About this Release

What's new in this release

WSO2 Identity Server version 5.5.0 is the successor of version 5.4.1. It contains the following new features and enhancements to comply with the General Data Protection Regulation (GDPR).

For more information about GDPR compliance in WSO2 Identity Server, see General Data Protection Regulation.

Consent Management: WSO2 Identity Server collects and manages end user consents when user information is shared with external parties. For more information, see the following topics:
Privacy toolkit: This toolkit enables the system admin to clear up or anonymize a deleted user (i.e., remove all references to the user) upon the users request. For more information, see Removing References to Deleted User Identities.
Personal information export REST APIs: These APIs enable the end user to retrieve the personal information that WSO2 Identity Server has stored. For more information, see Using the Personal Information Export REST APIs.
Support for encrypting OpenID Connect ID tokens: WSO2 Identity Server supports encrypting the ID token that is sent to client applications during the OpenID Connect authentication flow. For more information, see Encrypting the OIDC ID Token.
Uploading service provider specific public certificates: WSO2 Identity Server now supports adding the service provider specific public certificate directly via the management console UI. For more information, see Adding a service provider.
JWT audience configuration for service providers: WSO2 Identity Server now enables you to configure the JWT Audience for an OAuth application via the management console UI. For more information, see Configuring OAuth2-OpenID Connect Single-Sign-On.
Upload certificate along with SAML metadata: This enables you to embed the certificate in the SAML metadata and upload it along with the metadata when configuring SAML for a service provider. For more information, see Configuring SAML2 Web Single-Sign-On.
Writing a post authentication handler: WSO2 Identity Server enables you to write a post-authentication handler that executes upon successful authentication. For more information, see Writing a Post-Authentication Handler.
OAuth Client Authentication Decoupling: This enables you to extend the OAuth client authentication implementation by writing a new client authenticator. For more information, see Writing A New OAuth Client Authenticator.
Request object support for WSO2 Identity Server: This enables sending authentication request parameters in a self-contained JWT instead of plain request parameters. For more information, see Request Object Support.
Private key JWT authentication for OpenID Connect: This is an authentication method that can be used by clients to authenticate to the authorization server when using the token endpoint. For more information, see Private Key JWT Client Authentication for OIDC.
XACML based scope validator: WSO2 Identity Server allows you to validate the scope of an OAuth access token using XACML policies to provide fine-grained access control to APIs. For more information, see Validating the Scope of OAuth Access Tokens using XACML Policies.

For a complete list of improvements and bug fixes available with this release, see the following links:

WUM updates

This section lists new features and improvements that are introduced to WSO2 IS 5.5.0 via WUM updates.

New feature or improvement	The date of the WUM update
Support to handle custom claims in a self contained access token with the JWT bearer grant type.	Effective from the 6th of June 2018
Support to configure token issuer at the service provider level.	Effective from the 15th of June 2018
eIDAS SAML Attribute Profile Support via WSO2 Identity Server.	Effective from the 8th of July 2018
Support to change the default OIDC discovery endpoint path in WSO2 Identity Server to root `<issuer>/.well-known/openid-configuration`.	Effective from the 1st of August 2018
Support to select whether or not to append the userstore domain name to user roles depending on your requirement.	Effective from the 1st of August 2018
Support to enable reCaptcha during the following account recovery scenarios: At the time of user name recovery. At the time of password recovery using notifications. At the time of password recovery using challenge questions.	Effective from the 25th of September 2018
Support to configure signing and digest algorithms for passive sts ws-federation single sign-on	Effective from the 7th of December 2018

Compatible versions

For information on the Carbon platform version and Carbon Kernel version of WSO2 IS 5.5.0, see the Release Matrix.

All WSO2 products that are based on a specific Carbon Kernel version are expected to be compatible with each other. If you come across any compatibility issue, contact team WSO2.

Known issues

All the open issues pertaining to WSO2 Identity Server are reported at the following locations: