WSO2 Identity Server 5.2.0 Get more insight into your applications and their users with Authentication Analytics Johann Dilantha Nallathamby Technical Lead
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
WSO2 Identity Server 5.2.0Get more insight into your applications and their users with Authentication Analytics
Johann Dilantha NallathambyTechnical Lead
Outline
oWhat is WSO2 Identity Servero IntroductionoFeatures overview
oWhat’s new with v5.2.0oAuthentication AnalyticsoDemooOther new features
oMore informationoWhat’s nextoQ&A
What is WSO2 Identity Server
A Free and Open Source Identity &Entitlement Management Server
What is WSO2 Identity Server
o Currently in its 5th generation (5.2.0)o 100% free and open source with commercial supporto Apache 2.0 licenseo Based on WSO2 Carbon platform
o Java based platformo Based on OSGi technologyo Componentized, modular architectureo In-built support for multi-tenancy, logging, clustering,
caching, security, etc.o Developer friendly
o Complete web service APIs for integrating or embedding into any application or system
o Pluggable, extensible and themable
What is WSO2 Identity Server
o User friendly with minimal learning curveo Lightweight and high performanceo Deployment flexibility
o Container friendly deploymento Clustering for high availability deploymento On-premise, private cloud, or managed cloud
Focus Areas
oEnterprise and Cloud SSO and FederationoStrong authenticationoIdentity Governance and AdministrationoEntitlements and Access Control
oIdentity Broker
SSO & Federation
SSO and Federation
oStandard Protocols
WS-Federation Passive
SSO & Federation
oIdentity Federation
SSO & Federation
oIdentity Hub
SSO & Federation
oIdentity Bridge
SSO & Federation
oClaim/Role Transformation
Strong Authentication
oMulti-option and multi-step authentication sequence per application
Strong Authentication
Strong AuthenticationoGo to store.wso2.comoDocumentation:
https://docs.wso2.com/display/ISCONNECTORS/Identity+Server+Authenticators+and+Connectors
Identity Governance and Administration
oIdentity Integration
Identity Governance and Administration
oProvisioningo InboundoOutboundoJust-In-Time (JIT)oBridging
Identity Governance and Administration
oAccount and Credential ManagementoUsername recoveryoPassword recoveryoAccount setup with email verificationoSelf sign-up with email verificationoPassword policies
o Complexityo Account locking
Identity Governance and Administration
oSelf-service portal
Identity Governance and Administration
o Workflows
o XACML 2.0/3.0
ohttp://www.soasecurity.org/
Entitlements and Access Control
Entitlements and Access Control
o Delegated Access Control with OAuth2.0
Entitlements and Access Control
o Delegated Access Control with WS-Trust
IdP-A IdP-B
Consumer Service
TrustTr
ust
Trus
t
Trust Domain A Trust Domain B
What’s New with Identity Server 5.2.0?
Authentication Analyticso Login Analytics: This refers to generating and analyzing
login attempts made via WSO2 IS.
o Session Analytics: This refers to generating and analyzing sessions that have taken place in WSO2 IS. A session is a time duration between a successful login and and the subsequent log out by a specific user.
o Integrated OOTB with WSO2 Data Analytics Server
o DAS runtime is completely free
Authentication Analytics
DEMO
Other new featureso OpenID Connect Session Management
o http://malithiedirisinghe.blogspot.com/2016/03/openid-connect-session-management.html
oOpenID Connect Scope SupportoSAML2 Profile support WS-Federation PassiveoBuilt in claims for LastLoginTimestamp and
LastPasswordUpdateTimestampoUser count for JDBC user stores
More informationoMigrating from IS 5.1.0 to IS 5.2.0
ohttps://docs.wso2.com/display/IS520/Upgrading+from+a+Previous+Release
oIS 5.2.0 Documentationohttps://docs.wso2.com/display/IS520/WSO2+Identity
+Server+DocumentationoIdentity Server Resources
ohttp://wso2.com/library/security/
What’s Next ?o IS 5.3.0 in December 2016o Improved IGA features
o Multi-tenancy support for Account and Credential Management features
o Improvements in email templateso Add and manage any number of templateso HTML templatingo Internationalizationo User claim placeholderso More notification connectors by integrating with CEP output adaptor
engine (JMS, Kafka, SMS, Websocket, MQTT, Thrift, etc.)o Challenge question internationalizationo Google reCaptcha integrationo More password policies
o User password historyo Password expiry and automatic password update remindero Account expiry and automatic login remindero More captcha integration to prevent brute force attacks
What’s Next ?o Admin password reseto More email confirmation scenarioso Restful APIs for account and credential management scenarioso Out of the box UIs for self-signup with email verification and account
recovery scenarioso Design improvements in claim managemento Analytics
o Real time alerts on abnormal user activityo Monitor and terminate logged in user sessions
o SAMLo SAML2 Metadatao SAML2 Assertion Query Profile
o OAuth2/OpenID Connecto OpenID Connect Dynamic Client Registration
OpenID Connect DiscoveryOAuth2 Token Introspection Profile
o CASo IWA on Linuxo Rest Profile for XACML 3.0
Related Documents
