AM 2.9

Titouan Compiègne
Sep 18, 2019 · 3 min read

We are pleased to announce that Access Management 2.9 is now available.

What’s new ?

Here are the highlights of this release:

  • New type of identity providers
  • Role Management

New type of identity providers

Currently applications can authenticate users against what we call internal identity providers, such as Active Directory, LDAP, Database, … or via external identity providers using protocols such as OpenID Connect.

Starting from the Access Management 2.9 version you will be able to use new enterprise identity providers for authentication, whatever the protocol used.

Bridging OIDC-OAuth 2.0/SAML 2.0

The first new identity provider that will be announced is the support of the SAML 2.0 protocol. You will be able to connect your SAML 2.0 Identity Provider to authenticate your users.

This identity provider will be released in the coming weeks, we will looking forward for new identity providers to offer flexibility and interoperability with your Information System. Stay tuned for more information.

Role Management

Until now, the only way to set roles to a user was to use the identity provider role mapper feature. You can now assign roles to users or groups directly from the administration UI or the REST API.

Application metadata

Applications (i.e a « clients ») have a new key/value map to store custom information. These information can be used in the tokens (Access or ID Token) via the token claims mapping feature.

Using the application metadata

Force user consent

Currently if a user has already approved consents, AM doesn’t prompt the consent page again until the consents have been expired or revoked.

You can now be able to force consent page via the query parameter prompt=consent during the login flow (OAuth 2.0/OIDC Authorization request)

Forcing the consent page can be useful for potential legal or business requirements (description has changed, new information, …).

And more …

  • Contextual information about the current authentication. If you have developed a custom identity provider you can now use contextual information (such as the incoming http request with the IP address, query parameters, …) to authenticate your users
  • Consent technical id can now be retrieved in the POST CONSENT Extension Point.

To discover all these new features, just follow the installation guide or start to play with by using Docker.

Waiting for your feedbacks, we would be happy to talk and help you from Gitter channel.

graviteeio Blog

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade