March release of the Identity platform includes Ubisecure Identity Server 8.1. This new version brings new application and privileged user management API calls, WS-Federation protocol and tiered delegated role management improvements.
Mobile Connect
For GSMA Mobile Connect ID Gateway deployments, the new version provides a new mapping configuration API call to add the PCR (Pseudonymous Customer Reference) to the service provider applications. This new API will allow the operator to build self-service portals for third parties to integrate their application to use the Mobile Connect authentication and ensure that user privacy by only releasing an application specific identifier of the user identity.
Customer IAM
User management improvements include now the possibility to provide the service provider application more detailed information about the associated customer organizations. User belonging to more than one customer organization, e.g. 3rd party accountant or technical service person, has often received multiple application roles through multiple organization memberships.
When this user has logged in e.g. to the online service, the application receiving the user’s role information has had to implement multiple API calls towards to the Identity Server and additional logic to map the application roles to a specific customer accounts.
This application role and customer account linking can be now either be delivered to the application through a new authorization policy configuration or the application can invoke a REST API calls to list the delegation information making the use case of user representing multiple customer organizations much easier to implement.
Also, technical users such as system administrators who have been given rights to manage authentication method and application integration configurations can be now be managed using a REST API interface to meet compliance regulations.
Protocol improvements
Support for Web SSO standards has been extended with new WS-Federation protocol parameters for the identity provider configuration.
- wreply – the URL to which responses are directed chosen by the client
- wauth – indicates the required authentication level by the client
- whr – indicates the account partner realm of the client
- wfresh – indicates the freshness requirements of the client
Additionally, there has been several internal improvements starting from updated application server versions to improved security and scalability. Ubisecure customers and partners who have registered an Ubisecure account can check the SSO and CustomerID release notes from the Developer section for a detailed list of what’s new.
Contact us now to hear more.
About The Author: Jesse Kurtto
More posts by Jesse Kurtto