WSO2 Identity Server 5.1.0Engage your Line of Business Managers with Workflows

Johann Dilantha NallathambyTechnical Lead & Product Lead of WSO2 Identity Server

Outline

o What is WSO2 Identity Servero What’s new with WSO2 Identity Server 5.1.0o Demoo Q&A

What is WSO2 Identity Server

o 100% free and open source with commercial supporto Lightweight and high performanceo Highly modular and extensibleo User friendly with minimal learning curveo Based on open standards

An open source Identity & Entitlement management server

Features Before IS 5.1.0

o Authenticationo Authorizationo Enterprise Single Sign-Ono Federated Single Sign-Ono Delegated Access Controlo Provisioningo Identity Management and Self Service

Capabilities

Authentication

o

Authorization

o Role Basedo Permission Basedo Attribute Basedo Policy Based

o XACML 2.0/3.0

Enterprise Identity Bus

o Decoupling Service Providers and Identity Providers making them unaware of each others’ existence

o Authentication Bridgeo Protocol translationo Multi-option and multi-step logino Home Realm Discovery (HRD)

o Provisioning Bridgeo Protocol translationo Just-In-Time (JIT) provisioning

o Claim transformationo Role transformation

Open Standards for Enterprise Single Sign-On(Inbound authenticators)

o SAML2 Web SSOo SAML2 Web Single Sign Outo SAML2 Basic Attribute Profile

o OpenID Connecto Core specification

o WS-Federationo OpenID 2.0

o Simple Registration Extension Protocolo Attribute Exchange Profile

o Integrated Windows Authentication

Federated Single Sign-On

o Supports pluggable outbound authenticator architectureo Supports all the same standards of the inbound

authenticationo Social Authentication

o Facebooko Googleo Yahooo Microsoft Live

Delegated Access Control

o OAuth2o OAuth2 Authorization Framework - RFC 6749o Bearer Token Profile - RFC 6750o SAML2 Grant Profile - RFC 7522o OAuth2 Token Revocation - RFC 7009o NTLM Grant

o WS-Trust 1.3/1.4

Provisioning

o Inbound and Outbound provisioning connectorso SCIM 1.1 (Inbound & Outbound)o SPML 2.0 (Outbound Only)o Google Appso SalesForce

o Non standard user/group management WS APIs for inbound provisioning only

o Non standard role/permission management WS APIs for inbound provisioning only

Identity Management & Self Service Capabilities

o Self sign-upo Password resets using secret questionso Password reset using email verificationo Password policies

o Password strengtho Minimum lengtho Password retry count

o Account verification with emailo One Time Passwordso User account locking

What’s New with Identity Server 5.1.0?

Workflowso Workflows for User/Group management

operationso Can be extended to cover any of your organization’s

critical Identity and Access Management needso Integrates with WSO2’s own Business Process

Server (BPS) out-of-the-boxo Can be extended to integrate with any non WSO2

Business Process Server

Workflowso Engage multi-option/multi-step workflows, using

users or roles.o Provides templating feature to define your own

workflowso Can be extended to provide customized templates

o Ships by default with the minimal set of business process features required.o Recommended to to deploy a full blown WSO2 BPS

product if going into production with significantly high load and to get all the other goodies that come with it!

WorkflowsArchitecture

Event Handler

Request Initiator

Callback Handler

Executor Manager

Database

Process Template

Initializer

Executor

Process Template Implementations

2-Factor Authentication with FIDOo http://wso2.com/library/webinars/2015/12/fido-

universal-second-factor-u2f-for-wso2-identity-server/

Linked Local Accountso In IS 5.0.0 we were able to link only federated

Identifiers to local accountso In IS 5.1.0 you are able to link one or more local

accounts together.o This will let you switch between user accounts

without re-login

WSO2 Store for Identity Server Connectors

o Public Storeo https://store.wso2.com/store/assets/isconnector

o Documentationo https://docs.wso2.

com/display/ISCONNECTORS/Identity+Server+Authenticators+and+Connectors

Other Improvementso Redesign of SSO Login pageo Registration is part of the login flowo Support for multiple Assertion Consumer URLso Support for more SAML2 signing algorithmso IdP-Initiated Single Logouto SAML1.0 Grant for OAuth2.0o OpenID Connect support for implicit Grant typeo SCIM Patch operation supporto Dumb mode provisioning with SCIM

Other Improvementso Multi-tenancy support in ADo Bulk user import support for all types of user

storeso Search users with attribute valueso Configurable Idle Session Timeout and

Remember Me Timeouto Placeholder support for configuration files such

as identity.xml, application-authenticators.xml, sso-idp-config.xml, etc.

o Boasts over 1500 bug fixes and improvementso https://wso2.org/jira/issues/?filter=12586

o Documentation updates and fixes

Referenceso Migrating from IS 5.0.0 to IS 5.1.0

o https://docs.wso2.com/display/IS510/Upgrading+from+a+Previous+Release

o IS 5.1.0 Documentationo https://docs.wso2.

com/display/IS510/WSO2+Identity+Server+Documentation

o Identity Server Webinarso http://wso2.com/library/webinars/identity-server/

What’s Next ?o Bug fix release in Q1 2016

o Will include minor improvementso Big release on C5 in Q3

o Next generation Carbon platformo Microservices engineo Native REST/JSON supporto Container based tenancy modelo Redesigning user management APIs to support

JAASo More to come...

Contact us !