This is the first blog of the series discussing the internet and cyber attacks. According to Wikipedia, an attack is any attempt to expose, alter, disable, destroy, steal, or gain unauthorized access to or make unauthorized use of an asset. A cyber attack is an attack launched from one or more computers against another computer, multiple computers, or networks.

Top Ranking Internet Attacks

This is the first time I participated in the Internet Identity Workshop and It was an amazing workshop. The event was held in the Computer History Museum, Mountain View, Califonia. This is a 3 days workshop and IIW has been finding, probing and solving identity issues twice every year since 2005.

This is a well planned, but participant-driven Unconference meeting. The name Unconference may not be familiar. It starts every day without a pre-defined agenda. After having breakfast, the first task of the day is to create the agenda. The event has a unique format, everyone sitting in a circle…

Introduction

The purpose of this blog is to explain the high-level architecture of the WSO2 Identity Server. WSO2 Identity Server supports almost all the standard authentication and provisioning protocols such as OpenId Connect, SAML, SCIM by default.

This blog post explains the component architecture and the flow/sequence of authentication and provisioning happens.

Main components of the WSO2 Identity Server can be categorized as bellow.

• Inbound Authentication
• Authentication Framework
• Provisioning Framework
• Local Authenticators
• Federated Authenticators

Following sections describe more details and capabilities about each of the above sections.

Inbound Authentication

When an application sends an authentication request to the Identity Server, the inbound authentication…

The purpose of this blog is to explain what user account suspension, the use cases of this feature and how it is implemented in WSO2 Identity Server.

Some organizations support self user registration capability for the end users. In such cases, there is a possibility that some users may register to the system, but they don’t use the system.

In scenarios like that, there is no need to have such kind of inactive user account in the organization’s POV. If the users are no longer using the system, these users should be either treated as invective or should be deleted.

…

In order to support better security, password policies are enforced by organizations. Following are such kind of policies

• Password Patterns
• Password History validation.
• Password expiry validation.

The purpose of this blog is to explain what password expiry validation is, the use cases of it and the implementation.

Use cases of Password Expiration.

Due to human nature, people tend to use the same password as long as they can. Changing the password regularly is a good practice in terms of security. An attacker might obtain the password and use it. Changing the password regularly can minimize the risk of password leakage.

The purpose of the password…

The purpose of this blog is to explain what the admin initiated password reset feature is, use cases of this feature and how it is implemented in WSO2 identity server.

What is ‘Admin initiated Password reset’ feature?

There are some cases where privileged users want to force to change the passwords of end users.

So, the ‘Admin initiated Password reset’ is a feature which supports in WSO2 Identity Server to force users to change their passwords.

Refer to here for more details about this feature.

What are the uses cases of ‘Admin initiated Password reset feature’?

• A user forgets his/her password and requests to the administrator (customer care officer) for a password reset
• When there is a password…

The purpose of this blog post is to explain what ask password feature is, when this feature should be used, use cases and its implementation.

What is the Ask Password Feature?

There are different ways of creating users into the systems. Users themselves can self-register to the systems, Administrative users can create users to the system.

Ask password flow comes to the category of ‘Administrative users can create users to the system.’

Why the ask password special?

Although the user is created by the administrative user, the actual password of the system is set by the end user.

That means a privileged user creates an account…

The purpose of this blog post is to explain the ways of self-registering users to the Identity Server, security aspects and how it is implemented.

What is Self User Registration?

Some applications allow users to register to the system by themselves. Examples for such applications are social websites such as Facebook, Twitter, LinkedIn, Google and so on.

There are different ways of registering users to the system. As you know, nowadays, users can register to the applications by authenticating with a trusted Identity Provider. Then the Identity provider sends an authenticated assertion with user attributes back to the application and application can provision users automatically…