Being WSO2 a piece of our architecture, I proposed to test its identity and access management.

IAM Essentials:

  • Handing of new accounts. Create multiple user accounts and give them access to the application.
  • Roles and permissions. Set different levels of permissions for each user.
  • APIs Security. Manage the organization’s data, including users exchanging their username and password or reminding them which IdP they chose.
  • Integration. With a third-party authentication provider if necessary.
  • Scalability. Different actions, resources, conditions… etc.

Install the IS:

The first step is to install and configure properly WSO2 Identity Server.

Doing a recap:

  1. Download and install Oracle JDK 8.
  2. Download and install WSO2 Identity Server (Linux).
  3. Run the script on Linux located inside /bin subdirectory.

Create the app:

We will create the application to integrate OAuth 2.0 standard protocol for authorization. I used Spring Security and the ClientRegistration object for that.

Here the client:

public class OAuth2Config {

    private SoyouRegistrationProperties soyou;    

    public ClientRegistrationRepository clientRegistrationRepository() {
        return new InMemoryClientRegistrationRepository(getRegistration());

    private ClientRegistration getRegistration() {

        return ClientRegistration

Now let’s deploy the application.