@product.name@ : An Open Source Identity and Entitlement Management Server

New Features In This Release

• Improved Identity Management Capabilities : Identity management features in @product.name@ @product.version@, has been re-designed to provide strong out-of-the-box support for key identity management use cases, including password policies, login policies and account management policies.
• Password policies
• Password history validation (ability to keep track of user's old passwords). See Password History Validation.
• Password Patterns Configuration, See Password Patterns
• Login policies
• Google ReCaptcha support for single sign on. See Setting Up ReCaptcha.
• Account locking in single and multi-tenant environments. See User Account Locking and Account Disabling.
• Account management policies.
• Account suspension reminders and locking idle accounts. See User Account Suspension.
• Password and username recovery with challenge questions or notifications. We also support challenge questions internalization. See Password Recovery.
• Password reset via admin. For more information, See Forced Password Reset.
• Google ReCaptcha support for password recovery flow and self sign up. See Setting Up ReCaptcha.

• HTML support for email templates, template internalization and dynamic properties for email templates. See Customizing Automated Emails.
• Brute force attack prevention. See Mitigating Brute Force Attacks.
• Login session monitoring and termination: WSO2 IS now supports monitoring user sessions and authentication activities via alerts, and manual termination of user sessions for better security. See Terminating User Sessions.
• Rule based provisioning: WSO2 IS @product.version@ has the ability to adopt provision flows based on rules. These rules can be based on entities related to an event such as user, idp, sp  as well as environmental factors like time and region.
• Prompt for missing predefined required attributes in the authentication flow: The user will be prompted to fill the missing attributes or claim values, in the event of  a missing mandatory claim  at the point of login. See Configuring Claims for a Service Provider.
• OAuth 2.0/OpenID Connect Enhancements: Following OpenID Connect specifications were implemented to enrich the OpenID connect support in Identity Server.
• OpenID Connect Dynamic Client Registration. See OpenID Connect Dynamic Client Registration.
• Token Introspection. See Invoke the OAuth Introspection Endpoint.
• OpenID Connect Discovery support. See the OpenID Connect specification.
• OAuth 2.0 Form Post Response Mode. See the specification
• OAuth 2.0 client secret revocation and regeneration : See OAuth2 /OpenID connect configurations
• REST profile of XACML. With IS @product.version@, we have added a REST layer on top of the Balana entitlement engine. See Entitlement with APIs.
• SAML 2.0 Enhancements: Identity server @product.version@ added following specification support to its SAML feature list.
• SAML 2.0 Metadata Profile.
• SAML 2.0 Assertion Query/Request Profile  
• Security Analytics: WSO2 IS now detects and provides alerting capability for abnormal and suspicious login sessions. See Managing Alerts.

• SCIM 1.0 Enhancements : SCIM provisioning API improved to support attribute query.
• Engage access control policies in authentication flow : With WSO2 IS @product.version@ it's possible to evaluate access control policies against an authenticated user in authentication flow.
• Integrated Windows Authentication (IWA) for IS deployed on Linux servers : With this improvement we enable IS deployed on Linux servers to achieve IWA with external Kerberos/NTLM Servers. See Configure IWA on Linux
• Claim Management Improvement: With this release we relieve the user from the painstaking task of having map claims from one dialect to another indirectly by manipulating mapped attributes. From IS @product.version@, users can easily map claims from two dialects directly without worrying about mapped attributes.
• Identity Management REST APIs : New RESTful interfaces to connect with account registration and recovery flows have been introduced with IS @product.version@.