SlideShare a Scribd company logo
QUANDO CHI COSA
1 marzo Gabriele Gianoglio
weModI e Interoperabilità delle PA: da un Comune all'Europa
è solo questione di API
15 marzo Matteo Bordin Novità WSO2 APIM
29 marzo Matteo Bordin Novità WSO2 IS
19 aprile
Stefano Negri
(WSO2)
TELCO success story
3 maggio Leo Antonaccio
Apification: opportunità delle organizzaioni moderne nella
post-digitalizzazione
17 maggio Gabriele Gianoglio
Autenticazione user centric: costruzione dell'identità dal punto
di vista architetturale oppure verso un modello passwordless
31 maggio Danilo Massaglia API Asincrone
14 giugno Gabriele Gianoglio Come installare WSO2 in AWS: tips and tricks
28 giugno Daniele Dal Farra Un Caso reale: Interoperabilità nelle Utility
12 luglio Daniele Dal Farra Un Caso reale: API exposition nel mondo Finance
26 luglio Leo Antonaccio Un Caso reale: Identity Management integrato con SPID
WSO2 ITALIA CLUB
Lo speaker di oggi…
Lui si definisce:
Perfezionista, curioso, coerente
Noi lo definiamo
Onesto, geniale, mai banale
Il nostro motto
« chiedi a Matteo!»
Matteo Bordin
WSO2 IS Main Feature
5
WSO2 IS New Feature
6
❖ Integration with TypingDNA
❖ Integration with ELK for identity analytics
❖ Multi-attribute login support
❖ Device flow support
❖ PBKDF2 hashing for user passwords
❖ Java 17 Runtime compatibility
❖ Authentication SDKs
❖ Password less authentication with Magic Link
❖ FIDO attestation validations
❖ Federated IDP Initiated OIDC Back-Channel Logout
❖ Support for rotating symmetric encryption key
❖ Remove the dependency on cookies for OIDC flows when extending the IdP session
❖ Auto login after self-registration
❖ Enhanced login portal and my account
❖ reCAPTCHA v3 and invisible reCAPTCHA v2 support
❖ Google One Tap authentication
❖ Accessibility
Integration with TypingDNA
7
TypingDNAis a behavioral biometrics vendorand a pioneerin delivering
typing biometrics technology as an API for user-friendly authentication to
businesses across cybersecurity, finance, education, and retail.
The vendorleverages typing biometricsto provide customers with a
seamless, user-friendly,risk-based authentication (RBA) experience to
enhance security and fraud detection.
Typing DNA uses AI-based technology to authenticate users
according to the way they type.
You can integrate typingDNA with WSO2 Identity Server to provide
risk-based adaptive authentication for users.
Scenario¶
Consider a scenario where you want to prompt an additional
authentication step if the typing pattern of the user trying to log in
does not match the typing pattern registered in the user's account.
Then the log in flow of the user should be stepped up as follows:
1.Basic authentication (username and password)
2.TOTP
var onLoginRequest = function(context) {
executeStep(1, {
onSuccess: function (context) {
verifyUserWithTypingDNA(context, {
onSuccess: function(context,data){
// Change the definition here as required.
var userVerified = data.result;
// data.isTypingPatternReceived indicates whether a
typing pattern is received from the login portal.
if (data.isTypingPatternReceived && !userVerified){
executeStep(2);
}
},
onFail: function(context,data){
executeStep(2);
}
});
}
});
};
Integration with ELK for identity analytics
8
ELK-based Analytics provides three types of dashboards:
•Auth Dashboard : The latest version of WSO2 Identity Server Analytics
allows you to view and analyze statistics of login attempts made through
the authentication framework of WSO2 Identity Server.
•Session Dashboard : Includes statistics related to specific sessions that
get created for differentapplicationsaccessed viathe WSO2 Identity
Server. A session is the duration between a successful log on and the
subsequentlog off by a specific user.
•Alert Dashboard : Facilitates alerting so that you can be informed about
abnormal behavior related to authentication operations carried out by the
WSO2 Identity Server.
The ELK based on-premise analytics architecture has 4 main
components.
1.Filebeat monitors the log file locations that you specify,
collects log events, and forwards them to logstash.
2.Logstash is a server-side data processing pipeline that
ingests data from multiple sources, transforms it, and then
sends it to Elasticsearch.
3.Elasticsearch is the central component of the Elastic stack
and it is a distributed, RESTful search and analytics engine
which can be used to store, search, and analyze big volumes of
data quickly and in near real time.
4.Kibana is a visualization layer that works on top of
Elasticsearch, providing users with the ability to analyze and
visualize the data.
Multi-attribute login support
9
WSO2 Identity Server lets you configure multiple attributes as the login identifier.
While username is the defaultlogin identifier, users can have the option to enter a
mobile number, email address or any attribute of their choice.
Supported flows
Multi-attribute login is supported in the following flows:
•Identifierfirstauthenticator
•Username & Password Authenticator
•Request path authenticator
•Authentication REST APIs
•Oauth Password grant
•Password recovery flow
Device flow support
10
With device flow support, users can leverage other devices, such as
smartphones, to complete login on a device with limited input.
PBKDF2 hashing for user passwords
11
Password-Based Key Derivation Function 2 (PBKDF2) hashing algorithm is
a modern hashing algorithm recommendedby NIST. We can use the
PBKDF2 hashing method to securely store user passwords in user stores.
This method reduces the risk of brute-force attacks due to insecure
passwords.
[user_store] type = "database_unique_id"
password_digest="PBKDF2"
Java 17 Runtime compatibility
12
Java 17 is the latest LTS release of Java. Premier supportof Java 11 is
supposed to end in September2023. WSO2 Identity Server 6.0.0
distribution is compatible withJava 17 runtime.
TestedJDK versions •OpenJDK11
•OpenJDK17
•Oracle JDK11
•Oracle JDK17
•AdoptOpenJDK11
TestedOperating Systems •Ubuntu 20.04
•CentOS 7
•Windows Server 2016
•Windows Server 2012 R2
•Windows 10
•Windows 11
•macOS x86_64
•macOS M1
TestedDBMS •MySQL 8.0
•MySQL 5.7
•Oracle 19C
•Oracle SE2-19.0
•Microsoft SQL Server 2019
•SQLServer-SE-14.00
•DB2 v11.5
•Postgres 10.19
•Postgres 13.7
•Postgres 14
•Embedded H2
TestedLDAPs • Open LDAP 2.4.28
• Microsoft ActiveDirectory
Windows 2012
Authentication SDKs
13
SDKs allow you to integrate web or single-page applications easily with
