We are using WSO2 Identity server for our product. As for as our applications are concerned, we're authenticating the users with the IDS. We now want to integrate with third party product. And we suggested them also to use WSO2 IS for their identity service [auth/auth]
When I send a request to third party application, their application should authenticate our application request and accept the request. Can they add our identity provider as their trusted authentication provider, and that would help the user request getting authenticated against our identity source?
Is this possible? If so, please point me to sample where it is done!
Yes. It can be done in different ways. As an example, Your 3rd party application is a liferay, You can use WSO2IS as openid provider. Because liferay allows to login to it portal using openid. Else your 3rd party application supports for SAML2 sso, WSO2IS can be used as SAML2 SSO provider. If 3rd party app, is IIS hosted application, you can use Passive-STS.
Also, if 3rd party application does not support any common standard, there may be extensions that can be used to extent their authentication mechanism. If that case, you can write extension to 3rd party application, to call WSO2IS API. Because all APIs are web service APIs.
You can find more detail of integration
[1] OPENID : http://www.soasecurity.org/2010/08/sign-up-with-openid-providered-by.html [2] SSO : http://tanyamadurapperuma.blogspot.com/2013/09/configure-wso2-identity-server-saml2.html