What's new in this release
WSO2 IS version 5.1.0 is the successor of version 5.0.0. It contains the following new features and enhancements:
The WSO2 Identity Server now has workflow support. It is able to engage workflows for any user or role operation carried out using WSO2 Identity Server Management Console. For example, when a new user gets registered with the Identity Server, a workflow can automatically be triggered and the user is assigned to a particular user role. See Using Workflows with User Management for more information.
If users have multiple accounts, they now have the ability to link these accounts to each other. This is particularly useful in cases where users have multiple entries in their respective user stores and need to avoid requiring multiple logins to an application to obtain a fully privileged view for a single user's details. See Associating User Accounts for more information.
The Identity Server now has PATCH operation support for SCIM 1.1. In previous versions, the PUT request supported the replace operation but not the update operation. An operation now exists that alters or updates user groups. See SCIM APIs for more information
SAML 2.0 Bearer Token Renewal. In the previous version of the Identity Server, the STS feature supported renewing Bearer type SAML 1.1 tokens only and attempts to renew Bearer type SAML 2.0 Tokens fail. With IS 5.1.0, you can now renew expired Bearer type SAML 2.0 Tokens. See Requesting and Renewing Received SAML2 Bearer Type Tokens for more information.
OpenID Connect Core 1.0 Compliance. The previous version of the Identity Server had OpenID Support, however, there were many points in the specification that were being violated. Now that the specification is finalized, IS 5.1.0 OpenID Connect support is specification compliant. A major improvement in this area is support for IDToken response type from the OpenID Connect authorization endpoint.
You now have the ability to notify external endpoints when changes are made to identities. @product.name@ is now able to send invalidation notifications to external endpoints when there is a change in user roles, permissions or attributes as well as clear the internal cache when user roles, permissions or attributes are updated. See Enabling Notifications for User Operations for more information.
Fast Identity Online (FIDO) is a specification developed to reduce the reliance on password for user authentication. This standard enables any Web/cloud application to interface with a variety of FIDO-enabled security devices. The Identity Server is now FIDO compliant. See Multi-factor Authentication using FIDO for more information.
Deprecated/Removed features and functionalities
- Hosting the Authentication Endpoint on a Separate Server feature is deprecated from this release.
Fixed and known issues
- To explore the fixed issues and known issues in this release, and for other information related to the release, go to: https://wso2.org/jira/browse/IDENTITY.
- For information on fixed and known issues for the base framework, go to: https://wso2.org/jira/browse/CARBON.
Compatible versions
IS 5.1.0 is compatible with all WSO2 Carbon 4.4.0 products. This includes all products listed here based on the WSO2 Carbon 4.4.0 platform version.