Releases: wso2/product-is
WSO2 Identity Server 5.4.0 M1
v5.4.0-m1 [maven-release-plugin] copy for tag v5.4.0-m1
WSO2 Identity Server 5.3.0
WSO2 Identity Server : An Open Source Identity and Entitlement Management Server
WSO2 Identity Server v5.3.0 Released !
January 2017
WSO2 Identity Server team is pleased to announce the release of version 5.3.0 of the WSO2 Identity Server (IS).
WSO2 Identity Server is an open source Identity and Entitlement Management server. It supports a wide array of authentication protocols such as SAML 2.0 Web SSO, OAuth 2.0/1.0a, OpenID Connect and WS-Federation Passive. It supports role based authorization and fine grained authorization with XACML 2.0/3.0 while inbound/outbound provisioning is supported through SCIM and SPML.
WSO2 Identity Server is developed on top of the revolutionary WSO2 Carbon platform, an OSGi based framework that provides seamless modularity to your SOA solution via componentization.
All the major features have been developed as pluggable Carbon components.
You can download this distribution from http://wso2.com/products/identity-server/.
Online documentation is available at http://docs.wso2.org/wiki/display/IS530/WSO2+Identity+Server+Documentation.
How to Run
- Extract the downloaded zip
- Go to the bin directory in the extracted folder
- Run the wso2server.sh or wso2server.bat as appropriate
- If you need to start the OSGi console with the server use the property -DosgiConsole when starting the server.
New Features In This Release
- Improved Identity Management Capabilities : Identity management features in WSO2 Identity Server 5.3.0, has been re-designed to provide strong out-of-the-box support for key identity management use cases, including password policies, login policies and account management policies.
- Password policies
- Password history validation (ability to keep track of user's old passwords). See Password History Validation.
- Password Patterns Configuration, See Password Patterns
- Login policies
- Google ReCaptcha support for single sign on. See Setting Up ReCaptcha.
- Account locking in single and multi-tenant environments. See User Account Locking and Account Disabling.
- Account management policies.
- Account suspension reminders and locking idle accounts. See User Account Suspension.
- Password and username recovery with challenge questions or notifications. We also support challenge questions internalization. See Password Recovery.
- Password reset via admin. For more information, See Forced Password Reset.
- Google ReCaptcha support for password recovery flow and self sign up. See Setting Up ReCaptcha.
- HTML support for email templates, template internalization and dynamic properties for email templates. See Customizing Automated Emails.
- Brute force attack prevention. See Mitigating Brute Force Attacks.
- Login session monitoring and termination: WSO2 IS now supports monitoring user sessions and authentication activities via alerts, and manual termination of user sessions for better security. See Terminating User Sessions.
- Rule based provisioning: WSO2 IS 5.3.0 has the ability to adopt provision flows based on rules. These rules can be based on entities related to an event such as user, idp, sp as well as environmental factors like time and region.
- Prompt for missing predefined required attributes in the authentication flow: The user will be prompted to fill the missing attributes or claim values, in the event of a missing mandatory claim at the point of login. See Configuring Claims for a Service Provider.
- OAuth 2.0/OpenID Connect Enhancements: Following OpenID Connect specifications were implemented to enrich the OpenID connect support in Identity Server.
- OpenID Connect Dynamic Client Registration. See OpenID Connect Dynamic Client Registration.
- Token Introspection. See Invoke the OAuth Introspection Endpoint.
- OpenID Connect Discovery support. See the OpenID Connect specification.
- OAuth 2.0 Form Post Response Mode. See the specification
- OAuth 2.0 client secret revocation and regeneration : See OAuth2 /OpenID connect configurations
- REST profile of XACML. With IS 5.3.0, we have added a REST layer on top of the Balana entitlement engine. See Entitlement with APIs.
- SAML 2.0 Enhancements: Identity server 5.3.0 added following specification support to its SAML feature list.
- SAML 2.0 Metadata Profile.
- SAML 2.0 Assertion Query/Request Profile
- Security Analytics: WSO2 IS now detects and provides alerting capability for abnormal and suspicious login sessions. See Managing Alerts.
