Tag Archives: Release Notes

What is new in WSO2 Identity Server 5.3.0?

Since its launch in 2007, WSO2 Identity Server (WSO2 IS) has become an industry leading product in the open source, on-premise IAM space. It’s trusted by both the government and private sectors for large scale deployments ranging up to millions of users.

Apart from the open standard support, WSO2 IS has a solid architecture to build a strong identity ecosystem around it. More than 40 connectors are now available for you to download from WSO2 Connector Store – including SMS OTP, Email OTP, TOTP (Google Authenticator), Duo Security, mePIN, RSA, FIDO U2F  – and many more. All these connectors are released under the same open source Apache 2.0 license, as of the product.

The focus of WSO2 Identity Server 5.3.0 is to build and enhance features around Identity/Account Administration and Access Governance. Here are the new features introduced in WSO2 Identity Server 5.3.0:

  • Identify and suspend user accounts that have been idle for a pre-configured amount of time. Prior to account suspension, the administrator can set up the notification system to notify the user with a warning that the account will be suspended.
    For instance, if a user has not logged in to his/her account for 90 days, the user will be notified that his account will be suspended within the next 7 days if there continues to be no activity, after which the account will be suspended.
  • A new REST API was introduced to recover a lost/forgotten password, i.e., by using email notifications or secret questions. It is also possible to recover the username if forgotten. This extends the functionality of the SOAP service WSO2 IS had before 5.3.0.
  • The administrator can trigger the password reset for a given user. This may be required if the user forgets the credentials and then makes a request to the administration to reset the password — and also in cases where the credentials get exposed to outsiders then the administrator can lock the account and enforce password reset.
  • Support for Google reCAPTCHA as a way of brute-force mitigation. The administrator can configure Google reCAPTCHA in the login, password/account recovery and sign up flows.
  • Maintain the history of the user’s passwords according to a pre-configured count. This prevents a user from using a password he/she has used in the recent past. For example, if you configure a count of 5, the user will be prevented from reusing his/her last 5 passwords as the current password.
  • The administrator can monitor all the login sessions — and can selectively terminate.
  • Enforce policies to control outbound user provisioning operations. For example, you can provision users having the salesteam role to Salesforce and anyone having an email address with the domain name foo.com to Google Apps.
  • Partition users by service providers. WSO2 IS had support for multiple user stores since its version 4.5.0. With this new feature, the administrator can specify against which user store the user should authenticate, by the service provider. For example, only the users in the foo user store will be able to access the foo service provider.
  • Enforce policies during the authentication flow. The administrator can, for example, enforce a policy which states only the users having the salesteam role can access Salesforce, and only during a weekday from 8 AM to 4 PM.
  • Improvements for the JIT provisioning flow. The administrator can now specify mandatory attribute requirements for JIT provisioning and if any of those are missing, WSO2 IS will prompt the user to enter the values for the missing attributes.
  • Improvements for identity analytics. With WSO2 IS 5.3.0 the identity administrator can get alerts for abnormal and suspicious login sessions.

In addition to the above set of features, WSO2 IS 5.3.0 also introduced a set of enhancements for its existing open standards.

  • SAML 2.0 Metadata Profile
  • SAML 2.0 Assertion Query/Request Profile
  • OpenID Connect Dynamic Client Registration
  • OAuth 2.0 Token Introspection
  • OpenID Connect Discovery
  • JSON/REST profile of XACML

WSO2 IS 5.3.0 is now the best it’s ever been. We hope you will find it quite useful to address your enterprise identity management requirements, and we’re more than happy to hear your feedback/suggestions — please feel free to post them to bizdev@wso2.com or dev@wso2.org.

WSO2 Governance Registry 5.2.0 released!

We have a new version of WSO2 Governance Registry!

WSO2 G-Reg 5.2.0 – this new version – is more focused on delivering a good user experience with enabling some of the features, which are there in the publisher to store users as well. Search has been improved to empower both store and publisher users.

Meet your dependencies. Visually.   

Governance Center store now comes with the ability to graphically visualize your dependencies. With this, you can easily check the impact of a change to an artifact using the dependency visualization  (dependency graph) option prior to changing the artifact. You can also filter resources based on the association type and search for artifacts based on the dependency type.

greg 1
Having to work with multiple versions of the same asset sometimes leads to chaos and users end up not knowing which version to be used to cater his/her requirement. WSO2 G-Reg 5.2.0 comes with graphical diff-view support for Governance Center Store, which allows you to inspect the changes among different version of an asset.

greg 2
Better asset searching

We’ve made some pretty important improvements to search, including providing helper text during search.

greg - 3

There’s also search history, which means you can now reuse your previously used search queries – altogether a more Google experience than ever before. Privacy buffs among you will be pleased to know you can change the number of history items using the management console.  

Asset loading/ listing has never been this fast

We’re continuously working on making our products work faster. In G-Reg 5.2.0, we’ve have a major performance gain in both Store and Publisher applications. Loading of landing pages and asset listing pages are now been significantly improved.   

greg - 3WSO2 Governance Registry is perhaps the best open source product for storing, cataloging, indexing, managing and governing your enterprise metadata. But don’t just take our word for it – you can download it from here and try it out for yourself. To learn more about the product and its use cases, check out our product documentation.