Gravitee.io AM 2.6

Titouan Compiègne
May 24 · 2 min read

We are pleased to announce that Gravitee.io Access Management 2.6 is now available.

What’s new ?

Here are the highlights of this release:

  • Brute Force Authentication detection
  • Security domains deployment
  • OpenID Connect Identity Provider

Prevent brute force attack

A common threat web developers face is a password-guessing attack known as a brute force attack. A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works.¹

Gravitee.io Access Management 2.6 will let you lock out accounts after a defined number of incorrect password attempts. Brute Force Detection can be configured at security domain level or could be overridden by each application.

Brut Force detection settings

Account lockouts can last a specific duration and those accounts could be manually unlocked by the administrator users.

Unlock user account

Security domains deployment

Gravitee.io AM 2.6 introduces tags aware sharding to manually control security domains deployment across sharding zones (e.g Data Center).

You will be able to deploy security domains where you want it for security reasons (private zone, public zone) or to create an architecture evenly distributed.

Domain’s sharding tags

OpenID Connect Identity Provider

OAuth 2.0 Identity Provider has been updated to support OpenID Connect Implicit Flow (response_type=id_token or id_token+token) and will allow any OpenID Connect Server Provider to be used to authenticate the users.

OpenID Connect Identity Provider settings
Sign in with an OIDC Server

And more …


To discover all these new features, just follow the installation guide or start to play with Gravitee.io by using Docker.

Waiting for your feedbacks, we would be happy to talk and help you from Gitter channel.


graviteeio

Gravitee.io Blog