San Francisco, 21 February 2017. During the WSO2 conference USA 2017, where Yenlo as premier partner of WSO2 is one of the silver sponsors, WSO2 announced their new version of the WSO2 Identity and Access Management Server (WSO2 Identity Server or WSO2 IS) solution. This new version is full of new features and important enhancements. Read all about these new features in WSO2 Identity Server 5.3 in this post.
So, what’s new in the WSO2 Identity Server 5.3 (WS02 IS) latest version?
Identity Management of User
- Restful interface for account password recovery and notifications
- HTML support for email templates, template internalization and dynamic properties for email templates
- Password reset via admin
- Password history validation (ability to keep a record of user’s past passwords)
- Google re-captcha support for single sign on, password recovery flow and self sign up
- Account suspension reminders and locking idle accounts
- Brute force attack prevention:
- Locking the user account after a certain number of failed attempts, for a period of time
- Using Re-Captcha after a certain number of failed attempts
- Account locking in single and multi-tenant environments
Login session monitoring and termination
WS02 IS 5.3.0 now supports monitoring user sessions and authentication activities via alerts, and manual termination of user sessions for better security. The next step is to integrate this monitoring stream with your analytic server to implement real-time complex event processing even on your login flow.
Rule based provisioning
WSO2 IS 5.3.0 has the ability to adopt provision flow based rules that can be based on events (user, IdP, SP) information as well as environment (time, region) factors.
Engaging access control policies in the authentication flow
A great new feature is the possibility to apply an access control policy during the execution of the authentication flow. In this way you can really apply fine-grained access control policies each time your user logs in. It allows you to configure and enforce XACML policies for access control in the authentication flow.
Prompt for missing predefined attributes in the authentication flow
If you are missing (mandatory) predefined attributes, the authentication flow will now provide you a prompt message to add the missing information after all. A cool feature to protect your login dialog procedure.
Integrated Windows Authentication for Linux and External Kerberos
We were waiting for a long time for this feature. It was already possible to use windows authentication with kerberos tokens on Linux, but it always was a hard task to implement. You can read more about how to at kerberos windows authentication with the previous version of WSO2 identity server in this post.
OAuth 2.0 and Open ID connect enhancements
Also on low level a few enchancements were made on the open ID part which already was a part of the WSO2 IS solution. Enchancements in this version:
- Open ID Connect Dynamic Client Registration
- OAuth 2.0 Token Introspection
- Open ID Connect Discovery support
REST profile of XACML
WSO2 IS now adopts REST profile for XACML and JSON Profile of XACML specifications, which breaks the barrier of integrating with the WSO2 IS XACML engine (PDP) from restful applications (PEPs).
SAML 2.0 Enhancements
Enchancements in this version around the SAML token access:
- Support for SAML 2.0 Metadata Profile
- SAML 2.0 Assertion Query/Request Profile
Security Analytics
WSO2 IS now provides security alerts that give insight into current login sessions and notifies in real time if there are any suspicious login activities and abnormal sessions.
WSO2 Identity Cloud
With the launch of the new WSO2 Identity Server, WSO2 also starts with the implementation of a full Cloud strategy whereby next to the existing API Cloud, Integration Cloud now also an Identity Cloud will be provided. Customers can run their Identity Management fully from the Cloud easliy in a full scalable and managed Cloud environment. More details on the WSO2 Cloud Strategy will follow soon.
Is that it?
For this release it is. As you can see, many new cool features which improves this WSO2 IS product a lot. The WSO2 team will continue add more features to the already rich IAM solution of WSO2. More to come this year or early next year I guess. Read here all announcements made during the WSO2Con US 2017.