What's new in this release
WSO2 IS version 5.3.0 is the successor to version 5.2.0. It contains the following new features and enhancements:
Enhanced identity management framework and OOTB support for identity governance scenarios:
The identity management framework in WSO2 Identity Server 5.3.0 has been re-designed to add new scenarios and also added strong list of OOTB (out-of-the-box) support for key identity management use cases. Additionally, new restful interfaces to connect with account registration and recovery flows were also introduced.
- HTML support for email templates, template internalization and dynamic properties for email templates. For more information, see Customizing Automated Emails.
- Password and username recovery with challenge questions or notifications using REST. For more information, see Password Recovery.
- Password reset via admin. For more information, see Forced Password Reset.
- Password history validation (ability to keep a record of user's past passwords). For more information, see Password History Validation.
- Google ReCaptcha support for single sign on, password recovery flow and self-sign up. For more information, see Setting Up ReCaptcha.
- Brute force attack prevention. For more information, see Mitigating Brute Force Attacks.
- Account locking in single and multi-tenant environments. For more information, see User Account Locking and Account Disabling.
- Account suspension reminders and locking idle accounts. For more information, see User Account Suspension.
Login session monitoring and termination:
WSO2 IS now supports monitoring user sessions and authentication activities via alerts, and manual termination of user sessions for better security. For more information, see Terminating User Sessions.
WSO2 IS 5.3.0 has the ability to adopt provision flow based rules that can be based on event(user, IdP, SP) information as well as environment(time, region) factors. For more information, see Rule Based Provisioning.
Engaging access control policies in the authentication flow:
The WSO2 IS 5.3.0 allows you to configure and enforce XACML policies for access control in the authentication flow. For more information, see Configuring Access Control Policy for a Service Provider.
- Prompt for missing predefined attributes in the authentication flow:
The user will be prompted for the missing attributes or claim values if a mandatory claim is missing at the point of login. For more information, see Configuring Claims for a Service Provider.
- Integrated Windows Authentication for Linux and External Kerberos:
In WSO2 IS 5.3.0, you can achieve Integrated Windows Authentication (IWA) with external Kerberos/NTLM Servers, with a WSO2 IS that is deployed on a Linux server. For more information, see Configuring IWA on Linux.
- OAuth 2.0/Open ID Connect Enhancements:
- Open ID Connect Dynamic Client Registration. For more information, see OpenID Connect Dynamic Client Registration.
- OAuth 2.0 Token Introspection. For more information, see Invoke the OAuth Introspection Endpoint.
- Open ID Connect Discovery support. For more information, see the Open ID Connect specification.
REST profile of XACML:
WSO2 IS now adopts REST profile for XACML and JSON Profile of XACML specifications, which breaks the barrier of integrating with the WSO2 IS XACML engine (PDP) from restful applications (PEPs). For more information, see Entitlement with REST APIs.
SAML 2.0 Enhancements:
- Support for SAML 2.0 Metadata Profile. For more information, see the following blogpost: SAML Metadata Feature for WSO2 Identity Server.
- SAML 2.0 Assertion Query/Request Profile
- Security Analytics:
WSO2 IS now provides security alerts that give insight into current login sessions and notifies in real time if there are any suspicious login activities and abnormal sessions. For more information, see Managing Alerts.
This section lists out the features that are updated or introduced newly to WSO2 IS 5.3.0 via WUM updates.
|Updated or newly introduced features||The date of the update|
|Updated Creating Users Using the Ask Password Option feature. This fix allows you to add special characters such as ||Effective from the 13th of June 2017|
|Updated User Account Suspension feature.||Effective from 13th of October 2017|
|Support to configure SAML 2.0 Web SSO to send query parameters that can be dynamically updated with each SAML request.||Effective from 15th of January 2018|
|Updated adding an application certificate to a service provider. The WUM update provides an easier method of managing application certificates.||Effective from 20th of January 2018|
|Enabling OAuth token encryption to encrypt OAuth2 access tokens, refresh tokens, consumer secrets, and authorization codes.||Effective from 15th of February 2018|
|Hosting Authentication endpoint on a different server for the purpose of having custom theming and branding.||Effective from 11th of May 2018|
Support to do the following with regard to authentication handlers:
|Effective from 14th of May 2018|
This release is a WUM-only release. This means that there are no manual patches and any further fixes or latest updates for this release can be updated through the WSO2 Update Manager (WUM). For more information, see Getting Started with WUM.
What has changed in this release
This section specifies features/functionality that were deprecated (might be removed in a future release) or removed.
Deprecated/Removed features and functionalities
- Inbound OAuth 1.0a has been deprecated in this release.
- OpenID 2.0 has been removed in this release and moved to the IS Connector store as it is now an obsolete specification and has been superseded by OpenID Connect. Alternatively, we recommend using OpenIDConnect instead.
Fixed and known issues
- To explore the fixed issues and known issues in this release, and for other information related to the release, go to: https://wso2.org/jira/browse/IDENTITY.
- For information on fixed and known issues for the base framework, go to: https://wso2.org/jira/browse/CARBON.
For information on the Carbon platform version and Carbon Kernel version of WSO2 IS 5.3.0, see the Release Matrix.
All WSO2 products that are based on a specific Carbon Kernel version are expected to be compatible with each other. If you come across any compatibility issue, contact team WSO2.