Download as PDF, PPTX
Uploaded byWSO2
Explore the Latest on WSO2 Identity Server 5.11
WSO2 Identity Server 5.11.0 introduces several new features including a new React-based console application, enhanced My Account application, software development kits for Java, .NET and Android, separation of groups and roles, integration with Hashicorp Vault, symmetric key encryption for data protection, upgrade to OpenSAML 3, tenant qualified URLs and tenant wise CORS management. The release also includes feature improvements and performance optimizations.
More Related Content
Similar to Explore the Latest on WSO2 Identity Server 5.11
![[WSO2Con USA 2018] Identity APIs is the New Black](https://cdn.slidesharecdn.com/ss_thumbnails/wso2conusa18identityapisisthenewblack-180718104220-thumbnail.jpg?width=640&height=640&fit=bounds)
![[WSO2Con EU 2018] Identity APIs is the New Black](https://cdn.slidesharecdn.com/ss_thumbnails/6-181113100800-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Roundtable] Choreo - The AI-Native Internal Developer Platform as a Service](https://cdn.slidesharecdn.com/ss_thumbnails/choreo-deck-250328074645-511dded7-thumbnail.jpg?width=640&height=640&fit=bounds)
Explore the Latest on WSO2 Identity Server 5.11
- 1. What’s New withIdentity Server 5.11.0? Thursday, December 03, 2020
- 2. Hello! Nipuni Paaris Pulasthi Mahawithana SoftwareEngineer pulasthim@wso2.com nipunib@wso2.com Technical Lead
- 3. What is WSO2Identity Server? 3
- 4. 4 Key Capabilities ● Identityfederation and SSO ● Identity bridging ● MFA and adaptive authentication ● Managing access to APIs ● Consent management ● Accounts management ● Progressive profiling ● RESTful APIs for integration ● Regulatory compliance ● Identity analytics WSO2 Identity Server Capabilities
- 5. What’s New withIS 5.11.0? 5 ● New react based Console application - BETA ● Enhanced My Account application ● Software Development Kits (SDKs) ● Group and Role Separation ● Integration with Hashicorp Vault ● Data protection with symmetric key encryption ● OpenSAML 3 upgrade ● Tenant Qualified URLs - BETA ● Tenant Wise CORS Management - BETA New Features Feature Improvements Performance Improvements
- 6. All New React-basedConsole
- 7. First Look atOur New Console 7
- 8. ● Application Management ●Identity Provider Management ● User store Management ● Users, Roles & Groups Management ● Email Template Management Key Highlights of the Console 8
- 9. Old vs NewConsole 9 ● Improved UI design and theme to provide a seamless user experience. ● Application management templates. ● Identity Provider management templates. ● User store management templates. ● Custom UI components to increase the usability.
- 10.
- 11. Enhanced My AccountApplication
- 12. My Account vsUser Portal 12 ● User claim update verification (email, mobile). ● Removed pending workflow approvals section. ● Minor cosmetic improvements.
- 13.
- 14. ● We introduceda number of SDKs aligning with Identity Server 5.11.0. ● Improves developer experience. ● Speed up the implementation of application UIs. ● No prior knowledge on authentication protocols required. ● Initially we will be providing the following SDKs: ⦿ Java OIDC SDK ⦿ .Net OIDC SDK ⦿ Android OIDC SDK SDKs for Java, .Net, and Android 14
- 15. Groups and RolesSeparation
- 16. In our previousversions both groups and roles were considered as roles in the system and roles could be managed via the WSO2 IS management console or the SCIM2 groups endpoint. This has been redesigned and groups and roles are considered separate entities in the system as described below. ● User: An identity of a person stored in the IAM system. ● Group: A representation of a set of users in the userstore. ● Role: Roles within the IAM solution that bind with permissions defined for resources within the IAM solution. It can be mapped to old hybrid roles. Roles and Groups Separation 16
- 17. Relationship Between Roles,Groups, and Users 17
- 18.
- 19.
- 20.
- 21. Configuration Secrets inHashicorp Vault 21 Credentials Database Keystore
- 22.
- 23.
- 24.
- 25. Symmetric Key Encryptionin Identity Server ● Uses AES/GCM/NoPadding as the encryption algorithm ● Improves performance ● Less impact on data migration on key rotation 25 Key v1 Key v2 Internal Data Symmetric key Symmetric key Symmetric key Rotate
- 26.
- 27. Major changes fromOpenSAML 2 to OpenSAML 3 27 ● The structure of the OpenSAML dependencies has changed between version 2 and 3. OpenSAML 3.x is structured as a Maven multi-module project. ● The Message Context has changed to become more modular. MessageHandlers has been added to process the messages using message context. ● The syntax has been changed for some processes. ● Some package and class renames ● Some methods are dropped out or either moved into another class
- 28.
- 29. Newly Introduced CIAMImprovements 29 ● Trigger email validation on email address change ● Trigger SMS based verification on mobile number change ● Enforcing uniqueness and regex validation for challenge question answers ● Auto-login the user upon successful password recovery improving account recovery experience ● Revoke session bounded tokens on logout and session expiry events ● And many more..
- 30.
- 31. Tenant Qualified URLs ●Identity Server will now have tenant domain in its URLs. Eg. ⦿ /oauth /t/mytenant.com/oauth ⦿ /scim2 /t/mytenant.com/scim2 ● Provides flexibility with tenant wise branding and sharding 31
- 32. Tenant Wise CORSManagement BETA
- 33. What is CORS? 33 ●Cross Origin Resource Sharing (CORS) is a mechanism that allows the web services to control the access to its resources from different origins. ● Especially helpful when integrating SPAs with the Identity Server. ● The WSO2 IS 5.11.0 supports enforcing CORS at the tenant level. ● We have also improved the deployment level CORS configuration as well The Identity Server must be running in the tenant URL mode in order for CORS to work.
- 34. Configure CORS DuringDeployment All the CORS parameters can be configured at the server level through the deployment.toml file. 34
- 35. Manage CORS throughthe REST APIs ● Server Configuration API : Configure CORS at tenant level ● Application Management API : Configure CORS at application level ● CORS API : View allowed CORS origins and associated applications 35
- 36.
- 37. Try out IdentityServer 5.11.0
- 38. Try out WSO2Identity Server 38 Download V5.11.0 https://wso2.com/identity-and-access-management Documentation https://is.docs.wso2.com/en/5.11.0 Report Issues https://github.com/wso2/product-is/issues Engage with the Community https://wso2.com/identity-and-access-management/community Mailing Lists iam-dev@wso2.org, dev@wso2.org, architecture@wso2.org
- 39.
- 40. 40 More Samples forcontent usage 1 Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna nec. Lorem ipsum dolor sit amet, consectetur adipiscing elit. 2 Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna nec. Lorem ipsum dolor sit amet, consectetur adipiscing elit. 3 Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna nec. Lorem ipsum dolor sit amet, consectetur adipiscing elit. 4 Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna nec. Lorem ipsum dolor sit amet, consectetur adipiscing elit.