Curity Identity Server 3.0 Released

This is our most featureful, documented, and performant release ever! 3.0 marks a tremendous step forward in terms of capabilities, standard-compliance, user experience, and functionality. One of the most exciting new features is support for authentication actions. These are additional steps that can be configured to run after a user logs in. They enable not only actions that were previously available, like account linking, but many new possibilities. They allow authentication to be completed only after the user takes some additional step, for example, accept new terms or register a new account. They can also be configured to run after SSO instead of login. The admin UI has been updated to allow these workflows to be configured in an intuitive manner using drag and drop visual elements. New actions can also be built using the SDK. Using authentication actions, account linking has been revamped, making it much simpler to configure. Additionally, new security measures, guides, and best practices are in place around linked accounts to ensure that it is used correctly.

To help support GDPR, PSD2, and other regulations, interactive user consent has been added. The implementation considers not only OAuth scope information but also claims that can be stipulated in the request and standard ones defined by OpenID Connect. This allows consent to be very fine grained. It can be configured per client and it can be stipulated at run-time using the standard prompt=consent parameter. Claims and scopes, however they’re included in an authorization request, will be combined to provide the user with the information they need to make an informed decision about whether or not they wish to delegate their rights to some client application. The documentation and developer portal have been updated with tutorials and guides explaining how to use this new capability.

Support for new authenticators and data sources has also been added. EFOS support as well as registration in the TOTP authenticator has been added. The TOTP authenticator has also been updated to work with the Yubico mobile authenticator app. Oracle support as a data source has also been added.

The templates have been updated to be more stylish by default. Customizing them is also a lot simpler now. Basic customizations can be done by simply updating a single template file. To help with this, the UI builder has been updated to support localization and other features. The documentation has been expanded as well to explain how the new changes can be utilized. Migration information is included in the docs as well.

Cryptography has been enhanced further in this release. In particular, the configuration of sensitive information, like signing keys, is now encrypted at rest, in memory, and encrypted an additional time while in transit. Support for symmetric signing and verification has also been added. The SDK has been enhanced to allow plug-ins to obtain configured keys, trust stores, and other key material.

Performance was also improved. Some customers may experience up to three times the amount of throughput as in 2.4.

See the complete list of fixes and improvements in the release notes, and let us know if you run into any issues. We hope you enjoy using this release as much as we enjoyed building it!