WSO2 Identity Server 5.11.0 introduces several new features including a new React-based console application, enhanced My Account application, software development kits for Java, .NET and Android, separation of groups and roles, integration with Hashicorp Vault, symmetric key encryption for data protection, upgrade to OpenSAML 3, tenant qualified URLs and tenant wise CORS management. The release also includes feature improvements and performance optimizations.
4. 4
Key Capabilities
● Identity federation and SSO
● Identity bridging
● MFA and adaptive authentication
● Managing access to APIs
● Consent management
● Accounts management
● Progressive profiling
● RESTful APIs for integration
● Regulatory compliance
● Identity analytics
WSO2 Identity Server Capabilities
5. What’s New with IS 5.11.0?
5
● New react based Console application - BETA
● Enhanced My Account application
● Software Development Kits (SDKs)
● Group and Role Separation
● Integration with Hashicorp Vault
● Data protection with symmetric key encryption
● OpenSAML 3 upgrade
● Tenant Qualified URLs - BETA
● Tenant Wise CORS Management - BETA
New Features
Feature Improvements
Performance Improvements
8. ● Application Management
● Identity Provider Management
● User store Management
● Users, Roles & Groups Management
● Email Template Management
Key Highlights of the Console
8
9. Old vs New Console
9
● Improved UI design and theme to
provide a seamless user
experience.
● Application management
templates.
● Identity Provider management
templates.
● User store management
templates.
● Custom UI components to
increase the usability.
12. My Account vs User Portal
12
● User claim update verification (email, mobile).
● Removed pending workflow approvals section.
● Minor cosmetic improvements.
14. ● We introduced a number of SDKs aligning with Identity Server 5.11.0.
● Improves developer experience.
● Speed up the implementation of application UIs.
● No prior knowledge on authentication protocols required.
● Initially we will be providing the following SDKs:
⦿ Java OIDC SDK
⦿ .Net OIDC SDK
⦿ Android OIDC SDK
SDKs for Java, .Net, and Android
14
16. In our previous versions both groups and roles were considered as roles in the
system and roles could be managed via the WSO2 IS management console or the
SCIM2 groups endpoint.
This has been redesigned and groups and roles are considered separate entities in
the system as described below.
● User: An identity of a person stored in the IAM system.
● Group: A representation of a set of users in the userstore.
● Role: Roles within the IAM solution that bind with permissions defined for
resources within the IAM solution. It can be mapped to old hybrid roles.
Roles and Groups Separation
16
25. Symmetric Key Encryption in Identity Server
● Uses AES/GCM/NoPadding as the encryption algorithm
● Improves performance
● Less impact on data migration on key rotation
25
Key v1 Key v2
Internal Data
Symmetric
key
Symmetric
key
Symmetric
key
Rotate
27. Major changes from OpenSAML 2 to OpenSAML 3
27
● The structure of the OpenSAML dependencies has changed between version 2
and 3. OpenSAML 3.x is structured as a Maven multi-module project.
● The Message Context has changed to become more modular.
MessageHandlers has been added to process the messages using message
context.
● The syntax has been changed for some processes.
● Some package and class renames
● Some methods are dropped out or either moved into another class
29. Newly Introduced CIAM Improvements
29
● Trigger email validation on email address change
● Trigger SMS based verification on mobile number change
● Enforcing uniqueness and regex validation for challenge question answers
● Auto-login the user upon successful password recovery improving account
recovery experience
● Revoke session bounded tokens on logout and session expiry events
● And many more..
31. Tenant Qualified URLs
● Identity Server will now have tenant domain in its URLs.
Eg.
⦿ /oauth /t/mytenant.com/oauth
⦿ /scim2 /t/mytenant.com/scim2
● Provides flexibility with tenant wise branding and sharding
31
33. What is CORS?
33
● Cross Origin Resource Sharing (CORS) is a mechanism that allows the web
services to control the access to its resources from different origins.
● Especially helpful when integrating SPAs with the Identity Server.
● The WSO2 IS 5.11.0 supports enforcing CORS at the tenant level.
● We have also improved the deployment level CORS configuration as well
The Identity Server must be running in the tenant URL mode in order for CORS
to work.
34. Configure CORS During Deployment
All the CORS parameters can be configured at the server level through the
deployment.toml file.
34
35. Manage CORS through the REST APIs
● Server Configuration API : Configure CORS at tenant level
● Application Management API : Configure CORS at application level
● CORS API : View allowed CORS origins and associated applications
35
38. Try out WSO2 Identity Server
38
Download V5.11.0
https://wso2.com/identity-and-access-management
Documentation
https://is.docs.wso2.com/en/5.11.0
Report Issues
https://github.com/wso2/product-is/issues
Engage with the Community
https://wso2.com/identity-and-access-management/community
Mailing Lists
iam-dev@wso2.org, dev@wso2.org, architecture@wso2.org
40. 40
More Samples for content usage
1 Lorem ipsum dolor sit amet,
consectetur adipiscing elit. Sed do
eiusmod tempor incididunt ut labore et
dolore magna nec. Lorem ipsum dolor
sit amet, consectetur adipiscing elit.
2 Lorem ipsum dolor sit amet,
consectetur adipiscing elit. Sed do
eiusmod tempor incididunt ut labore et
dolore magna nec. Lorem ipsum dolor
sit amet, consectetur adipiscing elit.
3 Lorem ipsum dolor sit amet,
consectetur adipiscing elit. Sed do
eiusmod tempor incididunt ut labore et
dolore magna nec. Lorem ipsum dolor
sit amet, consectetur adipiscing elit.
4 Lorem ipsum dolor sit amet,
consectetur adipiscing elit. Sed do
eiusmod tempor incididunt ut labore et
dolore magna nec. Lorem ipsum dolor
sit amet, consectetur adipiscing elit.