS to issue claim based security tokens


External References:

Shutdown/Restart

You can use the Shutdown/Restart feature to shutdown and restart the server.

The machine can be shutdown gracefully or forcefully.

The available options are:

  • Graceful shutdown
  • Forced shutdown
  • Graceful Restart
  • Immediate Restart

SAML SSO

WSO2 Identity Server supports SAML 2.0 based Single Sign-on.

Registry

Browse

This component can be used to browse the resources stored in the Registry.

Search

All resources found in the Registry, can be searched through this interface. Search could be refined by optionally providing, resource name, created date range, updated date range, tags, comments, property name, property value and the content

Monitor

System Statistics

This shows some statistics related to the WSO2 Data Services instance. They include free memory, request count, server name, server start time, system up time, active services, total memory, average response time, minimum response time and maximum response time.

System Logs

This displays all the system logs. You can also search for a particular log using the Search Logs feature.