WSO2 Identity Server and OpenID Connectwhile adhering to security best
practices. The following SDKs are supported:
• React SDK
• Angular SDK
• JavaScript SDK
Password less authentication with Magic Link
14
Magic Link is a form of passwordless authentication. It allows users to log
in by clicking alink sent to their email instead of entering a password.
FIDO attestation validations
15
FIDO attestation validations allowyou to further validate the FIDO2
authenticator data during the security key registration.
FIDO2 attestation validations allowyou to further validate the FIDO2
authenticator data during the security key registration. WSO2 identity server
provides two means of validating the authenticator data during the security
key registration.
•Advanced validations:WSO2 identity server will perform some advanced
validations forthe device registration data. Examples include attestation
type specific validations, certificate related validations,etc.
•Security Key/Biometrics (FIDO) metadata based validations: WSO2
identity server will validate the device registration data against the FIDO
alliance’s metadata.
Federated IDP Initiated OIDC Back-Channel Logout
16
With OIDC identity federation in the identity server, WSO2 IS acts as a Relying Party (RP) to the
federated identity provider.
However, currently, there is no mechanism to terminate the sessions and revoke tokens in WSO2 IS
(RP) whenever there is a session update on the federated IDP (OP) side.
The OIDC Back Channel Logout v1.0 spec defines a mechanism forcommunicating logoutrequests
to all RPs that have established sessions withan OP.
This mechanism relies upon direct communicationof such requests between OP and RPs bypassing
the User-Agent.
It imposes newrequirements that RPs have a logout endpointthat is reachable by the OP. This
feature will enable that capability in WSO2 Identity Server.
Support for rotating symmetric encryption key
17
This is an external tool that re-encrypts internal data after rotation of the
configured symmetric dataencryption key. You can use this tool to re-
encryptthe identity and registry databases and other configurationfiles as
user store configurations. Additionally,the tool can sync end-user data that
gets generated in the live system with minimumdowntime.
Remove the dependency on cookies for OIDC flows when extending the
IdP session
18
Overcome the restrictions (due to third-party cookie limitations by browsers such as Safari)
to extend IDP sessions when application and IDP origins differfrom each other.
This serves as an alternative to passive authentication requests that would no longerwork
in impacted browsers.
Auto login after self-registration
19
In the self-registration flow, the user is asked to re-enter password credentials after
the user is verified using email.
With this feature, after the user is verified by clickingthe verification mail, the user is
logged in immediately without having to re-enter credentials.
Enhanced login portal and my account
20
Hides UI widgets based on tenant-level account managementconfigurationpreferences
such as self-registration and accountrecovery.
This dynamically changes the UI elements accordingto the tenant-level configurations.
For example, if self-registration is not enabled forthe tenant, the self-registration link is
hidden on the login page.
The latest set of features that will be available with the new My Accountincludes:
•User profile management
•Linked accounts
•Export user profile
•Reset password
•Account recovery
•Multi-factorauthentication
•Monitoractive user sessions
•Consentmanagement
•Reviewpending approvals
reCAPTCHA v3 and invisible reCAPTCHA v2 support
21
Improved security againstspam and fraudulent activity with an enhanced reCAPTCHA
user experience compared to the conventional"I'm not a robot" checkbox.
reCAPTCHA v2 (InvisiblereCAPTCHA)¶
The invisible reCAPTCHA badge does not require the user to click a checkbox; instead, it is activated
when the user clicks on an existing button on your site or via a JavaScript API call. Only the most
suspicious traffic will be prompted to solve a captcha.
reCAPTCHA v3¶
With the reCAPTCHA v3, a score is returned for each request without requiring user interaction. It
allows you the ability to take action inside the context of your website, such as adding more
authentication factors, flagginga postfor moderation, orslowing down scraping bots.
In the Identity Server implementation, youare required to selecta threshold value by looking at the
traffic at reCAPTCHA admin console.
If the score is less than the threshold, the request will be blocked by the server. The default value for
the threshold is 0.5.
Google One Tap authentication
22
Enabling seamlessauthentication with Google on authenticated Google
sessions with a single tap. A personalized login button will be there forsign-
in/sign-up.
This option is enabled via the existing Google authenticator.
Accessibility
23
The user authentication and recovery pages are now WCAG 2.1 AA compliant,enhancingthe accessibility of WSO2
Identity Server to a broader audience.
Main UseCase/Features
24
Identity federation and single sign on
Enables federated access to web and mobile applications
using open identity standards.
Identity bridging
Facilitates exchanging identity attributes and authentication
decisionsbetween heterogeneous identity systems in a
seamless manner.
Adaptive and strong authentication
Enables applications to secure access with multi-factor
authentication based on environment,user attributes,
behavior, and risk.
API and microservices security
Secures access to APIs and microservices based on open
standards.
Accountmanagementand identity provisioning
Helps to manage users and groups with automated
provisioningand approval workflows.
Access Control
Control access to applications in the login flowwith fine-
grained policies and act as a policy decision pointforthird-
party applications.
Privacy and consentmanagement
Enables privacy and gives users control over their data with
consent lifecycle managementand data security that adhere
to privacy by design and privacy by default principles.
Identity analytics
Provides administrators with insights related to
authentication, concurrent sessions, and anomalous login
patterns.
wso2.com profesia.it
Thanks!
Q&A?
sales@profesia.it 011 012 03 71
25
19/04 h 14:30

