Open in app

Sign in

Write

Sign in

Adaptive Authentication using WSO2 IS 5.10

Balakrishnan Sathiyakugan
3 min readApr 5, 2020

There have been about 3800 data breaches reported, which is 50% or greater increase over the last four year. Last year organizations spent 89 billion dollars on security and breaches still rose by 44 per cent. Stolen credentials give criminals the key to your data kingdom. Once attackers have your credentials, they penetrate, establish their foothold, escalate their privileges, move laterally in your network and steal your data endpoint. Network security can’t stop these attacks, Only identity security can. But the interesting story is from 89 billion spent on security last year less than 10% went to identity security.

Nowadays Organizations are using two-factor authentication(2fa) and single sign-on to solve the identity security crisis but attackers keep finding new ways to defeat security tools. Passwords and 2fa are no longer enough in the meantime extra steps can be inconvenient for users, Criminals can socially engineer the answers to security questions or hack mobile accounts and tokens can be compromised. Ensuring security without impacting usability at the time of authentication is the key factor. Only one solution offers comprehensive identity security which is adaptive access management. Following article is mainly focused on the WSO2 IS Adaptive Authentication.

Adaptive authentication is a way that two-factor authentication or multi-factor authentication can be configured and deployed. The factors that are used for validation can depend on the risk probability associated with the particular user access request. This enables adjusting the authentication strength based on the context at hand.

Adaptive Authentication with WSO2 Identity Server

The WSO2 IS management console provides an authentication script editor that allows you to define authentication scripts using JavaScript. The script editor provides a set of predefined templates that you can use to easily set up adaptive authentication for some of the most common authentication scenarios.

The scripts can be defined based on User attributes, User behaviour, Level of assurance of the access request, Risk analysis statistics and Machine learning algorithms. Further, It allows you to define dynamic authentication sequences such as Control the authentication step selection, Change user attributes, Send email notifications, Redirect users to an error page etc.

Try this link which guides you through using pre-defined templates for common adaptive authentication use cases.

Script Libraries in WSO2 IS

WSO2 Identity Server enables changing the authentication flow based on conditions in JavaScript. For this, each service provider needs to have its own set of Javascript functions. If the identity admin needs to have the same function for several service providers, the same JavaScript function needs to be duplicated. As a result, the process of managing authentication scripts gets difficult.

For example, A function which derives Age from Date of birth needed in many service providers,

you can add that just 3 steps

1. Sign in to into the Management Console
2. On the Main menu, click Manage > Function Libraries > Add.
3. Fill in the Function Library Name, provide a brief description and write the Function Library Script for the function library.

This is where Script Libraries are playing a major role by supporting a set of function libraries that can be imported in authentication scripts. Each function library contains a set of functions. These function libraries can be added, deleted, edited, imported, and exported via the WSO2 Identity Server Management Console.

Recent releases(5.10) supports Restful APIs for adding, retrieving, updating, and deleting script libraries in WSO2 Identity Server. WSO2’s adaptive access management the strongest way to protect your organization and stop credential-based attacks. Try Download the latest version and strengthen your security today.

Hope now you have some understanding of Adaptive authentication.

Happy Blogging !!!

References :

https://is.docs.wso2.com/en/5.9.0/learn/adaptive-authentication-with-function-library/
https://wso2.com/blogs/thesource/wso2-identity-server-5-10-0-is-here/
https://is.docs.wso2.com/en/5.10.0/develop/script-library-rest-api/

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Adaptive Authentication
Auth
Identity
Identity Management
Security

Balakrishnan Sathiyakugan
Balakrishnan Sathiyakugan

Written by Balakrishnan Sathiyakugan

93 Followers
63 Following

Microsoft Certified Azure Data Engineer & Data Scientist | Google CodeU | Patent Holder | Data Analytics

No responses yet

Write a response

What are your thoughts?

More from Balakrishnan Sathiyakugan

See all from Balakrishnan Sathiyakugan

Recommended from Medium

Lists

Stories to Help You Live Better

22 stories3716 saves

First Personal

20 stories2033 saves

Staff picks

826 stories1649 saves
See more recommendations

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams