Authentication
What is the Authentication ?
Authentication is a process in which an user’s identity is validated or verified based on the the credentials that the user provides when logging in to an application, service, computer or digital environment. This is important because it enables organizations to keep their networks secure by permitting only authenticated users (or processes) to access its protected resources, which may include computer systems, networks, databases, websites and other network-based applications or services.
Authentication vs Authorization (Access Control)
Once authenticated, an user or process is usually subjected to an authorization process as well, to determine whether the authenticated entity should be permitted access to a protected resource or system. An user can be authenticated but fail to be given access to a resource if that user was not granted permission toHere access it.
The terms authentication and authorization are often used interchangeably while they may often be implemented together the two functions are distinct. While authentication is the process of validating the identity of a registered user before allowing access to the protected resource, authorization is the process of validating that the authenticated user has been granted permission to access the requested resources. The process by which access to those resources is restricted to a certain number of users is called access control. The authentication process always comes before the authorization process.
Authentication Factors
An authentication factor represents some piece of data or attribute that can be used to authenticate a user requesting access to a system.
These three factors correspond to the knowledge factor, the possession factor and the inherence factor. Additional factors have been proposed and put into use in recent years, with location serving in many cases as the fourth factor, and time serving as the fifth factor.
Use case
Lets get a client web portal which is needed to include the user identification and verification to their users. Users are going to store in a database.
Solution without an Identity Provider
Here are the very basic steps that you need to implement the above scenario with the client application itself without integrating any identity provider solution to this.
Implement the login input pages in the web application itself
Design the user database schema and prepare the databases
Implement the database connectivity for user authentication
This is very basic requirement which we want to have in many applications but still most of the developers are trying to implement these key features within the client application itself.
You can see further details by following the bellow sequence diagram. It shows how the communication will be happened with the above solution.
In addition to that, you have to concern about many more things which we will discuss in next few chapters.
Integration with WSO2 Identity Provider
The WSO2 Identity Server is the identity provider and service provider should trust the identity provider in this solution. In this case, service provider will delegate the identification and verification of the user to the identity provider.
There are many public standard security protocols to communicate with the service provider and the identity provider.
SAML (Security Assertion Markup Language)
OpenID Connect (OAuth2)
IWA for windows
To communicate identify the service provider configurations with the identity provider, there should be an unique representation of the service provider in the identity provider.
As in above diagram, the service provider delegates its identity validation and verification to the identity server and expect the identified user information as the result in last.
Here is the sequence of the requests from the end user to the identity server.
Last updated
