WSO2 Identity Server : An Open Source Identity and Entitlement Management Server

WSO2 Identity Server v5.2.0 Release Note

20 September 2016

The WSO2 Identity Server team is pleased to announce the release of version 5.2.0 of the WSO2 Identity Server (IS).

WSO2 Identity Server is an open source Identity and Entitlement management server. It supports a wide array of authentication protocols such as SAML 2.0 Web SSO, OAuth 2.0/1.0a, OpenID Connect and WS-Federation Passive. It supports role based authorization and fined grained authorization with XACML 2.0/3.0 while inbound/outbound provisioning is supported through SCIM and SPML.

All the major features have been developed as pluggable Carbon components.

You can download this distribution from http://wso2.com/products/identity-server/.

The online documentation for IS 5.2.0- Runtime is available at http://docs.wso2.org/wiki/display/IS520/WSO2+Identity+Server+Documentation.

The online documentation for IS 5.2.0- Analytics is available at https://docs.wso2.com/display/IS520/Analytics

New Features In This Release

OpenID Connect Session Management
OpenID Connect is an emerging authentication protocol defined on top of OAuth 2.0 protocol. OpenID Connect Session Management specification, defines a way for a Relying Party (RP), to monitor the login status of an end user with an OpenID Connect Provider (OP) minimizing the network traffic.
Last SAML based login timestamp and Last password modified Timestamp
WSO2 IS is now able to know the last login time and last password update time of a user. You should be able to see the corresponding values listed through the user's profile.
API to get the number (count) of users
One of the new functionalities introduced with WSO2 IS is the service to count the number of users based on user names patterns and claims and also to count the number of roles matching a role name pattern in user store. By default this supports JDBC user store implementations only and provides freedom to extend the functionality to LDAP user stores or any other type as well.
Support for Microsoft Office 365 – WS Trust
With WSO2 IS now you will be able to successfully configure the WS-Trust protocol for Microsoft Office 365 to provide active clients with SSO to many of Office 365 features such as the mobile mail app,external mail apps, Lync.
SAML 2.0 support for WS-Federation Passive
WSO2 IS is now able to support SAML 2.0 tokens with Passive STS.

Key Features of WSO2 Identity Server

User Account Enable,Disable
Exposing IdentityProviderManager an osgi service.
Facilitated to configure the callback url in Facebook authenticator.
Ability to configurable "ISS" value of JWT token (id_token) for a given tenant.
Add PKCE Support for OAuth 2.0 Authorization Code Grant Type
Add PKCE Support Detection
Add user-profile in dashboard for TOTP authenticator
Scope parameter support for OIDC Id Token.
OpenID 2.0 Provider
OpenID Connect Authorization Server
Social login with Facebook, Google, Yahoo and Windows Live
XACML 3.0/2.0 based Entitlement Engine with WS-XACML support
OAuth 2.0/1.0a Authorization Server with OAuth 2.0/1.0a support
Inbound and Outbound Identity Provisioning with SCIM 1.1
Outbound Identity Provisioning with SPML 2.0, Salesforce and GoogleApps
Integrated Windows Authentication and webSEAL authentication
Multi-option and multi-step (multi-factor) authentication
Claim based Security Token Service(STS) with SAML 2.0/1.1 support.
Support for various types of User Stores such as JDBC, Cassandra, LDAP, Active Directory in Read/Write mode.
Claim Management
User Profiles and Profile Management
Separable front-end and back-end - a single front-end server can be used to administer several back-endservers
Identity Bridge
Multi-option and multi-step authentication
Request Path Authenticators.
Social Login with Facebook / Google / Microsoft Windows Live.
Ability to plug-in custom developed authenticators.
Provisioning Bridge.
Just-in-time provisioning.
Ability to plug-in custom developed provisioning connectors.
User Dashboard.
SAML2 Web SSO profile Request / Response validator.
Remote User Store Management.
Custom permissions.
Encrypted SAML2 Assertions.
NTLM grant type for OAuth 2.0
Workflows for user management operations
2 factor authentication with FIDO
Linking 2 or more local/federated user accounts

Analytics

Event publishers to publish events related to authentication operations (login and session) to various endpoints
Login attempts related analytics
This comprises of three main sections (Overall, Federated and Local). In each section, statistics are displayed over various dimensions such as service providers, user-stores, roles, users and etc..
Session related analytics
This covers statistics relating to sessions carried out for different applications accessed via WSO2 IS.
Geo location based statistics for login attempts

Known Issues

All the known issues in WSO2 Identity Server 5.2.0 are reported at:

How You Can Contribute

Mailing Lists

Join our mailing list and correspond with the developers directly.

Developer list : dev@wso2.org | Subscribe | Mail Archive
User forum : StackOverflow

Reporting Issues

We encourage you to report issues, documentation faults and feature requests regarding WSO2 Identity Server or in the Carbon base framework through the public WSO2 Identity Server JIRA WSO2 Identity Analytics JIRA or Carbon JIRA.

Support

We are committed to ensuring that your enterprise middleware deployment is completely supported from evaluation to production. Our unique approach ensures that all support leverages our open development methodology and is provided by the very same engineers who build the technology. For more details and to take advantage of this unique opportunity http://wso2.com/support/

For more information about WSO2 Identity Server, please see http://wso2.com/products/identity-server or visit the WSO2 Oxygen Tank developer portal for additional resources.

Thank you for your interest in WSO2 Identity Server.

wso2/product-is v5.2.0 WSO2 Identity Server 5.2.0 on GitHub