wso2 identity server 5.3.0 - product release webinar

Johann NallathambyTechnical Lead

Darshana GunawardanaAssociate Technical Lead

WSO2 Identity Server 5.3.0WSO2 Product Release Webinar

Agenda

o What is WSO2 Identity Servero What’s new with v5.3.0

o Re-engineered account and credential managementoExtended support for open standardsoReal-time security alerting

oWSO2 Identity Server 6.0 roadmap

What is WSO2 Identity Server


oCurrently in its 5th generation (5.3.0)o100% free and open source with commercial

supportoApache 2.0 licenseoBased on WSO2 Carbon platformoJava based platformoBased on OSGi technologyoComponentized, modular architecture


oIn-built support for multi-tenancy, logging, clustering, caching, security, etc.

oDeveloper friendlyoComplete web service APIs for integrating or

embedding into any application or systemoPluggable, extensible and themableoUser friendly with minimal learning curveoLightweight and high performance


oDeployment flexibilityoContainer friendly deploymentoClustering for high availability deploymentoOn-premise, private cloud, or managed cloud

Key Capabilities

oEnterprise and Cloud SSO and FederationoStrong authenticationoIdentity Governance and AdministrationoEntitlements and Access Control

What’s new with v5.3.0

What’s new with v5.3.0

o37 new features and major improvements..!!

oFocused on three major areasoRe-designed account and credential management

and providing more OOTB solutionsoExtended support for open standards and make

integration smootheroReal-time security alerting and improved monitoring

All new account and password management

oNew architectureoEvent basedoFull multi-tenancy support inherited from the designoHighly extensible: easy to implement custom use

casesoEasy to reuse

oRestful APIs for account and credential management scenarios

oOut of the box UIs for self-signup with email verification and account recovery scenarios

All new account and credential management

oImprovements in email templatesoAdd and manage any number of templatesoHTML templatingo InternationalizationoUser claim placeholdersoMore notification connectors by integrating with CEP

output adaptor engine (JMS, Kafka, SMS, Websocket, MQTT, Thrift, etc.)


oChallenge question internationalizationoBrute force prevention framework

oGoogle reCaptcha as default implementationo Integrated in Login, Self Registration and Recovery

flows


oMore account and credential policiesoUser password history validationoAccount expiry and automatic login reminderoAdmin Initiated Password ResetoMore email confirmation scenarios

Demo I :All new account and credential

management

Extended support for open standards oOAuth\OpenID Connect

oOpenID Connect DiscoveryoOpenID Connect Dynamic Client RegistrationoOAuth 2.0 Form Post Response ModeoOAuth 2.0 Token Introspection

Ref : http://openid.net/connect/

http://openid.net/connect/

Extended support for open standards

oSAML 2.0oSAML 2.0 Metadata ProfileoSAML 2.0 Assertion Query/Request Profile

oJSON/REST profile of XACMLoAttribute query improvements for SCIM 1.1

oSCIM 2.0 (Coming Soon)oAs a connector in IS connector storeohttps://store.wso2.com/store/assets/isconnector/list

https://store.wso2.com/store/assets/isconnector/list

More capabilities for smoother integration

oAbility to engage access control policies during the authentication flow

o Ex: Allow login for corporate applications only during office hours or when it access through internal network

oAbility plug any rule engineoXACML based default implementationoTemplated policies to cover common use casesoAbility to define more fine grained policies

oPolicy based provisioningoSame capabilities as the above


oPrompt for missing predefined user attributes in the authentication flow

oAbility to revoke and regenerate client secret in OAuth 2.0 apps

oIWA authentication with WSO2 IS on Linux and external Kerberos/NTLM Server


A Free and Open Source Identity &Access Management Server


oImprovements to Claim ManagementoGeneric extensible Authentication\Authorization

Mechanism for REST APIs

Demo II :New capabilities for smoother integration

New security analytics capabilities

oIntroducing real-time security alertingoAlerts on suspicious login activitiesoAlerts on abnormal user sessions

oMonitor logged in user sessionsoManually terminate user sessions

Demo III :New security analytics capabilities

WSO2 Identity Server 6.0 roadmap

IS 6.0.0 Roadmapo Migrating to C5 platform

o Moving away from SOAP based product APIs to Restful product APIso No more Axis2o Carbon 5 Kernel with Netty transport - no more Tomcat with Servlet

transporto Native containerization support with Dockero Container based multi-tenancyo JAAS based authentication and authorization

o First class support for user groupso Support for hierarchical groups and hierarchical roleso Separation of identity store, credential store and authorization storeo Introduction of the concept of user domain - allows a single user to

be virtually constructed from multiple identity stores

IS 6.0.0 Roadmap

o SCIM 2.0 based user/group management APIso Introducing an immutable ID for users and groups which will allow

to rename users, groups and roles.o Remove Carbon management console and move that functionality

into the new Admin Portal and User Portal based on the various roles played in the organization

o JavaScript based extension mechanism to customize certain aspects of the product

IS 6.0.0 Roadmap

o Introduction of "Security Circles"o Circle of configuration - Applying configuration in bulk fashion

to multiple service providers at the same time.o Circle of Sessions - Maintain a logged-in session per user per

group of service providers. Single Sign-on and Single Logout will happen only within that group for the particular user.

o Introduction of the concept of claim dialect inheritanceo Introduction of the concept of attribute profileso Support for delegated administrationo Fraud detectiono Tooling support for development of IS artifacts such as service

providers, identity providers, XACML policies, etc.o Deployment automation tools

Thank You!

wso2 identity server 5.3.0 - product release webinar

Technology