New release adds OpenID Connect for mobile and Web authentication, greater control for tenants in multitenant cloud deployments, Salesforce.com and Google Apps integration via SAML, and enhanced SCIM
Palo Alto, CA – September 18, 2013 – The cloud, mobile computing, and APIs are empowering enterprises to extend their processes to customers, partners, and other groups within the organization. However, with this greater reach come greater challenges to protect data and ensure users’ privacy across multiple domains and devices. WSO2 addresses these challenges with the launch of WSO2 Identity Server 4.5 for authentication and identity management across cloud, mobile and Web applications.
The latest release of the award-winning WSO2 Identity Server adds powerful new capabilities for user provisioning and management, including:
- Support for OpenID Connect to authenticate users of mobile and Web applications.
- Stronger tenant control in multitenant cloud deployments through the ability of each tenant to have multiple trusted identity providers and multiple user stores, which are isolated from the rest.
- Enhanced System for Cross-domain Identity Management (SCIM) with the addition of OAuth 2.0 authentication.
- Expanded Security Assertion Markup Language (SAML) 2.0 functionality to support seamless integration with Salesforce and Google Apps.
- Addition of SAML 2.0 grant type for OAuth 2.0 to leverage SAML 2.0 with REST/API security.
“Collectively, the cloud, mobile, APIs, social media, and open source are enabling enterprises to create new connections across employees, customers and partners. Along with new business models, this is also bringing the need for more comprehensive identity management across the diverse participants in these connected enterprises,” said Dr. Sanjiva Weerawarana, WSO2 founder and CEO. “WSO2 Identity Server 4.5 delivers on this demand by combining robust, centralized management with flexible models for provisioning in traditional, cloud and mobile deployments and by facilitating authentication and authorization no matter where or how users choose to access applications and services.”
Robust Identity Management On-premises and in the Cloud
Version 4.5 builds on the proven performance of WSO2 Identity Server, the enterprise-ready, 100% open source, lean, component-based software, which has been in production in Global 1000 enterprises since 2009.
WSO2 Identity Server enables enterprise architects and developers to improve the user’s experience by reducing identity provisioning time, guaranteeing secure online interactions, and delivering a reduced single sign-on (SSO) environment. It also decreases the burden of identity management and entitlement management by including role-based access control, attribute-based access control, fine-grain policy-based access control, and SSO bridging. Featuring full native multi-tenancy, WSO2 Identity Server can run on servers, in a private cloud, public cloud or hybrid cloud environment—all from the same software.
In December 2012, WSO2 Identity Server 4.0 added SCIM support for identity provisioning to facilitate user management operations across software as a service (SaaS) applications. It also incorporated federated identity provider (IdP) functionality, allowing different organizations to make shared services available—for example different universities sharing certain resources with each other’s faculty or students—while enabling single sign-on simplicity for end users. Such federated IdP is particularly important for facilitating authentication across extremely large deployments associated with the cloud.
WSO2 Identity Server is complemented by the WSO2 Cloud Gateway 1.0, first launched in 2010, which provides a secure connection between applications behind the firewall and public platform as a service (PaaS) or SaaS offerings.
New Features in WSO2 Identity Server 4.5
WSO2 Identity Server 4.5 adds significant enhancements to facilitate identity management across multiple devices, domains and applications—on-premises and in the cloud.
New OpenID Connect Support – Version 4.5 adds support for OpenID Connect, a standard for mobile and Web application authentication. An identity framework built on the OAuth 2.0 protocol, OpenID Connect utilizes and extends OAuth 2.0 messages and code flows. With WSO2 Identity Server, enterprises now can use and implement the OpenID Connect Basic Client Profile.
New Multiple Trusted Identity Providers Functionality – WSO2 Identity Server 4.5 allows identity providers to be configured by tenant administrators in a multitenant environment. This is particularly relevant in the development and deployment of an SSO-enabled, software as a service application in which the SaaS application is deployed on the super tenant but accessed by all tenants. Each tenant can have its own set of trusted identity providers, and users of the tenant do not have to physically exist on the same server as the SaaS application. This reduces the management requirements of the super tenant while providing tenants more control and flexibility over their user authentication.
