What's new in this release

WSO2 IS version 5.3.0 is the successor to version 5.2.0. It contains the following new features and enhancements:

Enhanced identity management framework and OOTB support for identity governance scenarios:
The identity management framework in WSO2 Identity Server 5.3.0 has been re-designed to add new scenarios and also added strong list of OOTB (out-of-the-box) support for key identity management use cases. Additionally, new restful interfaces to connect with account registration and recovery flows were also introduced.
- - HTML support for email templates, template internalization and dynamic properties for email templates. For more information, see Customizing Automated Emails.
  - Password and username recovery with challenge questions or notifications using REST. For more information, see Password Recovery.
  - Password reset via admin. For more information, see Forced Password Reset.
  - Password history validation (ability to keep a record of user's past passwords). For more information, see Password History Validation.
  - Google ReCaptcha support for single sign on, password recovery flow and self-sign up. For more information, see Setting Up ReCaptcha.
  - Brute force attack prevention. For more information, see Mitigating Brute Force Attacks.
  - Account locking in single and multi-tenant environments. For more information, see User Account Locking and Account Disabling.
  - Account suspension reminders and locking idle accounts. For more information, see User Account Suspension.
Login session monitoring and termination:
WSO2 IS now supports monitoring user sessions and authentication activities via alerts, and manual termination of user sessions for better security. For more information, see Terminating User Sessions.
Rule-based provisioning:
WSO2 IS 5.3.0 has the ability to adopt provision flow based rules that can be based on event(user, IdP, SP) information as well as environment(time, region) factors. For more information, see Rule Based Provisioning.
Engaging access control policies in the authentication flow:
The WSO2 IS 5.3.0 allows you to configure and enforce XACML policies for access control in the authentication flow. For more information, see Configuring Access Control Policy for a Service Provider.
Prompt for missing predefined attributes in the authentication flow:
The user will be prompted for the missing attributes or claim values if a mandatory claim is missing at the point of login. For more information, see Configuring Claims for a Service Provider.
Integrated Windows Authentication for Linux and External Kerberos:
In WSO2 IS 5.3.0, you can achieve Integrated Windows Authentication (IWA) with external Kerberos/NTLM Servers, with a WSO2 IS that is deployed on a Linux server. For more information, see Configuring IWA on Linux.
OAuth 2.0/Open ID Connect Enhancements:
- - Open ID Connect Dynamic Client Registration. For more information, see OpenID Connect Dynamic Client Registration.
  - OAuth 2.0 Token Introspection. For more information, see Invoke the OAuth Introspection Endpoint.
  - Open ID Connect Discovery support. For more information, see the Open ID Connect specification.
REST profile of XACML:
WSO2 IS now adopts REST profile for XACML and JSON Profile of XACML specifications, which breaks the barrier of integrating with the WSO2 IS XACML engine (PDP) from restful applications (PEPs). For more information, see Entitlement with REST APIs.
SAML 2.0 Enhancements:
- - Support for SAML 2.0 Metadata Profile. For more information, see the following blogpost: SAML Metadata Feature for WSO2 Identity Server.
  - SAML 2.0 Assertion Query/Request Profile
Security Analytics:
WSO2 IS now provides security alerts that give insight into current login sessions and notifies in real time if there are any suspicious login activities and abnormal sessions. For more information, see Managing Alerts.

WUM updates

This section lists out the features that are updated or introduced newly to WSO2 IS 5.3.0 via WUM updates.

Updated or newly introduced features	The date of the update
Updated Creating Users Using the Ask Password Option feature. This fix allows you to add special characters such as `!#$%&'*+-=?^_` when updating a user's email address.	Effective from the 13th of June 2017
Updated User Account Suspension feature.	Effective from 13th of October 2017
Support to configure SAML 2.0 Web SSO to send query parameters that can be dynamically updated with each SAML request.	Effective from 15th of January 2018
Updated adding an application certificate to a service provider. The WUM update provides an easier method of managing application certificates.	Effective from 20th of January 2018
Enabling OAuth token encryption to encrypt OAuth2 access tokens, refresh tokens, consumer secrets, and authorization codes.	Effective from 15th of February 2018
Hosting Authentication endpoint on a different server for the purpose of having custom theming and branding.	Effective from 11th of May 2018
Support to do the following with regard to authentication handlers: Disable an authentication handler at the system level. Enforce required authentication mechanisms per resource. Change the priority order of any authentication handler at the system level.	Effective from 14th of May 2018
Support to configure signing and digest algorithms for passive sts ws-federation single sign-on	Effective from the 8th of January 2019

This release is a WUM-only release. This means that there are no manual patches and any further fixes or latest updates for this release can be updated through the WSO2 Update Manager (WUM). For more information, see Getting Started with WUM.

What has changed in this release

This section specifies features/functionality that were deprecated (might be removed in a future release) or removed.

Deprecated/Removed features and functionalities

Inbound OAuth 1.0a has been deprecated in this release.
OpenID 2.0 has been removed in this release and moved to the IS Connector store as it is now an obsolete specification and has been superseded by OpenID Connect. Alternatively, we recommend using OpenIDConnect instead.

Fixed and known issues

Compatible versions

For information on the Carbon platform version and Carbon Kernel version of WSO2 IS 5.3.0, see the Release Matrix.

All WSO2 products that are based on a specific Carbon Kernel version are expected to be compatible with each other. If you come across any compatibility issue, contact team WSO2.

Browser not supported