WSO2 Identity Server 5.3.0 has added a number of new features that were requested for by its users and which are critical for any product in the identity and access management (IAM) space. After a redesign of the identity management framework, a host of new account and password management features were introduced. Now it also supports a host of new IAM protocols including SAML2 single sign-on (SSO) metadata, SAML2 Assertion Query/ Request Profile, the complete OpenID Connect protocol suite and REST Profile for XACML 3.0 among others.
What’s more, WSO2 Identity Server 5.3.0 now performs real-time analytics that monitors the identity ecosystem and alerts you when abnormal sessions or suspicious logins occur. This aspect of the product also has the ability to terminate sessions to ensure that your enterprise is fully secured.
This webinar will explore
New features and improvements in account and password management
New IAM protocols that are supported
Real-time security alerting capabilities
WSO2 Identity Server 6.0 roadmap
2. Agenda
o What is WSO2 Identity Server
o What’s new with v5.3.0
o Re-engineered account and credential management
oExtended support for open standards
oReal-time security alerting
oWSO2 Identity Server 6.0 roadmap
4. What is WSO2 Identity Server
oCurrently in its 5th generation (5.3.0)
o100% free and open source with commercial
support
oApache 2.0 license
oBased on WSO2 Carbon platform
oJava based platform
oBased on OSGi technology
oComponentized, modular architecture
5. What is WSO2 Identity Server
oIn-built support for multi-tenancy, logging,
clustering, caching, security, etc.
oDeveloper friendly
oComplete web service APIs for integrating or
embedding into any application or system
oPluggable, extensible and themable
oUser friendly with minimal learning curve
oLightweight and high performance
6. What is WSO2 Identity Server
oDeployment flexibility
oContainer friendly deployment
oClustering for high availability deployment
oOn-premise, private cloud, or managed cloud
7. Key Capabilities
oEnterprise and Cloud SSO and Federation
oStrong authentication
oIdentity Governance and Administration
oEntitlements and Access Control
9. What’s new with v5.3.0
o37 new features and major improvements..!!
oFocused on three major areas
oRe-designed account and credential management
and providing more OOTB solutions
oExtended support for open standards and make
integration smoother
oReal-time security alerting and improved monitoring
10. All new account and password management
oNew architecture
oEvent based
oFull multi-tenancy support inherited from the design
oHighly extensible: easy to implement custom use
cases
oEasy to reuse
oRestful APIs for account and credential
management scenarios
oOut of the box UIs for self-signup with email
verification and account recovery scenarios
11. All new account and credential management
oImprovements in email templates
oAdd and manage any number of templates
oHTML templating
oInternationalization
oUser claim placeholders
oMore notification connectors by integrating with CEP
output adaptor engine (JMS, Kafka, SMS,
Websocket, MQTT, Thrift, etc.)
12. All new account and credential management
oChallenge question internationalization
oBrute force prevention framework
oGoogle reCaptcha as default implementation
oIntegrated in Login, Self Registration and Recovery
flows
13. All new account and credential management
oMore account and credential policies
oUser password history validation
oAccount expiry and automatic login reminder
oAdmin Initiated Password Reset
oMore email confirmation scenarios
14. Demo I :
All new account and credential
management
15. Extended support for open standards
oOAuthOpenID Connect
oOpenID Connect Discovery
oOpenID Connect Dynamic Client Registration
oOAuth 2.0 Form Post Response Mode
oOAuth 2.0 Token Introspection
Ref : http://openid.net/connect/
16. Extended support for open standards
oSAML 2.0
oSAML 2.0 Metadata Profile
oSAML 2.0 Assertion Query/Request Profile
oJSON/REST profile of XACML
oAttribute query improvements for SCIM 1.1
oSCIM 2.0 (Coming Soon)
oAs a connector in IS connector store
ohttps://store.wso2.com/store/assets/isconnector/list
17. More capabilities for smoother integration
oAbility to engage access control policies during
the authentication flow
o Ex: Allow login for corporate applications only during office
hours or when it access through internal network
oAbility plug any rule engine
oXACML based default implementation
oTemplated policies to cover common use cases
oAbility to define more fine grained policies
oPolicy based provisioning
oSame capabilities as the above
18. More capabilities for smoother integration
oPrompt for missing predefined user attributes in
the authentication flow
oAbility to revoke and regenerate client secret in
OAuth 2.0 apps
oIWA authentication with WSO2 IS on Linux and
external Kerberos/NTLM Server
19. What is WSO2 Identity Server
A Free and Open Source Identity &
Access Management Server
20. More capabilities for smoother integration
oImprovements to Claim Management
oGeneric extensible AuthenticationAuthorization
Mechanism for REST APIs
22. New security analytics capabilities
oIntroducing real-time security alerting
oAlerts on suspicious login activities
oAlerts on abnormal user sessions
oMonitor logged in user sessions
oManually terminate user sessions
25. IS 6.0.0 Roadmap
o Migrating to C5 platform
o Moving away from SOAP based product APIs to Restful product APIs
o No more Axis2
o Carbon 5 Kernel with Netty transport - no more Tomcat with Servlet
transport
o Native containerization support with Docker
o Container based multi-tenancy
o JAAS based authentication and authorization
o First class support for user groups
o Support for hierarchical groups and hierarchical roles
o Separation of identity store, credential store and authorization store
o Introduction of the concept of user domain - allows a single user to
be virtually constructed from multiple identity stores
26. IS 6.0.0 Roadmap
o SCIM 2.0 based user/group management APIs
o Introducing an immutable ID for users and groups which will allow
to rename users, groups and roles.
o Remove Carbon management console and move that functionality
into the new Admin Portal and User Portal based on the various
roles played in the organization
o JavaScript based extension mechanism to customize certain
aspects of the product
27. IS 6.0.0 Roadmap
o Introduction of "Security Circles"
o Circle of configuration - Applying configuration in bulk fashion
to multiple service providers at the same time.
o Circle of Sessions - Maintain a logged-in session per user per
group of service providers. Single Sign-on and Single Logout
will happen only within that group for the particular user.
o Introduction of the concept of claim dialect inheritance
o Introduction of the concept of attribute profiles
o Support for delegated administration
o Fraud detection
o Tooling support for development of IS artifacts such as service
providers, identity providers, XACML policies, etc.
o Deployment automation tools