Gravitee.io AM 2.6
We are pleased to announce that Gravitee.io Access Management 2.6 is now available.
What’s new ?
Here are the highlights of this release:
- Brute Force Authentication detection
- Security domains deployment
- OpenID Connect Identity Provider
Prevent brute force attack
A common threat web developers face is a password-guessing attack known as a brute force attack. A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works.¹
Gravitee.io Access Management 2.6 will let you lock out accounts after a defined number of incorrect password attempts. Brute Force Detection can be configured at security domain level or could be overridden by each application.
Account lockouts can last a specific duration and those accounts could be manually unlocked by the administrator users.
Security domains deployment
Gravitee.io AM 2.6 introduces tags aware sharding to manually control security domains deployment across sharding zones (e.g Data Center).
You will be able to deploy security domains where you want it for security reasons (private zone, public zone) or to create an architecture evenly distributed.
OpenID Connect Identity Provider
OAuth 2.0 Identity Provider has been updated to support OpenID Connect Implicit Flow (response_type=id_token or id_token+token) and will allow any OpenID Connect Server Provider to be used to authenticate the users.
And more …
- Gateway refactoring (protocols are now plugins)
- OpenID Connect Dynamic Client Registration advanced features, with support for UserInfo and ID Token Encrypted responses. As usual, thanks alexandre faria for the amazing job on this part ;) !
To discover all these new features, just follow the installation guide or start to play with Gravitee.io by using Docker.
Waiting for your feedbacks, we would be happy to talk and help you from Gitter channel.