- SCIM 1.0 Enhancements : SCIM provisioning API improved to support attribute query.
- Engage access control policies in authentication flow : With WSO2 IS 5.3.0 it's possible to evaluate access control policies against an authenticated user in authentication flow.
- Integrated Windows Authentication (IWA) for IS deployed on Linux servers : With this improvement we enable IS deployed on Linux servers to achieve IWA with external Kerberos/NTLM Servers. See Configure IWA on Linux
- Claim Management Improvement: With this release we relieve the user from the painstaking task of having map claims from one dialect to another indirectly by manipulating mapped attributes. From IS 5.3.0, users can easily map claims from two dialects directly without worrying about mapped attributes.
- Identity Management REST APIs : New RESTful interfaces to connect with account registration and recovery flows have been introduced with IS 5.3.0.
Known Issues
All the open issues pertaining to WSO2 Identity Server are reported at the following locations:
How You Can Contribute
Mailing Lists
Join our mailing list and correspond with the developers directly.
- Developer list : [email protected] | Subscribe | Mail Archive
- User forum : StackOverflow
Reporting Issues
We encourage you to report issues, documentation faults and feature requests regarding WSO2 Identity Server or in the Carbon base framework through the public WSO2 Identity Server JIRA or Carbon JIRA.
Support
We are committed to ensure your enterprise middleware deployment is completely supported from evaluation to production. Our unique approach ensures that all support leverages our open development methodology and is provided by the very same engineers who build the technol...
WSO2 Identity Server 5.3.0 - RC3
v5.3.0-rc3 [maven-release-plugin] copy for tag v5.3.0-rc3
WSO2 Identity Server 5.3.0 - RC2
v5.3.0-rc2 [maven-release-plugin] copy for tag v5.3.0-rc2
WSO2 Identity Server 5.3.0 - RC1
v5.3.0-rc1 [maven-release-plugin] copy for tag v5.3.0-rc1
WSO2 Identity Server 5.3.0 Beta
v5.3.0-beta [maven-release-plugin] copy for tag v5.3.0-beta
WSO2 Identity Server 5.3.0 Alpha2
v5.3.0-alpha2 [maven-release-plugin] copy for tag v5.3.0-alpha2
WSO2 Identity Server 5.3.0 Alpha
v5.3.0-alpha [maven-release-plugin] copy for tag v5.3.0-alpha
WSO2 Identity Server 5.3.0 M5
WSO2 Identity Server 5.2.0
WSO2 Identity Server : An Open Source Identity and Entitlement Management Server
WSO2 Identity Server v5.2.0 Release Note
20 September 2016
The WSO2 Identity Server team is pleased to announce the release of version 5.2.0 of the WSO2 Identity Server (IS).
WSO2 Identity Server is an open source Identity and Entitlement management server. It supports a wide array of authentication protocols such as SAML 2.0 Web SSO, OAuth 2.0/1.0a, OpenID Connect and WS-Federation Passive. It supports role based authorization and fined grained authorization with XACML 2.0/3.0 while inbound/outbound provisioning is supported through SCIM and SPML.
All the major features have been developed as pluggable Carbon components.
You can download this distribution from http://wso2.com/products/identity-server/.
The online documentation for IS 5.2.0- Runtime is available at http://docs.wso2.org/wiki/display/IS520/WSO2+Identity+Server+Documentation.
The online documentation for IS 5.2.0- Analytics is available at https://docs.wso2.com/display/IS520/Analytics
New Features In This Release
- OpenID Connect Session Management
- Last SAML based login timestamp and Last password modified Timestamp
- API to get the number (count) of users
- Support for Microsoft Office 365 – WS Trust
- SAML 2.0 support for WS-Federation Passive
OpenID Connect is an emerging authentication protocol defined on top of OAuth 2.0 protocol. OpenID Connect Session Management specification, defines a way for a Relying Party (RP), to monitor the login status of an end user with an OpenID Connect Provider (OP) minimizing the network traffic.
WSO2 IS is now able to know the last login time and last password update time of a user. You should be able to see the corresponding values listed through the user's profile.