Expanded SCIM Capabilities – The newest release of WSO2 Identity Server enhances support for the System for Cross-domain Identity Management specification by adding OAuth 2.0-based authentication for SCIM. WSO2 Identity Server acts as both a SCIM service provider (both hub and spoke types) and a SCIM service consumer. Now IT organizations can leverage OAuth 2.0 in order to authenticate the SCIM REST endpoints of WSO2 Identity Server.
Expanded Security Assertion Markup Language 2.0 Support – Many existing enterprises that have implemented a service-oriented architecture (SOA) rely on SAML 2.0, but increasingly they need to consume OAuth-protected resources through APIs. WSO2 Identity Server, as an OAuth 2.0 authorization server, now can accept SAML 2.0 assertions from OAuth 2.0 clients and in exchange return back OAuth 2.0 access tokens to access protected resources on behalf of the resource owner. This provides a simple solution for leveraging SAML with REST/API security.
Additional Enhancements – WSO2 Identity Server 4.5 includes several other new features to provide greater ease of use and facilitate user provisioning and management. With this latest release:
- IT organizations can customize login pages for SAML 2.0, OAuth, OpenID Connect, Passive Security Token Service (STS), and OpenID outside of WSO2 Identity Server.
- Administrators can configure user account lock/unlock based on failed login attempts.
- Enterprises have improved support for implementing name/password violation policies.
- Organizations and their users can recover accounts using email addresses or secret questions.
- Single sign-on across Google Apps, Salesforce and internal applications is seamlessly integrated with WSO2 Identity Server.
- Administrators can define a selective set of grant types for OAuth 2.0 applications based on the trust and their capabilities.
- WSO2 Identity Server adds an improved eXtensible Access Control Markup Language (XACML) editor and SAML 2.0 Web secure single sign-on (SSO) HTTP POST binding for authentication requests.
WSO2 Identity Server Builds on WSO2 Carbon Platform
WSO2 Identity Server is built on the same modular, fully componentized OSGi-compliant code base as the award-winning WSO2 Carbon enterprise middleware platform. Like all WSO2 middleware products, it is inherently cloud-enabled and uses proven core framework components that provide a consistent set of enterprise-class management, security, clustering, logging, statistics, tracing, and other capabilities. Additionally, it offers a graphical management console, which is integrated with other WSO2 middleware products, for configuration, management and monitoring. The componentized architecture gives enterprises unprecedented flexibility to customize WSO2 Identity Server by adding WSO2 Carbon middleware products or the 175-plus components on which they are based.
Availability and Support
WSO2 Identity Server 4.5 is available today as a software download that can run directly on servers or on top of WSO2 Stratos PaaS software; as a WSO2 Cloud Virtual Machine running on the Amazon Elastic Computing Cloud (EC2), Linux Kernel Virtual Machine (KVM), and VMware ESX; and as a hosted service on the WSO2 StratosLive PaaS. As a fully open source solution released under the Apache License 2.0, it does not carry any licensing fees.
WSO2 Identity Server is backed by a world-class technical team in which the experts that helped create the software provide support, leading to direct and immediate access to the people with in-depth knowledge of the middleware. WSO2 service and support options include evaluation support, a special QuickStartSM consulting program, development support, and production support.
WSO2 is the lean enterprise middleware company. It delivers the only complete open source enterprise SOA middleware stack purpose-built as an integrated platform to support today’s heterogeneous enterprise environments—internally and in the cloud. WSO2’s service and support team is led by technical experts who have proven success in deploying enterprise SOAs and contribute to the technology standards that enable them. For more information, visit http://wso2.com or check out the WSO2 community on the WSO2 Blog, Twitter, LinkedIn, Facebook, and FriendFeed..