More Related Content

Similar to WSO2 ITALIA SMART TALK #3 WSO2 IS NEW FEATURE

GHC18 Abstract - API Security, a Grail Quest
GHC18 Abstract - API Security, a Grail QuestGHC18 Abstract - API Security, a Grail Quest
GHC18 Abstract - API Security, a Grail Quest
PaulaPaulSlides
 
Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016
Brian Spector
 
Single sign on assistant an authentication brokers
Single sign on assistant an authentication brokersSingle sign on assistant an authentication brokers
Single sign on assistant an authentication brokers
Finalyear Projects
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy Management
Manish Harsh
 
Build Your Mobile App Faster with AWS Mobile Services
Build Your Mobile App Faster with AWS Mobile ServicesBuild Your Mobile App Faster with AWS Mobile Services
Build Your Mobile App Faster with AWS Mobile Services
Amazon Web Services
 
Adobe PDF and LiveCycle ES Security
Adobe PDF and LiveCycle ES SecurityAdobe PDF and LiveCycle ES Security
Adobe PDF and LiveCycle ES Security
guest2a5a03
 
Office 365 and Cloud Identity – What Does It Mean For Me?
Office 365 and Cloud Identity – What Does It Mean For Me?Office 365 and Cloud Identity – What Does It Mean For Me?
Office 365 and Cloud Identity – What Does It Mean For Me?
Scott Hoag
 
IRJET- Security Empowerment using QR Code and Session Tracking for Cued R...
IRJET-  	  Security Empowerment using QR Code and Session Tracking for Cued R...IRJET-  	  Security Empowerment using QR Code and Session Tracking for Cued R...
IRJET- Security Empowerment using QR Code and Session Tracking for Cued R...
IRJET Journal
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
Torsten Lodderstedt
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
Torsten Lodderstedt
 
(MBL302) Mastering Synchronization Across Mobile Devices, Login Providers, an...
(MBL302) Mastering Synchronization Across Mobile Devices, Login Providers, an...(MBL302) Mastering Synchronization Across Mobile Devices, Login Providers, an...
(MBL302) Mastering Synchronization Across Mobile Devices, Login Providers, an...
Amazon Web Services
 
What's New in IdP 9.0 Behavioral Biometrics and more…
What's New in IdP 9.0 Behavioral Biometrics and more…What's New in IdP 9.0 Behavioral Biometrics and more…
What's New in IdP 9.0 Behavioral Biometrics and more…
SecureAuth
 
Microservice architecture-api-gateway-considerations
Microservice architecture-api-gateway-considerationsMicroservice architecture-api-gateway-considerations
Microservice architecture-api-gateway-considerations
Imam Uddin Ahamed - PRINCE2 ® , ITIL ®
 
Kerberos-PKI-Federated identity
Kerberos-PKI-Federated identityKerberos-PKI-Federated identity
Kerberos-PKI-Federated identity
WAFAA AL SALMAN
 
Multifactor authenticationMultifactor authentication or MFA .docx
Multifactor authenticationMultifactor authentication or MFA .docxMultifactor authenticationMultifactor authentication or MFA .docx
Multifactor authenticationMultifactor authentication or MFA .docx
gilpinleeanna
 
Securing RESTful API
Securing RESTful APISecuring RESTful API
Securing RESTful API
Muhammad Zbeedat
 
ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016  ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016
ForgeRock
 
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDB
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDBMongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDB
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDB
MongoDB
 
Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018
MOnCloud
 
2015.04.23 Azure Mobile Services
2015.04.23 Azure Mobile Services2015.04.23 Azure Mobile Services
2015.04.23 Azure Mobile Services
Marco Parenzan
 

Similar to WSO2 ITALIA SMART TALK #3 WSO2 IS NEW FEATURE (20)

GHC18 Abstract - API Security, a Grail Quest
GHC18 Abstract - API Security, a Grail QuestGHC18 Abstract - API Security, a Grail Quest
GHC18 Abstract - API Security, a Grail Quest
 
Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016
 
Single sign on assistant an authentication brokers
Single sign on assistant an authentication brokersSingle sign on assistant an authentication brokers
Single sign on assistant an authentication brokers
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy Management
 
Build Your Mobile App Faster with AWS Mobile Services
Build Your Mobile App Faster with AWS Mobile ServicesBuild Your Mobile App Faster with AWS Mobile Services
Build Your Mobile App Faster with AWS Mobile Services
 
Adobe PDF and LiveCycle ES Security
Adobe PDF and LiveCycle ES SecurityAdobe PDF and LiveCycle ES Security
Adobe PDF and LiveCycle ES Security
 
Office 365 and Cloud Identity – What Does It Mean For Me?
Office 365 and Cloud Identity – What Does It Mean For Me?Office 365 and Cloud Identity – What Does It Mean For Me?
Office 365 and Cloud Identity – What Does It Mean For Me?
 
IRJET- Security Empowerment using QR Code and Session Tracking for Cued R...
IRJET-  	  Security Empowerment using QR Code and Session Tracking for Cued R...IRJET-  	  Security Empowerment using QR Code and Session Tracking for Cued R...
IRJET- Security Empowerment using QR Code and Session Tracking for Cued R...
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
 
(MBL302) Mastering Synchronization Across Mobile Devices, Login Providers, an...
(MBL302) Mastering Synchronization Across Mobile Devices, Login Providers, an...(MBL302) Mastering Synchronization Across Mobile Devices, Login Providers, an...
(MBL302) Mastering Synchronization Across Mobile Devices, Login Providers, an...
 
