wso2 product release webinar: wso2 identity server 5.2.0
TRANSCRIPT
WSO2 Identity Server 5.2.0Get more insight into your applications and their users with Authentication Analytics
Johann Dilantha NallathambyTechnical Lead
Outline
oWhat is WSO2 Identity Servero IntroductionoFeatures overview
oWhat’s new with v5.2.0oAuthentication AnalyticsoDemooOther new features
oMore informationoWhat’s nextoQ&A
What is WSO2 Identity Server
o Currently in its 5th generation (5.2.0)o 100% free and open source with commercial supporto Apache 2.0 licenseo Based on WSO2 Carbon platform
o Java based platformo Based on OSGi technologyo Componentized, modular architectureo In-built support for multi-tenancy, logging, clustering,
caching, security, etc.o Developer friendly
o Complete web service APIs for integrating or embedding into any application or system
o Pluggable, extensible and themable
What is WSO2 Identity Server
o User friendly with minimal learning curveo Lightweight and high performanceo Deployment flexibility
o Container friendly deploymento Clustering for high availability deploymento On-premise, private cloud, or managed cloud
Focus Areas
oEnterprise and Cloud SSO and FederationoStrong authenticationoIdentity Governance and AdministrationoEntitlements and Access Control
Strong AuthenticationoGo to store.wso2.comoDocumentation:
https://docs.wso2.com/display/ISCONNECTORS/Identity+Server+Authenticators+and+Connectors
Identity Governance and Administration
oAccount and Credential ManagementoUsername recoveryoPassword recoveryoAccount setup with email verificationoSelf sign-up with email verificationoPassword policies
o Complexityo Account locking
o XACML 2.0/3.0
ohttp://www.soasecurity.org/
Entitlements and Access Control
Entitlements and Access Control
o Delegated Access Control with WS-Trust
IdP-A IdP-B
Consumer Service
TrustTr
ust
Trus
t
Trust Domain A Trust Domain B
Authentication Analyticso Login Analytics: This refers to generating and analyzing
login attempts made via WSO2 IS.
o Session Analytics: This refers to generating and analyzing sessions that have taken place in WSO2 IS. A session is a time duration between a successful login and and the subsequent log out by a specific user.
o Integrated OOTB with WSO2 Data Analytics Server
o DAS runtime is completely free
Other new featureso OpenID Connect Session Management
o http://malithiedirisinghe.blogspot.com/2016/03/openid-connect-session-management.html
oOpenID Connect Scope SupportoSAML2 Profile support WS-Federation PassiveoBuilt in claims for LastLoginTimestamp and
LastPasswordUpdateTimestampoUser count for JDBC user stores
More informationoMigrating from IS 5.1.0 to IS 5.2.0
ohttps://docs.wso2.com/display/IS520/Upgrading+from+a+Previous+Release
oIS 5.2.0 Documentationohttps://docs.wso2.com/display/IS520/WSO2+Identity
+Server+DocumentationoIdentity Server Resources
ohttp://wso2.com/library/security/
What’s Next ?o IS 5.3.0 in December 2016o Improved IGA features
o Multi-tenancy support for Account and Credential Management features
o Improvements in email templateso Add and manage any number of templateso HTML templatingo Internationalizationo User claim placeholderso More notification connectors by integrating with CEP output adaptor
engine (JMS, Kafka, SMS, Websocket, MQTT, Thrift, etc.)o Challenge question internationalizationo Google reCaptcha integrationo More password policies
o User password historyo Password expiry and automatic password update remindero Account expiry and automatic login remindero More captcha integration to prevent brute force attacks
What’s Next ?o Admin password reseto More email confirmation scenarioso Restful APIs for account and credential management scenarioso Out of the box UIs for self-signup with email verification and account
recovery scenarioso Design improvements in claim managemento Analytics
o Real time alerts on abnormal user activityo Monitor and terminate logged in user sessions
o SAMLo SAML2 Metadatao SAML2 Assertion Query Profile
o OAuth2/OpenID Connecto OpenID Connect Dynamic Client Registration
OpenID Connect DiscoveryOAuth2 Token Introspection Profile
o CASo IWA on Linuxo Rest Profile for XACML 3.0