What's new in this release
WSO2 IS version 5.0.0 is the successor of version 4.6.0. It contains the following new features and enhancements:
WSO2 Identity Server 5.0.0 comes with an Identity Bridge, which is capable of translating between heterogeneous authentication protocols and transforming and mediating any identity assertion, between SAML2.0, OAuth 1.0a/2.0, OpenID, OpenID Connect, WS-Federation Passive. This leads to seamless integration between internal applications and cloud applications such as Salesforce, Google Apps and Office 365. See Working with Identity.
- With WSO2 Identity Server 5.0.0, a given service provider (irrespective of the protocol it supports) can now setup the login options required to present to its users. It can now have multiple options and several steps. See Configuring Local and Outbound Authentication for a Service Provider.
Request Path Authenticators are shipped with Identity Server 5.0.0 and are used to obtain the user's credentials which are attached to the request to the Identity Server. See Configuring Local and Outbound Authentication for a Service Provider.
You can now login with Facebook/Google/Microsoft Windows Live. Facebook/Google/Microsoft Windows Live authenticators are the very first authenticators we are shipping with Identity Server 5.0.0 for social login. See Configuring Federated Authenticators for an Identity Provider.
- WSO2 Identity Server 5.0.0 includes the following enhanced user provisioning features.
- WSO2 Identity Server 5.0.0 is capable of transforming inbound provisioning requests based on SOAP and SCIM to: SCIM, SPML 2.0, Salesforce, Google Apps, LDAP, Active Directory, JDBC - provisioning APIs. Just-in-time provisioning is now integrated with Identity Federation. When logging in from a federated Identity provider, WSO2 Identity Server is capable of provisioning the corresponding subject to its internal user store and any other provisioning system. See Adding an Identity Provider and Adding a Service Provider for details.
- The WSO2 Identity Server 5.0.0 runtime is capable of working with custom developed provisioning connectors. See Creating Custom Connectors.
- WSO2 Identity Server is now shipped with a new web-based dashboard for end users. This allows users to manage their user profile, set security challenge questions, revoke/update their password, manage their OpenID profile, and view identity providers. See Working with the Dashboard.
- Remote user store management is now possible using APIs. This allows managing heterogeneous user stores distributed across different data centers from a single Identity Server node. See Managing Users and Roles with APIs.
- The WSO2 Identity Server is now capable of working with custom developed authenticators. See Creating Custom Authenticators.
The SAML2 assertion issued for SAML2 based SSO login can now have encrypted assertions. To decrypt the assertion the service provider will have to have the Identity Server tenant's public certificate. See Configuring Inbound Authentication for a Service Provider.
- You can now specify an NTLM grant type for OAuth 2.0. See Configuring Inbound Authentication for a Service Provider.
Application specific permissions can be added by service providers and assigned to roles, and by using the remote authorization API do permission based access control for users. See Configuring Roles and Permissions for a Service Provider.
- The SAML2 Web SSO profile Request/Response validator is a tool in the Identity Server 5.0.0 management console for debugging the SAML2 Web SSO requests and responses. See Working with the SAML2 Toolkit.
Service pack features
The following are the features released with the WSO2 Identity Server service pack. This can be downloaded from the WSO2 Identity Server product page. The service pack can be installed by following the instructions in the README file that is included in the service pack.
- The WSO2 Identity Server SP comes with the ability to enable authentication session persistence in order to control the authenticated user's session. See Enabling Authentication Session Persistence.
- You can customize the authentication endpoint by controlling the request parameters that are passed in the authentication endpoint and you can now load all active tenants into the login page at the authentication endpoint web application. See Customizing the Authentication Endpoint.
- You can customize the claim to be used as the user name attribute when authenticating using multiple attributes. See Customizing the Claim for the User Attribute.
- The WSO2 Identity Server SP now comes with the ability to customize certain authentication error messages. See Customizing Authentication Error Messages.
Fixed and known issues
- To explore the fixed issues and known issues in this release, and for other information related to the release, go to: https://wso2.org/jira/browse/IDENTITY.
- For information on fixed and known issues for the base framework, go to: https://wso2.org/jira/browse/CARBON.
For information on the Carbon platform version and Carbon Kernel version of WSO2 IS 5.0.0, see the Release Matrix.
All WSO2 products that are based on a specific Carbon Kernel version are expected to be compatible with each other. If you come across any compatibility issues, contact team WSO2.