What's New in IdP 9.0 Behavioral Biometrics and more…
What's New in IdP 9.0 Behavioral Biometrics and more…What's New in IdP 9.0 Behavioral Biometrics and more…
What's New in IdP 9.0 Behavioral Biometrics and more…
 
Microservice architecture-api-gateway-considerations
Microservice architecture-api-gateway-considerationsMicroservice architecture-api-gateway-considerations
Microservice architecture-api-gateway-considerations
 
Kerberos-PKI-Federated identity
Kerberos-PKI-Federated identityKerberos-PKI-Federated identity
Kerberos-PKI-Federated identity
 
Multifactor authenticationMultifactor authentication or MFA .docx
Multifactor authenticationMultifactor authentication or MFA .docxMultifactor authenticationMultifactor authentication or MFA .docx
Multifactor authenticationMultifactor authentication or MFA .docx
 
Securing RESTful API
Securing RESTful APISecuring RESTful API
Securing RESTful API
 
ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016  ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016
 
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDB
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDBMongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDB
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDB
 
Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018
 
2015.04.23 Azure Mobile Services
2015.04.23 Azure Mobile Services2015.04.23 Azure Mobile Services
2015.04.23 Azure Mobile Services
 

More from Profesia Srl, Lynx Group

6.TICTACTECH_POLARION_5giugno_ Functional Safety & CyberSecurity con Polarion
6.TICTACTECH_POLARION_5giugno_ Functional Safety & CyberSecurity con Polarion6.TICTACTECH_POLARION_5giugno_ Functional Safety & CyberSecurity con Polarion
6.TICTACTECH_POLARION_5giugno_ Functional Safety & CyberSecurity con Polarion
Profesia Srl, Lynx Group
 
5. TIC TAC TECH: Employee Experience Empowerment grazie a Newired
5. TIC TAC TECH: Employee Experience Empowerment grazie a Newired5. TIC TAC TECH: Employee Experience Empowerment grazie a Newired
5. TIC TAC TECH: Employee Experience Empowerment grazie a Newired
Profesia Srl, Lynx Group
 
3.TIC TAC TECH: Gartner - Gestire il debito tecnico dell'architettura IT
3.TIC TAC TECH: Gartner - Gestire il debito tecnico dell'architettura IT3.TIC TAC TECH: Gartner - Gestire il debito tecnico dell'architettura IT
3.TIC TAC TECH: Gartner - Gestire il debito tecnico dell'architettura IT
Profesia Srl, Lynx Group
 
2. Guidare il futuro, l'approccio di WSO2 Italia alle tendenze tecnologiche e...
2. Guidare il futuro, l'approccio di WSO2 Italia alle tendenze tecnologiche e...2. Guidare il futuro, l'approccio di WSO2 Italia alle tendenze tecnologiche e...
2. Guidare il futuro, l'approccio di WSO2 Italia alle tendenze tecnologiche e...
Profesia Srl, Lynx Group
 
1.Profesia 2023 State of the Software Supply Chain Talk.pdf
1.Profesia 2023 State of the Software Supply Chain Talk.pdf1.Profesia 2023 State of the Software Supply Chain Talk.pdf
1.Profesia 2023 State of the Software Supply Chain Talk.pdf
Profesia Srl, Lynx Group
 
Web content design: creare contenuti di qualità con Newired
Web content design: creare contenuti di qualità con NewiredWeb content design: creare contenuti di qualità con Newired
Web content design: creare contenuti di qualità con Newired
Profesia Srl, Lynx Group
 
In Estra la Digital Transformation parte dalla User Experience del Cliente
In Estra la Digital Transformation parte dalla User Experience del ClienteIn Estra la Digital Transformation parte dalla User Experience del Cliente
In Estra la Digital Transformation parte dalla User Experience del Cliente
Profesia Srl, Lynx Group
 
Omnichannel API integration in luxury market by Gianvito Rossi
Omnichannel API integration in luxury market by Gianvito RossiOmnichannel API integration in luxury market by Gianvito Rossi
Omnichannel API integration in luxury market by Gianvito Rossi
Profesia Srl, Lynx Group
 
API Transformation in Crédit Agricole Italia
API Transformation in Crédit Agricole ItaliaAPI Transformation in Crédit Agricole Italia
API Transformation in Crédit Agricole Italia
Profesia Srl, Lynx Group
 
Verso l’universo e oltre
Verso l’universo e oltreVerso l’universo e oltre
Verso l’universo e oltre
Profesia Srl, Lynx Group
 
WSO2 ITALIA SMART TALK #10 - Interoperability nelle utility, un caso reale
WSO2 ITALIA SMART TALK #10 - Interoperability nelle utility, un caso realeWSO2 ITALIA SMART TALK #10 - Interoperability nelle utility, un caso reale
WSO2 ITALIA SMART TALK #10 - Interoperability nelle utility, un caso reale
Profesia Srl, Lynx Group
 
WSO2 ITALIA SMART TALK #7 - Installare WSO2 in AWS: tips and tricks
 WSO2 ITALIA SMART TALK #7 - Installare WSO2 in AWS: tips and tricks WSO2 ITALIA SMART TALK #7 - Installare WSO2 in AWS: tips and tricks
WSO2 ITALIA SMART TALK #7 - Installare WSO2 in AWS: tips and tricks
Profesia Srl, Lynx Group
 
WSO2 ITALIA SMART TALK #9 - WSO2 IDENTITY SERVER & SPID: UN CASO REALE
WSO2 ITALIA SMART TALK #9 - WSO2 IDENTITY SERVER & SPID: UN CASO REALEWSO2 ITALIA SMART TALK #9 - WSO2 IDENTITY SERVER & SPID: UN CASO REALE
WSO2 ITALIA SMART TALK #9 - WSO2 IDENTITY SERVER & SPID: UN CASO REALE
Profesia Srl, Lynx Group
 
WSO2 ITALIA SMARTTALK #8 ASYNCAPI.pdf
WSO2 ITALIA SMARTTALK #8 ASYNCAPI.pdfWSO2 ITALIA SMARTTALK #8 ASYNCAPI.pdf
WSO2 ITALIA SMARTTALK #8 ASYNCAPI.pdf
Profesia Srl, Lynx Group
 
WSO2 ITALIA SMART TALK #6 - Autenticazione User Centric: Identità digitale
WSO2 ITALIA SMART TALK #6 - Autenticazione User Centric: Identità digitaleWSO2 ITALIA SMART TALK #6 - Autenticazione User Centric: Identità digitale
WSO2 ITALIA SMART TALK #6 - Autenticazione User Centric: Identità digitale
Profesia Srl, Lynx Group
 
