Refreshing Look and Feel for the Console UI
The console has received a major upgrade with our brand-new, lightning-fast Oxygen UI! The beta console UI, accessible via https://:/console, introduced in version 5.11.0, is now available for production usage for administrative and developer tasks.
With this upgrade, concepts such as service providers, identity providers, inbound/outbound authentication, previously utilized in the Carbon-based management console, have evolved into ‘applications’ and ‘connections’, respectively. WSO2 Identity Server 7.0.0 introduces application templates for Single Page Applications (SPAs), web applications with server-side rendering, mobile applications, and machine-to-machine (M2M) applications. It also offers a variety of authentication options, including social login, multi-factor authentication (MFA), passwordless authentication, etc., which can be selected from the available connections.
Productized Support for B2B CIAM Use Cases
WSO2 Identity Server now enables secure access for your B2B business customers with flexible organization management capabilities. B2B CIAM is the identity foundation that helps organizations that work with business customers, franchises, distributors and suppliers get their apps and services to market quickly and securely.
Key Highlights:
Onboard enterprise IDP, or invite users to register at organizations
Configure varied login options for organizations
Hierarchical organization management
Delegated administration
Different branding for organizations
Resolve organization at login as the user inputs the organization name, based on the user’s email domain mapped for a particular organization or based on a query or path parameter in the URL
Authentication API for App-Native Authentication
This release introduces an API-based authentication capability, allowing developers to implement complete authentication workflows within their applications, focusing on enhanced user experience.
Key Highlights:
A flexible API containing all necessary details to render UIs inside the application itself
Support for handling authentication orchestration logic at the WSO2 Identity Server without taking that overhead to the application (e.g: Based on the device the user logs in to the app, prompt the second factor)
APIs based on OAuth 2.0/Open ID Connect standards, requiring no browser support
Ensures identity and proof of possession of the client in handling authentication credentials
Compliance with FAPI 1.0 Profiles
WSO2 IS is now compliant with FAPI 1.0 Baseline and Advanced profiles, ensuring secure and compliant financial services operations.
Key Highlights:
Create FAPI compliant applications from DCR. This validates FAPI enforcements a FAPI compliant application should have like Software Statement Assertions(SSA) validation that ensures the third party is trusted with the regulatory body of the region
Support for certificate bound access tokens.
Support for pairwise subject identifiers
Enforcing request object validations for FAPI compliance
Mandate sending a request object in the authorization request passed via the request or request_uri parameter.
Mandatory request object parameter validations (scope, redirect_uri, nonce)
Request object signing algorithm restriction (PS256, ES256)
Mandate PKCE for PAR
Enforce nbf & exp claim validations
Enforcing FAPI allowed client authentication methods and signature algorithms
First-Class Support for Securing API Resources
Comprehensive support for API Authorization via RBAC is now available, allowing easy representation, subscription, and role-based access control for API resources.
Key Highlights:
Easily represent API Resources and scopes associated with your applications.
Seamlessly subscribe API Resources to applications.
Define roles collecting API scopes.
Enable RBAC when authorizing APIs.
Role assignment for users and groups connected from various sources (from user stores, from external IdPs)
Role-Based scope validation during token issuing.
Source link
lol