We're pleased to announce the release of Curity Identity Server 4.0. This release is very rich in features and includes more improvements than any of our previous releases.
The biggest, and most exciting new feature is delegated administration. It is now event easier to restrict access to any configuration element in the entire data model. The restrictions can be per operation (like read, update, etc.) as well as per context (REST API, CLI, etc.). The permissioning system is based on NETCONF Access Control Model (NACM, RFC 6536). This subsystem has been in the product pre-1.0, but is now exposed through the UI, making it very easy to work with.
Below is a selection of what’s new in the 4.0 release.
- Delegated administration and group-based permissions can be configured in the UI
- Administrators can login with any supported data source (incl. LDAP, RDBMS, SCIM servers, etc.)
- The REST API has been deprecated and replaced with a new one that conforms to RESTCONF (RFC 8040)
- Elliptic curve supports has been added for signing and SSL
- Configuration can be parameterized with variables that are replaced with environment variables on load
- Services are now defined by role instead of ID to make elastic scaling easier to implement
- Three new actions are included:
- multi-factor authentication (MFA)
- sequence, and
- switch (i.e., if...else if...else)
- The UI has been simplified and now clearly shows how profiles are related
- Curity Identity Server now supports:
- HSTS is now supported per run-time node
- BankID's new SSL server
- We’ve also fixed issues related to dynamic client registration (DCR)
You can see the complete list of fixes and improvements in the release notes.