WSO2 ITALIA SMART TALK #5 - APIFICATION: OPPORTUNITÀ DELLE ORGANIZZAZIONI MOD...
WSO2 ITALIA SMART TALK #5 - APIFICATION: OPPORTUNITÀ DELLE ORGANIZZAZIONI MOD...WSO2 ITALIA SMART TALK #5 - APIFICATION: OPPORTUNITÀ DELLE ORGANIZZAZIONI MOD...
WSO2 ITALIA SMART TALK #5 - APIFICATION: OPPORTUNITÀ DELLE ORGANIZZAZIONI MOD...
Profesia Srl, Lynx Group
 
WSO2 ITALIA SMART TALK #4 - Telefonica Use Case
WSO2 ITALIA SMART TALK #4 - Telefonica Use CaseWSO2 ITALIA SMART TALK #4 - Telefonica Use Case
WSO2 ITALIA SMART TALK #4 - Telefonica Use Case
Profesia Srl, Lynx Group
 
WSO2 ITALIA SMART TALK 2023 #2- WSO2 APIM new Feature
WSO2 ITALIA SMART TALK 2023 #2- WSO2 APIM new FeatureWSO2 ITALIA SMART TALK 2023 #2- WSO2 APIM new Feature
WSO2 ITALIA SMART TALK 2023 #2- WSO2 APIM new Feature
Profesia Srl, Lynx Group
 
PA NON TI DEMO: weModI e Interoperabilità delle PA...
PA NON TI DEMO: weModI e Interoperabilità delle PA...PA NON TI DEMO: weModI e Interoperabilità delle PA...
PA NON TI DEMO: weModI e Interoperabilità delle PA...
Profesia Srl, Lynx Group
 
WSO2 ITALIA SMART TALK #1 - WSO2 diventa MODI e PDND compliant
WSO2 ITALIA SMART TALK #1 - WSO2 diventa MODI e PDND compliantWSO2 ITALIA SMART TALK #1 - WSO2 diventa MODI e PDND compliant
WSO2 ITALIA SMART TALK #1 - WSO2 diventa MODI e PDND compliant
Profesia Srl, Lynx Group
 

More from Profesia Srl, Lynx Group (20)

6.TICTACTECH_POLARION_5giugno_ Functional Safety & CyberSecurity con Polarion
6.TICTACTECH_POLARION_5giugno_ Functional Safety & CyberSecurity con Polarion6.TICTACTECH_POLARION_5giugno_ Functional Safety & CyberSecurity con Polarion
6.TICTACTECH_POLARION_5giugno_ Functional Safety & CyberSecurity con Polarion
 
5. TIC TAC TECH: Employee Experience Empowerment grazie a Newired
5. TIC TAC TECH: Employee Experience Empowerment grazie a Newired5. TIC TAC TECH: Employee Experience Empowerment grazie a Newired
5. TIC TAC TECH: Employee Experience Empowerment grazie a Newired
 
3.TIC TAC TECH: Gartner - Gestire il debito tecnico dell'architettura IT
3.TIC TAC TECH: Gartner - Gestire il debito tecnico dell'architettura IT3.TIC TAC TECH: Gartner - Gestire il debito tecnico dell'architettura IT
3.TIC TAC TECH: Gartner - Gestire il debito tecnico dell'architettura IT
 
2. Guidare il futuro, l'approccio di WSO2 Italia alle tendenze tecnologiche e...
2. Guidare il futuro, l'approccio di WSO2 Italia alle tendenze tecnologiche e...2. Guidare il futuro, l'approccio di WSO2 Italia alle tendenze tecnologiche e...
2. Guidare il futuro, l'approccio di WSO2 Italia alle tendenze tecnologiche e...
 
1.Profesia 2023 State of the Software Supply Chain Talk.pdf
1.Profesia 2023 State of the Software Supply Chain Talk.pdf1.Profesia 2023 State of the Software Supply Chain Talk.pdf
1.Profesia 2023 State of the Software Supply Chain Talk.pdf
 
Web content design: creare contenuti di qualità con Newired
Web content design: creare contenuti di qualità con NewiredWeb content design: creare contenuti di qualità con Newired
Web content design: creare contenuti di qualità con Newired
 
In Estra la Digital Transformation parte dalla User Experience del Cliente
In Estra la Digital Transformation parte dalla User Experience del ClienteIn Estra la Digital Transformation parte dalla User Experience del Cliente
In Estra la Digital Transformation parte dalla User Experience del Cliente
 
Omnichannel API integration in luxury market by Gianvito Rossi
Omnichannel API integration in luxury market by Gianvito RossiOmnichannel API integration in luxury market by Gianvito Rossi
Omnichannel API integration in luxury market by Gianvito Rossi
 
API Transformation in Crédit Agricole Italia
API Transformation in Crédit Agricole ItaliaAPI Transformation in Crédit Agricole Italia
API Transformation in Crédit Agricole Italia
 
Verso l’universo e oltre
Verso l’universo e oltreVerso l’universo e oltre
Verso l’universo e oltre
 
WSO2 ITALIA SMART TALK #10 - Interoperability nelle utility, un caso reale
WSO2 ITALIA SMART TALK #10 - Interoperability nelle utility, un caso realeWSO2 ITALIA SMART TALK #10 - Interoperability nelle utility, un caso reale
WSO2 ITALIA SMART TALK #10 - Interoperability nelle utility, un caso reale
 
WSO2 ITALIA SMART TALK #7 - Installare WSO2 in AWS: tips and tricks
 WSO2 ITALIA SMART TALK #7 - Installare WSO2 in AWS: tips and tricks WSO2 ITALIA SMART TALK #7 - Installare WSO2 in AWS: tips and tricks
WSO2 ITALIA SMART TALK #7 - Installare WSO2 in AWS: tips and tricks
 
