WSO2 Identity Server 5.8.0 Released !!!

WSO2 IAM Team

Summer Release: WSO2 Identity Server is the latest success story of WSO2 Identity and Access Management team. After a marathon effort we are glad to release v5.8.0 with few new features, major improvements and some bug fixes

What is new?

New Features

So far WSO2 Identity Server supported OIDC Session Management as the OIDC logout mechanism. From v5.8.0 onwards it supports for OIDC Backchannel logout as well.

OpenID Connect Backchannel logout is a mechanism by which Relying Party (RP) applications are logged out with logout requests communicated directly between RPs and OpenID Providers (OP) bypassing the User Agent. The main advantage of this method is the ability to skip getting the support of user agents, hence this logout mechanism is less fragile.

So far WSO2 Identity Server supported SAML Back Channel Logout only. From v5.8.0 onwards it supports for SAML Front Channel Logout as well.

In SAML Front Channel Logout the session participants use an asynchronous binding, such as:

HTTP Redirect Binding

HTTP POST Binding

Artifact Binding

When the involvement of browser agent is necessary this mechanism of logout can be used.

Improvements

Product observability enables rapid debugging of product issues. By using this improvement it is easy to narrow down issues in a production system by tracking the time of the major flows of the system. This helps to identify issues in production systems such as slow performance. There can be several reasons for the performance drops. Ex. database bottleneck, LDAP bottleneck, multiple JDBC queries. With the observability feature, we can identify the exact bottleneck to slow down the performance.

One of the main targets of this release is to stabilize SCIM filtering and pagination. Some of the existing inconsistencies and some spec compliance issues were mainly addressed.

  • Configuring X509 Authentication with SSL Termination

This is supported by passing the client certificate in the request header from the proxy over SSL tunneling.

  • Support for issuing access tokens per token request.
  • Support for configuring a JWKS endpoint for OAuth or OIDC based service provider.
  • Support for configuring SAML metadata validity period for the resident identity provider.
  • Includes OAuth transaction logs for token generation and introspection.
  • Supports reCAPTCHA for password recovery and username recovery.

Performance Improvements

When comparing with previous versions the performance of the major flows of Identity Server are increased. Following diagram shows the average response times taken for some major flows comparing v5.7.0 and v5.8.0

Performance Comparison

Seamless Migration from V5.7.0

With few configurations changes, a user can seamlessly migrate from v5.7.0 to v5.8.0. To enable the new features which have introduced in v5.8.0 the schema changes are necessary, but without those schema changes the system won’t break, so the existing customers can just point the existing database which they have used v5.7.0 for the v5.8.0 and consume the existing features. Some few default configuration changes have done with the v5.8.0 which may cause for some behavioral changes and those configurations can be referred from here.

There are multiple reasons to use WSO2 IS 5.8.0. WSO2 IAM Team invite you all to play with the latest version. As the product is fully open source, don’t forget to contribute us. If you encounter any issues please raise a git issue or drop us a mail.

Download the product

https://wso2.com/identity-and-access-management/install/

Documentation

Report Issues

Mailing List

dev@wso2.org
architecture@wso2.org

You can read about WSO2 Identity Server release experience from here :)

You can watch the screen caste of the release WSO2 Identity Server from here.

Associate Technical Lead @ WSO2

Associate Technical Lead @ WSO2