WSO2 Integration
WSO2 Identity Server 7.1
Passwordless Auth, Adaptive Authentication, B2B CIAM & App-Native Identity
6 Weeks
Intermediate – Advanced
GHS 950
Course Overview
WSO2 Identity Server 7.1 is a modern, open-source Customer Identity and Access Management (CIAM) platform purpose-built for both B2C and B2B scenarios. Version 7.1 introduces first-class support for passwordless authentication (FIDO2/passkeys), adaptive authentication policies, App-Native Authentication API, and organisation hierarchies for multi-tenant B2B portals.
This programme follows the official IS71DF (Developer Fundamentals) and IS71DA (Developer Advanced) certification tracks, combining protocol theory, hands-on lab exercises, and real-world scenario walkthroughs to prepare participants for IS 7.1 certification.
Learning Outcomes
- Register and configure web, mobile, and single-page applications in IS 7.1
- Configure OAuth 2.0 (PKCE, PAR, DPoP), OpenID Connect, and SAML 2.0 flows
- Implement passwordless login: FIDO2/passkeys, magic links, and TOTP
- Build adaptive authentication policies using Ballerina-based conditional scripts
- Set up enterprise SSO with social IdPs, SAML federations, and OIDC providers
- Manage organisations, roles, and permissions for B2B CIAM portals
- Use the App-Native Authentication API for headless login flows
- Manage users with SCIM 2.0 and configure secondary user stores
- Prepare for and pass the IS71DF and IS71DA certification examinations
Curriculum
IS71DFDeveloper Fundamentals — Sessions 1–4
- WSO2 Identity Server 7.1 architecture: runtime, console, and deployment model
- Application types: web (OIDC), single-page app (PKCE), mobile (native), M2M (client credentials)
- OAuth 2.0 flows in depth: Authorization Code + PKCE, Implicit (deprecated), Client Credentials, Refresh Token
- Modern OAuth 2.0 extensions: PAR (Pushed Authorization Requests), DPoP token binding
- OpenID Connect: ID token anatomy, UserInfo endpoint, discovery, dynamic client registration
- SAML 2.0: SP-initiated and IdP-initiated SSO, attribute statements, metadata exchange
- Hands-on: Register a React SPA with PKCE; validate tokens with Postman
- Passwordless authentication: FIDO2/WebAuthn passkeys, hardware security keys
- Magic link login and email OTP flows
- TOTP (Google Authenticator-compatible) and SMS OTP second factors
- Social login federation: Google, Microsoft, Facebook, GitHub as external IdPs
- Adaptive authentication: conditional scripts (Ballerina), risk signals
- Step-up authentication policies: require MFA on high-risk requests
- Self-service portal: user password recovery, profile management, session management
- Hands-on: Deploy a passwordless app with passkeys + step-up TOTP for admins
IS71DADeveloper Advanced — Sessions 5–6
- Organisation model: root organisation, sub-organisations, shared applications
- Role-based access control (RBAC) across organisation hierarchies
- B2B self-service: organisation discovery, admin-delegated user management
- App-Native Authentication API: headless login flows without browser redirects
- Token exchange (RFC 8693): impersonation and delegation patterns
- M2M authentication: client credentials with fine-grained scopes and audience
- Consent management and data privacy: GDPR-aligned consent receipts
- SCIM 2.0 API: bulk user provisioning, enterprise schema extensions
- Hands-on: Build a multi-tenant SaaS portal with organisation-scoped access
- Custom extension points: authentication handlers, post-authentication handlers
- Event listeners and custom claims providers
- Custom UI theming: My Account portal and login page branding
- Keystore management, TLS configuration, and secret rotation
- High availability deployment: active-active clustering, shared database
- Docker and Kubernetes deployment with WSO2 Helm charts
- Monitoring: IS logs, audit logs, and analytics dashboard
- Certification examination preparation: IS71DF + IS71DA mock exams
Assessments & Grading
| Assessment | Type | Weight |
|---|---|---|
| Lab Exercises (Sessions 1–4) | Hands-on identity configuration labs | 25% |
| Passwordless App Project | End-to-end passkey + MFA scenario | 25% |
| B2B Portal Lab | Organisation hierarchy + SCIM provisioning | 20% |
| Certification Mock Exams | IS71DF + IS71DA practice papers | 30% |
Software Used
- WSO2 Identity Server 7.1.0
- WSO2 Management Console & My Account Portal
- Postman (token flows & SCIM 2.0 API)
- Docker & Rancher Desktop
- Sample SPA & Mobile app (React Native)
Prerequisites
- Understanding of authentication and authorisation concepts
- Familiarity with REST APIs and HTTP basics
- Basic knowledge of OAuth 2.0 or OpenID Connect is helpful
- Java or scripting familiarity (for Advanced extension sessions)
Before You Begin
Free Practice Environment
WSO2 products require at least 4 GB RAM — 8 GB recommended. Three free options that meet this requirement.
Important: WSO2 will not run on a device with less than 4 GB RAM available.
If your laptop has 4 GB total, use Oracle Cloud or GitHub Codespaces.
Related Courses
Who Should Attend
- Security engineers implementing enterprise IAM and CIAM solutions
- Developers integrating OAuth 2.0, OIDC, and SAML 2.0 into applications
- Architects designing SSO, identity federation, and B2B portals
- Anyone seeking WSO2 Identity Server 7.1 certification