Currently I am working on a single sign on middleware application and I am confused with identity server and LDAP. I got to know LDAP is used for identity provisioning means it contains user records but I am not able to understand the purpose of identity servers.
I have searched on google but I am able to see different identity server products but I am not able to find what exactly isa identity server.
Can anybody any resource or can anybody explain.
Thanks, Nikhil Agrawal
tl;dr: an identity server is a system or set of technologies that can be used for identity management. Capabilities generally expected of such a system include:
- Access governance system
- Identity and access management system
- Entitlement management system
- User provisioning system
A good starting point to understanding it is the Wikipedia article on Identity Management.
This defines Identity Management as:
Identity management (IdM) is the task of controlling information about users on computers.
An identity server is more correctly referred to as a Identity Management System.
Under this heading (and as listed in the Solutions), LDAP is a Directory Service (i.e. a repository of identity information).
Identity Management Services are typically expected to be more than that, notably providing something along the lines of RBAC - i.e. not just identity, by access/authorisation, and delegation.
That being said - and as noted in the article on Identity Management Systems:
In general, electronic IdM can be said to cover the management of any form of digital identities.
Which I suspect is the basic answer you need - although it is worth noting that
identity management itself falls under the umbrella of IT security
While I am not sure that last element is of particular relevance to you, it is worth noting that such systems are always almost security sensitive.
So, an identity management system - i.e. an identity server (which may be part, or the totality, of the IdM - is a system matching the following description:
one can consider identity management as the management of information (as held in a directory) that represents items identified in real life (e.g. users, organizations, devices, services, etc
In relation to LDAP - LDAP can be configured as an Identity Management System, or to be the backing repository of a broader IdM system (for example, LDAP can provide the information to SAML or Shibboleth).
So LDAP is just a specific implementation of an IdM system:
The design of such systems requires explicit information and identity engineering tasks
It is also an implementation of one of the original IdM approaches, X.500.