One of the new functionalities introduced with WSO2 IS is the service to count the number of users based on user names patterns and claims and also to count the number of roles matching a role name pattern in user store. By default this supports JDBC user store implementations only and provides freedom to extend the functionality to LDAP user stores or any other type as well.
With WSO2 IS now you will be able to successfully configure the WS-Trust protocol for Microsoft Office 365 to provide active clients with SSO to many of Office 365 features such as the mobile mail app,external mail apps, Lync.
WSO2 IS is now able to support SAML 2.0 tokens with Passive STS.
Key Features of WSO2 Identity Server
- User Account Enable,Disable
- Exposing IdentityProviderManager an osgi service.
- Facilitated to configure the callback url in Facebook authenticator.
- Ability to configurable "ISS" value of JWT token (id_token) for a given tenant.
- Add PKCE Support for OAuth 2.0 Authorization Code Grant Type
- Add PKCE Support Detection
- Add user-profile in dashboard for TOTP authenticator
- Scope parameter support for OIDC Id Token.
- OpenID 2.0 Provider
- OpenID Connect Authorization Server
- Social login with Facebook, Google, Yahoo and Windows Live
- XACML 3.0/2.0 based Entitlement Engine with WS-XACML support
- OAuth 2.0/1.0a Authorization Server with OAuth 2.0/1.0a support
- Inbound and Outbound Identity Provisioning with SCIM 1.1
- Outbound Identity Provisioning with SPML 2.0, Salesforce and GoogleApps
- Integrated Windows Authentication and webSEAL authentication
- Multi-option and multi-step (multi-factor) authentication
- Claim based Security Token Service(STS) with SAML 2.0/1.1 support.
- Support for various types of User Stores such as JDBC, Cassandra, LDAP, Active Directory in Read/Write mode.
- Claim Management
- User Profiles and Profile Management
- Separable front-end and back-end - a single front-end server can be used to administer several back-endservers
- Identity Bridge
- Multi-option and multi-step authentication
- Request Path Authenticators.
- Social Login with Facebook / Google / Microsoft Windows Live.
- Ability to plug-in custom developed authenticators.
- Provisioning Bridge.
- Just-in-time provisioning.
- Ability to plug-in custom developed provisioning connectors.
- User Dashboard.
- SAML2 Web SSO profile Request / Response validator.
- Remote User Store Management.
- Custom permissions.
- Encrypted SAML2 Assertions.
- NTLM grant type for OAuth 2.0
- Workflows for user management operations
- 2 factor authentication with FIDO
- Linking 2 or more local/federated user accounts
Analytics
- Event publishers to publish events related to authentication operations (login and session) to various endpoints
- Login attempts related analytics
- Session related analytics
- Geo location based statistics for login attempts
This comprises of three main sections (Overall, Federated and Local). In each section, statistics are displayed over various dimensions such as service providers, user-stores, roles, users and etc..
This covers statistics relating to sessions carried out for different applications accessed via WSO2 IS.
Known Issues
All the known issues in WSO2 Identity Server 5.2.0 are reported at:
- Known issues in WSO2 Identity Server 5.2.0- Runtime
- Known issues in WSO2 Identity Server 5.2.0- Analytics
How You Can Contribute
Mailing Lists
Join our mailing list and correspond with the developers directly.
- Developer list : [email protected] | Subscribe | Mail Archive
- User forum : StackOverflow
Reporting Issues
We encourage you to report issues, documentation faults and feature requests regarding WSO2 Identity Server or in the Carbon base framework through the public WSO2 Identity Server JIRA WSO2 Identity Analytics JIRA or Carbon JIRA.
Support
We are committed to ensuring that your enterprise middleware deployment is completely supported from evaluation to production. Our unique approach ensures that all support leverages our open development methodology and is provided by the very same engineers who build the technology. For more details and to take advantage of this unique opportunity http://wso2.com/support/
For more information about WSO2 Identity Server, please see http://wso2.com/products/identity-server or visit the WSO2 Oxygen Tank developer portal for additional resources.
Thank you for your interest in WSO2 Identity Server.
Copyright WSO2 Inc.