WSO2 Identity Server 5.2.0Get more insight into your applications and their users with Authentication Analytics

Johann Dilantha NallathambyTechnical Lead

Outline

oWhat is WSO2 Identity Servero IntroductionoFeatures overview

oWhat’s new with v5.2.0oAuthentication AnalyticsoDemooOther new features

oMore informationoWhat’s nextoQ&A

What is WSO2 Identity Server

A Free and Open Source Identity &Entitlement Management Server

What is WSO2 Identity Server

o Currently in its 5th generation (5.2.0)o 100% free and open source with commercial supporto Apache 2.0 licenseo Based on WSO2 Carbon platform

o Java based platformo Based on OSGi technologyo Componentized, modular architectureo In-built support for multi-tenancy, logging, clustering,

caching, security, etc.o Developer friendly

o Complete web service APIs for integrating or embedding into any application or system

o Pluggable, extensible and themable

What is WSO2 Identity Server

o User friendly with minimal learning curveo Lightweight and high performanceo Deployment flexibility

o Container friendly deploymento Clustering for high availability deploymento On-premise, private cloud, or managed cloud

Focus Areas

oEnterprise and Cloud SSO and FederationoStrong authenticationoIdentity Governance and AdministrationoEntitlements and Access Control

oIdentity Broker

SSO & Federation

SSO and Federation

oStandard Protocols

WS-Federation Passive

SSO & Federation

oIdentity Federation

SSO & Federation

oIdentity Hub

SSO & Federation

oIdentity Bridge

SSO & Federation

oClaim/Role Transformation

Strong Authentication

oMulti-option and multi-step authentication sequence per application

Strong Authentication

Strong AuthenticationoGo to store.wso2.comoDocumentation:

https://docs.wso2.com/display/ISCONNECTORS/Identity+Server+Authenticators+and+Connectors

Identity Governance and Administration

oIdentity Integration

Identity Governance and Administration

oProvisioningo InboundoOutboundoJust-In-Time (JIT)oBridging

Identity Governance and Administration

oAccount and Credential ManagementoUsername recoveryoPassword recoveryoAccount setup with email verificationoSelf sign-up with email verificationoPassword policies

o Complexityo Account locking

Identity Governance and Administration

oSelf-service portal

Identity Governance and Administration

o Workflows

o XACML 2.0/3.0

ohttp://www.soasecurity.org/

Entitlements and Access Control

Entitlements and Access Control

o Delegated Access Control with OAuth2.0

Entitlements and Access Control

o Delegated Access Control with WS-Trust

IdP-A IdP-B

Consumer Service

TrustTr

ust

Trus

t

Trust Domain A Trust Domain B

What’s New with Identity Server 5.2.0?

Authentication Analyticso Login Analytics: This refers to generating and analyzing

login attempts made via WSO2 IS.

o Session Analytics: This refers to generating and analyzing sessions that have taken place in WSO2 IS. A session is a time duration between a successful login and and the subsequent log out by a specific user.

o Integrated OOTB with WSO2 Data Analytics Server

o DAS runtime is completely free

Authentication Analytics

DEMO

Other new featureso OpenID Connect Session Management

o http://malithiedirisinghe.blogspot.com/2016/03/openid-connect-session-management.html

oOpenID Connect Scope SupportoSAML2 Profile support WS-Federation PassiveoBuilt in claims for LastLoginTimestamp and

LastPasswordUpdateTimestampoUser count for JDBC user stores

More informationoMigrating from IS 5.1.0 to IS 5.2.0

ohttps://docs.wso2.com/display/IS520/Upgrading+from+a+Previous+Release

oIS 5.2.0 Documentationohttps://docs.wso2.com/display/IS520/WSO2+Identity

+Server+DocumentationoIdentity Server Resources

ohttp://wso2.com/library/security/

What’s Next ?o IS 5.3.0 in December 2016o Improved IGA features

o Multi-tenancy support for Account and Credential Management features

o Improvements in email templateso Add and manage any number of templateso HTML templatingo Internationalizationo User claim placeholderso More notification connectors by integrating with CEP output adaptor

engine (JMS, Kafka, SMS, Websocket, MQTT, Thrift, etc.)o Challenge question internationalizationo Google reCaptcha integrationo More password policies

o User password historyo Password expiry and automatic password update remindero Account expiry and automatic login remindero More captcha integration to prevent brute force attacks

What’s Next ?o Admin password reseto More email confirmation scenarioso Restful APIs for account and credential management scenarioso Out of the box UIs for self-signup with email verification and account

recovery scenarioso Design improvements in claim managemento Analytics

o Real time alerts on abnormal user activityo Monitor and terminate logged in user sessions

o SAMLo SAML2 Metadatao SAML2 Assertion Query Profile

o OAuth2/OpenID Connecto OpenID Connect Dynamic Client Registration

OpenID Connect DiscoveryOAuth2 Token Introspection Profile

o CASo IWA on Linuxo Rest Profile for XACML 3.0

Contact us !