Johann NallathambyTechnical Lead
Darshana GunawardanaAssociate Technical Lead
WSO2 Identity Server 5.3.0WSO2 Product Release Webinar
Agenda
o What is WSO2 Identity Servero What’s new with v5.3.0
o Re-engineered account and credential managementoExtended support for open standardsoReal-time security alerting
oWSO2 Identity Server 6.0 roadmap
What is WSO2 Identity Server
What is WSO2 Identity Server
oCurrently in its 5th generation (5.3.0)o100% free and open source with commercial
supportoApache 2.0 licenseoBased on WSO2 Carbon platformoJava based platformoBased on OSGi technologyoComponentized, modular architecture
What is WSO2 Identity Server
oIn-built support for multi-tenancy, logging, clustering, caching, security, etc.
oDeveloper friendlyoComplete web service APIs for integrating or
embedding into any application or systemoPluggable, extensible and themableoUser friendly with minimal learning curveoLightweight and high performance
What is WSO2 Identity Server
oDeployment flexibilityoContainer friendly deploymentoClustering for high availability deploymentoOn-premise, private cloud, or managed cloud
Key Capabilities
oEnterprise and Cloud SSO and FederationoStrong authenticationoIdentity Governance and AdministrationoEntitlements and Access Control
What’s new with v5.3.0
What’s new with v5.3.0
o37 new features and major improvements..!!
oFocused on three major areasoRe-designed account and credential management
and providing more OOTB solutionsoExtended support for open standards and make
integration smootheroReal-time security alerting and improved monitoring
All new account and password management
oNew architectureoEvent basedoFull multi-tenancy support inherited from the designoHighly extensible: easy to implement custom use
casesoEasy to reuse
oRestful APIs for account and credential management scenarios
oOut of the box UIs for self-signup with email verification and account recovery scenarios
All new account and credential management
oImprovements in email templatesoAdd and manage any number of templatesoHTML templatingo InternationalizationoUser claim placeholdersoMore notification connectors by integrating with CEP
output adaptor engine (JMS, Kafka, SMS, Websocket, MQTT, Thrift, etc.)
All new account and credential management
oChallenge question internationalizationoBrute force prevention framework
oGoogle reCaptcha as default implementationo Integrated in Login, Self Registration and Recovery
flows
All new account and credential management
oMore account and credential policiesoUser password history validationoAccount expiry and automatic login reminderoAdmin Initiated Password ResetoMore email confirmation scenarios
Demo I :All new account and credential
management
Extended support for open standards oOAuth\OpenID Connect
oOpenID Connect DiscoveryoOpenID Connect Dynamic Client RegistrationoOAuth 2.0 Form Post Response ModeoOAuth 2.0 Token Introspection
Ref : http://openid.net/connect/
Extended support for open standards
oSAML 2.0oSAML 2.0 Metadata ProfileoSAML 2.0 Assertion Query/Request Profile
oJSON/REST profile of XACMLoAttribute query improvements for SCIM 1.1
oSCIM 2.0 (Coming Soon)oAs a connector in IS connector storeohttps://store.wso2.com/store/assets/isconnector/list
More capabilities for smoother integration
oAbility to engage access control policies during the authentication flow
o Ex: Allow login for corporate applications only during office hours or when it access through internal network
oAbility plug any rule engineoXACML based default implementationoTemplated policies to cover common use casesoAbility to define more fine grained policies
oPolicy based provisioningoSame capabilities as the above
More capabilities for smoother integration
oPrompt for missing predefined user attributes in the authentication flow
oAbility to revoke and regenerate client secret in OAuth 2.0 apps
oIWA authentication with WSO2 IS on Linux and external Kerberos/NTLM Server
What is WSO2 Identity Server
A Free and Open Source Identity &Access Management Server
More capabilities for smoother integration
oImprovements to Claim ManagementoGeneric extensible Authentication\Authorization
Mechanism for REST APIs
Demo II :New capabilities for smoother integration
New security analytics capabilities
oIntroducing real-time security alertingoAlerts on suspicious login activitiesoAlerts on abnormal user sessions
oMonitor logged in user sessionsoManually terminate user sessions
Demo III :New security analytics capabilities
WSO2 Identity Server 6.0 roadmap
IS 6.0.0 Roadmapo Migrating to C5 platform
o Moving away from SOAP based product APIs to Restful product APIso No more Axis2o Carbon 5 Kernel with Netty transport - no more Tomcat with Servlet
transporto Native containerization support with Dockero Container based multi-tenancyo JAAS based authentication and authorization
o First class support for user groupso Support for hierarchical groups and hierarchical roleso Separation of identity store, credential store and authorization storeo Introduction of the concept of user domain - allows a single user to
be virtually constructed from multiple identity stores
IS 6.0.0 Roadmap
o SCIM 2.0 based user/group management APIso Introducing an immutable ID for users and groups which will allow
to rename users, groups and roles.o Remove Carbon management console and move that functionality
into the new Admin Portal and User Portal based on the various roles played in the organization
o JavaScript based extension mechanism to customize certain aspects of the product
IS 6.0.0 Roadmap
o Introduction of "Security Circles"o Circle of configuration - Applying configuration in bulk fashion
to multiple service providers at the same time.o Circle of Sessions - Maintain a logged-in session per user per
group of service providers. Single Sign-on and Single Logout will happen only within that group for the particular user.
o Introduction of the concept of claim dialect inheritanceo Introduction of the concept of attribute profileso Support for delegated administrationo Fraud detectiono Tooling support for development of IS artifacts such as service
providers, identity providers, XACML policies, etc.o Deployment automation tools
Q&A
Thank You!