WSO2 Changelog
- 23 May, 2026
Introducing Step-Based Password Reset Upon Password Expiry in Asgardeo
Asgardeo now supports enforcing password reset as an inline step within an application's login flow when a user's password has expired. Previously, password expiry enforcement was only available organization-wide, triggering at the end of the login flow for all users regardless of the application they signed in too. With this enhancement, administrators can now configure password expiry enforcement at two levels:
WSO2 Changelog
- 23 May, 2026
Improving Sift integration with Asgardeo
We have enhanced our Sift integration to deliver deeper fraud intelligence and more accurate risk assessment across the user journey.
With these improvements, organizations can now publish a broader set of identity events to Sift, including login, logout, user creation, user profile updates, credential updates, and user verification events. By sharing richer identity and behavioral signals, Sift can generate more precise risk scores that help detect suspicious activity earlier and with greater confidence.
WSO2 Changelog
- 23 May, 2026
Support additional Algorithms methods for JWE Encryption
Providing stronger security options and increasing FAPI support, Asgardeo now supports additional JWE encryption algorithms for ID token encryption.
This enhancement ensures broader compatibility and robust protection for your identity data.
Newly Supported Algorithms:
- RSA-OAEP-256
- RSA-OAEP-384
- RSA-OAEP-512
- A192CBC-HS384
Documentation:
WSO2 Changelog
- 23 May, 2026
Preserve Active Sessions and Tokens Upon Password Update
Updating a password shouldn't always interrupt a user's flow. Previously, updating a password in Asgardeo—specifically through the My Account portal—mandatorily terminated the user’s session and revoked the active token, forcing an immediate re-login. This lack of flexibility meant that every password change resulted in a disrupted user experience, regardless of the organization's specific security needs.
WSO2 Launches Agent Manager to Bring Identity, Governance and Scale to Enterprise AI Agents
New, open platform aims to balance innovation and risk management in the era of AI agents
What's New in WSO2 API Manager 4.7
WSO2 API Manager 4.7 is now generally available. In April, WSO2 launched the API Platform to make enterprise APIs agent-ready. With this release, you can now connect your existing control plane to the new API Platform Gateway, which brings HTTP/2 and HTTP/3 support and a new Go-based policy engine.
This release is focused on giving your existing investment in WSO2 API Manager a wider reach, including:
AWS Summit Madrid
WSO2 is proud to be a Silver Sponsor at AWS Summit Madrid 2026 happening in Madrid on 4th of June. Visit us at Booth S18 to discover how our open source platform drives Trusted AI Governance and enables secure, efficient API management, integration, and identity solutions.
Why Azure AD B2C's Retirement Is a Test of Your Identity Architecture
Microsoft’s decision to retire Azure AD B2C Premium P2 and the looming uncertainty surrounding the P1 tier after 2030, is worth treating as more than a mere product transition. It is a loud signal about what happens when a critical piece of your enterprise architecture is dictated by a vendor's roadmap.
APIdays NY 2026
WSO2 is a Silver Sponsor at apidays New York. AI agents are the new API consumers and they don't read your developer portal. Visit our booth to see how the WSO2 API Platform makes your APIs agent-ready: convert REST APIs to MCP in minutes, govern LLM and agent traffic from a single control plane, and control costs with token-aware rate limiting and AI guardrails. Our team is on-site to talk through your architecture, demo live, and help you figure out what agent-readiness looks like for your stack.
The Path to European Digital Resilience
Increasing geopolitical uncertainties are driving the European Union’s (EU) efforts to reduce dependencies on non-European vendors and achieve European digital resilience. For nations and organizations that operate within the EU, overall success depends on establishing three strategic pillars: data sovereignty, cloud repatriation, and interoperability. Open source software provides the foundation for all three pillars, making its widespread adoption across Europe critical to achieving the digital resilience the region is working toward.