What's new in this release
WSO2 IS version 5.1.0 is the successor of version 5.0.0. It contains the following new features and enhancements:
The WSO2 Identity Server now has workflow support. It is able to engage workflows for any user or role operation carried out using WSO2 Identity Server Management Console. For example, when a new user gets registered with the Identity Server, a workflow can automatically be triggered and the user is assigned to a particular user role. See Using Workflows with User Management for more information.
If users have multiple accounts, they now have the ability to link these accounts to each other. This is particularly useful in cases where users have multiple entries in their respective user stores and need to avoid requiring multiple logins to an application to obtain a fully privileged view for a single user's details. See Associating User Accounts for more information.
The Identity Server now has PATCH operation support for SCIM 1.1. In previous versions, the PUT request supported the replace operation but not the update operation. An operation now exists that alters or updates user groups. See SCIM APIs for more information
SAML 2.0 Bearer Token Renewal. In the previous version of the Identity Server, the STS feature supported renewing Bearer type SAML 1.1 tokens only and attempts to renew Bearer type SAML 2.0 Tokens fail. With IS 5.1.0, you can now renew expired Bearer type SAML 2.0 Tokens. See Requesting and Renewing Received SAML2 Bearer Type Tokens for more information.
OpenID Connect Core 1.0 Compliance. The previous version of the Identity Server had OpenID Support, however there were many points in the specification that were being violated. Now that the specification is finalized, IS 5.1.0 OpenID Connect support is specification compliant. A major improvement in this area is support for IDToken response type from the OpenID Connect authorization endpoint.
You now have the ability to notify external endpoints when changes are made to identities. @[email protected] is now able to send invalidation notifications to external endpoints when there is a change in user roles, permissions or attributes as well as clear the internal cache when user roles, permissions or attributes are updated. See Enabling Notifications for User Operations for more information.
Fast Identity Online (FIDO) is a specification developed to reduce the reliance on password for user authentication. This standard enables any Web/cloud application to interface with a variety of FIDO-enabled security devices. The Identity Server is now FIDO compliant. See Multi-factor Authentication using FIDO for more information.
Fixed and known issues
- To view the fixed issues in this release, go to: https://wso2.org/jira/browse/IDENTITY-4246?filter=12586
- To explore the known issues in this release, and for other information related to the release, go to: https://wso2.org/jira/browse/IDENTITY.
- For information on fixed and known issues for the base framework, go to: https://wso2.org/jira/browse/CARBON.
For information on the Carbon platform version and Carbon Kernel version of WSO2 IS 5.1.0, see the Release Matrix.
All WSO2 products that are based on a specific Carbon Kernel version are expected to be compatible with each other. If you come across any compatibility issue, contact team WSO2.