Hi IAM Team, One of the problems we've heard from a number of customers, especially in support is, WSO2 IS implements its own identity management functionality, irrespective of the standard attributes that are defined in Active Directory (AD). This problem is specific to users who are using AD and expect to see a consistent state of the user in both WSO2 IS and AD. This is important because there can be many other applications also connecting to the same AD.
Some of these common identity management features I've seen that are supported by both WSO2 IS and AD are (there are more which we have to search): 1. Account status 2. Account expiry 3. Invalid password attempts 4. Invalid password time 5. Password age 6. Password complexity policies 7. Last logon time Even right now the WSO2 identity management implementation has the ability to store the identity management data either internally in the database or in the external user store, which will be AD if it is connected as the user store. Certain features might even work without any incompatibility issues. But AFAIU the main problem for most of the features that don't work seamlessly will be the data format that is used to store in AD and the data format expected by WSO2 IS. So what I am suggesting is to have an extension that can work in concert with AD attributes so that a consistent view of the user is seen across all applications in the environment. The work would primarily involve researching into AD attributes and making sure we map one-to-one in terms of the claims and the data formats are consistent. I am talking only about AD, because generalizing the implementation for all LDAPs could be hard. But this might also be something to do some research and find. Thanks & Regards, Johann. -- *Johann Dilantha Nallathamby* Senior Lead Solutions Engineer WSO2, Inc. lean.enterprise.middleware Mobile: *+94 77 7776950* LinkedIn: *http://www.linkedin.com/in/johann-nallathamby <http://www.linkedin.com/in/johann-nallathamby>* Medium: *https://medium.com/@johann_nallathamby <https://medium.com/@johann_nallathamby>* Twitter: *@dj_nallaa*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