WSO2 ITALIA SMART TALK #9 - WSO2 IDENTITY SERVER & SPID: UN CASO REALE
WSO2 ITALIA SMART TALK #9 - WSO2 IDENTITY SERVER & SPID: UN CASO REALEWSO2 ITALIA SMART TALK #9 - WSO2 IDENTITY SERVER & SPID: UN CASO REALE
WSO2 ITALIA SMART TALK #9 - WSO2 IDENTITY SERVER & SPID: UN CASO REALE
 
WSO2 ITALIA SMARTTALK #8 ASYNCAPI.pdf
WSO2 ITALIA SMARTTALK #8 ASYNCAPI.pdfWSO2 ITALIA SMARTTALK #8 ASYNCAPI.pdf
WSO2 ITALIA SMARTTALK #8 ASYNCAPI.pdf
 
WSO2 ITALIA SMART TALK #6 - Autenticazione User Centric: Identità digitale
WSO2 ITALIA SMART TALK #6 - Autenticazione User Centric: Identità digitaleWSO2 ITALIA SMART TALK #6 - Autenticazione User Centric: Identità digitale
WSO2 ITALIA SMART TALK #6 - Autenticazione User Centric: Identità digitale
 
WSO2 ITALIA SMART TALK #5 - APIFICATION: OPPORTUNITÀ DELLE ORGANIZZAZIONI MOD...
WSO2 ITALIA SMART TALK #5 - APIFICATION: OPPORTUNITÀ DELLE ORGANIZZAZIONI MOD...WSO2 ITALIA SMART TALK #5 - APIFICATION: OPPORTUNITÀ DELLE ORGANIZZAZIONI MOD...
WSO2 ITALIA SMART TALK #5 - APIFICATION: OPPORTUNITÀ DELLE ORGANIZZAZIONI MOD...
 
WSO2 ITALIA SMART TALK #4 - Telefonica Use Case
WSO2 ITALIA SMART TALK #4 - Telefonica Use CaseWSO2 ITALIA SMART TALK #4 - Telefonica Use Case
WSO2 ITALIA SMART TALK #4 - Telefonica Use Case
 
WSO2 ITALIA SMART TALK 2023 #2- WSO2 APIM new Feature
WSO2 ITALIA SMART TALK 2023 #2- WSO2 APIM new FeatureWSO2 ITALIA SMART TALK 2023 #2- WSO2 APIM new Feature
WSO2 ITALIA SMART TALK 2023 #2- WSO2 APIM new Feature
 
PA NON TI DEMO: weModI e Interoperabilità delle PA...
PA NON TI DEMO: weModI e Interoperabilità delle PA...PA NON TI DEMO: weModI e Interoperabilità delle PA...
PA NON TI DEMO: weModI e Interoperabilità delle PA...
 
WSO2 ITALIA SMART TALK #1 - WSO2 diventa MODI e PDND compliant
WSO2 ITALIA SMART TALK #1 - WSO2 diventa MODI e PDND compliantWSO2 ITALIA SMART TALK #1 - WSO2 diventa MODI e PDND compliant
WSO2 ITALIA SMART TALK #1 - WSO2 diventa MODI e PDND compliant
 

Recently uploaded

LORRAINE ANDREI_LEQUIGAN_HOW TO USE WHATSAPP.pptx
LORRAINE ANDREI_LEQUIGAN_HOW TO USE WHATSAPP.pptxLORRAINE ANDREI_LEQUIGAN_HOW TO USE WHATSAPP.pptx
LORRAINE ANDREI_LEQUIGAN_HOW TO USE WHATSAPP.pptx
lorraineandreiamcidl
 
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppAI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
Google
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Julian Hyde
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Łukasz Chruściel
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
Green Software Development
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
Shane Coughlan
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
Green Software Development
 
Energy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina JonuziEnergy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina Jonuzi
Green Software Development
 
Why Choose Odoo 17 Community & How it differs from Odoo 17 Enterprise Edition
Why Choose Odoo 17 Community & How it differs from Odoo 17 Enterprise EditionWhy Choose Odoo 17 Community & How it differs from Odoo 17 Enterprise Edition
Why Choose Odoo 17 Community & How it differs from Odoo 17 Enterprise Edition
Envertis Software Solutions
 
Unveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdfUnveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdf
brainerhub1
 
SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024
Hironori Washizaki
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
Neo4j
 
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesE-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
Quickdice ERP
 
How to write a program in any programming language
How to write a program in any programming languageHow to write a program in any programming language
How to write a program in any programming language
Rakesh Kumar R
 
Oracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptxOracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptx
Remote DBA Services
 
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j
 
Using Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional SafetyUsing Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional Safety
Ayan Halder
 
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata
 
DDS-Security 1.2 - What's New? Stronger security for long-running systems
DDS-Security 1.2 - What's New? Stronger security for long-running systemsDDS-Security 1.2 - What's New? Stronger security for long-running systems
DDS-Security 1.2 - What's New? Stronger security for long-running systems
Gerardo Pardo-Castellote
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
Rakesh Kumar R
 

Recently uploaded (20)

LORRAINE ANDREI_LEQUIGAN_HOW TO USE WHATSAPP.pptx
LORRAINE ANDREI_LEQUIGAN_HOW TO USE WHATSAPP.pptxLORRAINE ANDREI_LEQUIGAN_HOW TO USE WHATSAPP.pptx
LORRAINE ANDREI_LEQUIGAN_HOW TO USE WHATSAPP.pptx
 
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppAI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
 
Energy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina JonuziEnergy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina Jonuzi
 
Why Choose Odoo 17 Community & How it differs from Odoo 17 Enterprise Edition
Why Choose Odoo 17 Community & How it differs from Odoo 17 Enterprise EditionWhy Choose Odoo 17 Community & How it differs from Odoo 17 Enterprise Edition
Why Choose Odoo 17 Community & How it differs from Odoo 17 Enterprise Edition
 
Unveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdfUnveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdf
 
SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
 
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesE-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
 
How to write a program in any programming language
How to write a program in any programming languageHow to write a program in any programming language
How to write a program in any programming language
 
Oracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptxOracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptx
 
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
 
Using Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional SafetyUsing Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional Safety
 
