You can customize the WSO2 SOA Enablement Server for Java security framework in several ways. For example, you can reuse existing databases of identities (Active Directory, LDAP databases, SQL databases), enforce custom authorization policy or change the criteria by which certificates are trusted.

To make the WSO2 SOA Enablement Server security framework extensible, there is an API that covers authentication, authorization, management of key material and user attributes. To meet your special security requirements, you need to configure providers for each particular security part. These providers can be overseen as extension modules in which you realize your requirements. The following sections focus on provider configuration. You can also implement your own provider by creating a custom API implementation.