We are pleased to announce that Gravitee.io Access Management 2.9 is now available.
What’s new ?
Here are the highlights of this release:
- New type of identity providers
- Role Management
New type of identity providers
Currently applications can authenticate users against what we call internal identity providers, such as Active Directory, LDAP, Database, … or via external identity providers using protocols such as OpenID Connect.
Starting from the Access Management 2.9 version you will be able to use new enterprise identity providers for authentication, whatever the protocol used.
The first new identity provider that will be announced is the support of the SAML 2.0 protocol. You will be able to connect your SAML 2.0 Identity Provider to authenticate your users.
This identity provider will be released in the coming weeks, we will looking forward for new identity providers to offer flexibility and interoperability with your Information System. Stay tuned for more information.
Until now, the only way to set roles to a user was to use the identity provider role mapper feature. You can now assign roles to users or groups directly from the administration UI or the REST API.
Applications (i.e a « clients ») have a new key/value map to store custom information. These information can be used in the tokens (Access or ID Token) via the token claims mapping feature.
Force user consent
Currently if a user has already approved consents, Gravitee.io AM doesn’t prompt the consent page again until the consents have been expired or revoked.
You can now be able to force consent page via the query parameter prompt=consent during the login flow (OAuth 2.0/OIDC Authorization request)
Forcing the consent page can be useful for potential legal or business requirements (description has changed, new information, …).
And more …
- Contextual information about the current authentication. If you have developed a custom identity provider you can now use contextual information (such as the incoming http request with the IP address, query parameters, …) to authenticate your users
- Consent technical id can now be retrieved in the POST CONSENT Extension Point.