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024
 
DDS-Security 1.2 - What's New? Stronger security for long-running systems
DDS-Security 1.2 - What's New? Stronger security for long-running systemsDDS-Security 1.2 - What's New? Stronger security for long-running systems
DDS-Security 1.2 - What's New? Stronger security for long-running systems
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
 

WSO2 ITALIA SMART TALK #3 WSO2 IS NEW FEATURE

  • 1. QUANDO CHI COSA 1 marzo Gabriele Gianoglio weModI e Interoperabilità delle PA: da un Comune all'Europa è solo questione di API 15 marzo Matteo Bordin Novità WSO2 APIM 29 marzo Matteo Bordin Novità WSO2 IS 19 aprile Stefano Negri (WSO2) TELCO success story 3 maggio Leo Antonaccio Apification: opportunità delle organizzaioni moderne nella post-digitalizzazione 17 maggio Gabriele Gianoglio Autenticazione user centric: costruzione dell'identità dal punto di vista architetturale oppure verso un modello passwordless 31 maggio Danilo Massaglia API Asincrone 14 giugno Gabriele Gianoglio Come installare WSO2 in AWS: tips and tricks 28 giugno Daniele Dal Farra Un Caso reale: Interoperabilità nelle Utility 12 luglio Daniele Dal Farra Un Caso reale: API exposition nel mondo Finance 26 luglio Leo Antonaccio Un Caso reale: Identity Management integrato con SPID
  • 2.
  • 4. Lo speaker di oggi… Lui si definisce: Perfezionista, curioso, coerente Noi lo definiamo Onesto, geniale, mai banale Il nostro motto « chiedi a Matteo!» Matteo Bordin
  • 5. WSO2 IS Main Feature 5
  • 6. WSO2 IS New Feature 6 ❖ Integration with TypingDNA ❖ Integration with ELK for identity analytics ❖ Multi-attribute login support ❖ Device flow support ❖ PBKDF2 hashing for user passwords ❖ Java 17 Runtime compatibility ❖ Authentication SDKs ❖ Password less authentication with Magic Link ❖ FIDO attestation validations ❖ Federated IDP Initiated OIDC Back-Channel Logout ❖ Support for rotating symmetric encryption key ❖ Remove the dependency on cookies for OIDC flows when extending the IdP session ❖ Auto login after self-registration ❖ Enhanced login portal and my account ❖ reCAPTCHA v3 and invisible reCAPTCHA v2 support ❖ Google One Tap authentication ❖ Accessibility
  • 7. Integration with TypingDNA 7 TypingDNAis a behavioral biometrics vendorand a pioneerin delivering typing biometrics technology as an API for user-friendly authentication to businesses across cybersecurity, finance, education, and retail. The vendorleverages typing biometricsto provide customers with a seamless, user-friendly,risk-based authentication (RBA) experience to enhance security and fraud detection. Typing DNA uses AI-based technology to authenticate users according to the way they type. You can integrate typingDNA with WSO2 Identity Server to provide risk-based adaptive authentication for users. Scenario¶ Consider a scenario where you want to prompt an additional authentication step if the typing pattern of the user trying to log in does not match the typing pattern registered in the user's account. Then the log in flow of the user should be stepped up as follows: 1.Basic authentication (username and password) 2.TOTP var onLoginRequest = function(context) { executeStep(1, { onSuccess: function (context) { verifyUserWithTypingDNA(context, { onSuccess: function(context,data){ // Change the definition here as required. var userVerified = data.result; // data.isTypingPatternReceived indicates whether a typing pattern is received from the login portal. if (data.isTypingPatternReceived && !userVerified){ executeStep(2); } }, onFail: function(context,data){ executeStep(2); } }); } }); };
  • 8. Integration with ELK for identity analytics 8 ELK-based Analytics provides three types of dashboards: •Auth Dashboard : The latest version of WSO2 Identity Server Analytics allows you to view and analyze statistics of login attempts made through the authentication framework of WSO2 Identity Server. •Session Dashboard : Includes statistics related to specific sessions that get created for differentapplicationsaccessed viathe WSO2 Identity Server. A session is the duration between a successful log on and the subsequentlog off by a specific user. •Alert Dashboard : Facilitates alerting so that you can be informed about abnormal behavior related to authentication operations carried out by the WSO2 Identity Server. The ELK based on-premise analytics architecture has 4 main components. 1.Filebeat monitors the log file locations that you specify, collects log events, and forwards them to logstash. 2.Logstash is a server-side data processing pipeline that ingests data from multiple sources, transforms it, and then sends it to Elasticsearch. 3.Elasticsearch is the central component of the Elastic stack and it is a distributed, RESTful search and analytics engine which can be used to store, search, and analyze big volumes of data quickly and in near real time. 4.Kibana is a visualization layer that works on top of Elasticsearch, providing users with the ability to analyze and visualize the data.
  • 9. Multi-attribute login support 9 WSO2 Identity Server lets you configure multiple attributes as the login identifier. While username is the defaultlogin identifier, users can have the option to enter a mobile number, email address or any attribute of their choice. Supported flows Multi-attribute login is supported in the following flows: •Identifierfirstauthenticator •Username & Password Authenticator •Request path authenticator •Authentication REST APIs •Oauth Password grant •Password recovery flow
  • 10. Device flow support 10 With device flow support, users can leverage other devices, such as smartphones, to complete login on a device with limited input.
  • 11. PBKDF2 hashing for user passwords 11 Password-Based Key Derivation Function 2 (PBKDF2) hashing algorithm is a modern hashing algorithm recommendedby NIST. We can use the PBKDF2 hashing method to securely store user passwords in user stores. This method reduces the risk of brute-force attacks due to insecure passwords. [user_store] type = "database_unique_id" password_digest="PBKDF2"
  • 12. Java 17 Runtime compatibility 12 Java 17 is the latest LTS release of Java. Premier supportof Java 11 is supposed to end in September2023. WSO2 Identity Server 6.0.0 distribution is compatible withJava 17 runtime. TestedJDK versions •OpenJDK11 •OpenJDK17 •Oracle JDK11 •Oracle JDK17 •AdoptOpenJDK11 TestedOperating Systems •Ubuntu 20.04 •CentOS 7 •Windows Server 2016 •Windows Server 2012 R2 •Windows 10 •Windows 11 •macOS x86_64 •macOS M1 TestedDBMS •MySQL 8.0 •MySQL 5.7 •Oracle 19C •Oracle SE2-19.0 •Microsoft SQL Server 2019 •SQLServer-SE-14.00 •DB2 v11.5 •Postgres 10.19 •Postgres 13.7 •Postgres 14 •Embedded H2 TestedLDAPs • Open LDAP 2.4.28 • Microsoft ActiveDirectory Windows 2012
  • 13. Authentication SDKs 13 SDKs allow you to integrate web or single-page applications easily with WSO2 Identity Server and OpenID Connectwhile adhering to security best practices. The following SDKs are supported: • React SDK • Angular SDK • JavaScript SDK
  • 14. Password less authentication with Magic Link 14 Magic Link is a form of passwordless authentication. It allows users to log in by clicking alink sent to their email instead of entering a password.
  • 15. FIDO attestation validations 15 FIDO attestation validations allowyou to further validate the FIDO2 authenticator data during the security key registration. FIDO2 attestation validations allowyou to further validate the FIDO2 authenticator data during the security key registration. WSO2 identity server provides two means of validating the authenticator data during the security key registration. •Advanced validations:WSO2 identity server will perform some advanced validations forthe device registration data. Examples include attestation type specific validations, certificate related validations,etc. •Security Key/Biometrics (FIDO) metadata based validations: WSO2 identity server will validate the device registration data against the FIDO alliance’s metadata.
  • 16. Federated IDP Initiated OIDC Back-Channel Logout 16 With OIDC identity federation in the identity server, WSO2 IS acts as a Relying Party (RP) to the federated identity provider. However, currently, there is no mechanism to terminate the sessions and revoke tokens in WSO2 IS (RP) whenever there is a session update on the federated IDP (OP) side. The OIDC Back Channel Logout v1.0 spec defines a mechanism forcommunicating logoutrequests to all RPs that have established sessions withan OP. This mechanism relies upon direct communicationof such requests between OP and RPs bypassing the User-Agent. It imposes newrequirements that RPs have a logout endpointthat is reachable by the OP. This feature will enable that capability in WSO2 Identity Server.
  • 17. Support for rotating symmetric encryption key 17 This is an external tool that re-encrypts internal data after rotation of the configured symmetric dataencryption key. You can use this tool to re- encryptthe identity and registry databases and other configurationfiles as user store configurations. Additionally,the tool can sync end-user data that gets generated in the live system with minimumdowntime.
  • 18. Remove the dependency on cookies for OIDC flows when extending the IdP session 18 Overcome the restrictions (due to third-party cookie limitations by browsers such as Safari) to extend IDP sessions when application and IDP origins differfrom each other. This serves as an alternative to passive authentication requests that would no longerwork in impacted browsers.
  • 19. Auto login after self-registration 19 In the self-registration flow, the user is asked to re-enter password credentials after the user is verified using email. With this feature, after the user is verified by clickingthe verification mail, the user is logged in immediately without having to re-enter credentials.
  • 20. Enhanced login portal and my account 20 Hides UI widgets based on tenant-level account managementconfigurationpreferences such as self-registration and accountrecovery. This dynamically changes the UI elements accordingto the tenant-level configurations. For example, if self-registration is not enabled forthe tenant, the self-registration link is hidden on the login page. The latest set of features that will be available with the new My Accountincludes: •User profile management •Linked accounts •Export user profile •Reset password •Account recovery •Multi-factorauthentication •Monitoractive user sessions •Consentmanagement •Reviewpending approvals
  • 21. reCAPTCHA v3 and invisible reCAPTCHA v2 support 21 Improved security againstspam and fraudulent activity with an enhanced reCAPTCHA user experience compared to the conventional"I'm not a robot" checkbox. reCAPTCHA v2 (InvisiblereCAPTCHA)¶ The invisible reCAPTCHA badge does not require the user to click a checkbox; instead, it is activated when the user clicks on an existing button on your site or via a JavaScript API call. Only the most suspicious traffic will be prompted to solve a captcha. reCAPTCHA v3¶ With the reCAPTCHA v3, a score is returned for each request without requiring user interaction. It allows you the ability to take action inside the context of your website, such as adding more authentication factors, flagginga postfor moderation, orslowing down scraping bots. In the Identity Server implementation, youare required to selecta threshold value by looking at the traffic at reCAPTCHA admin console. If the score is less than the threshold, the request will be blocked by the server. The default value for the threshold is 0.5.
  • 22. Google One Tap authentication 22 Enabling seamlessauthentication with Google on authenticated Google sessions with a single tap. A personalized login button will be there forsign- in/sign-up. This option is enabled via the existing Google authenticator.
  • 23. Accessibility 23 The user authentication and recovery pages are now WCAG 2.1 AA compliant,enhancingthe accessibility of WSO2 Identity Server to a broader audience.
  • 24. Main UseCase/Features 24 Identity federation and single sign on Enables federated access to web and mobile applications using open identity standards. Identity bridging Facilitates exchanging identity attributes and authentication decisionsbetween heterogeneous identity systems in a seamless manner. Adaptive and strong authentication Enables applications to secure access with multi-factor authentication based on environment,user attributes, behavior, and risk. API and microservices security Secures access to APIs and microservices based on open standards. Accountmanagementand identity provisioning Helps to manage users and groups with automated provisioningand approval workflows. Access Control Control access to applications in the login flowwith fine- grained policies and act as a policy decision pointforthird- party applications. Privacy and consentmanagement Enables privacy and gives users control over their data with consent lifecycle managementand data security that adhere to privacy by design and privacy by default principles. Identity analytics Provides administrators with insights related to authentication, concurrent sessions, and anomalous login patterns.