Airlock IAM 7.1

Airlock IAM 7.1 is a general availability Release with long term support and it provides many new features.

The release focus is on the implementation of the Payment Services Directive (PSD2) for the German and French speaking market and on a new, structured reporting solution, which supports the use of SIEM systems more easily. In addition, the existing REST interfaces are extended to make flows even more powerful and flexible. The „Login REST UI“ additionally provides a modern login web application based on the REST API.

Dynamic Client Registration is a new feature in IAM 7.1 that optimizes operating costs for PSD2 because Trusted Third Parties can automatically register themselves based on OAuth standards. For the users of Docker as an operating environment, improvements have been implemented to reduce the docker image resource requirements and to make integration with Docker even more seamless and easier.

 

 

 

 

PSD2

For PSD2, IAM was extended to support both the implementation for NextGen PSD2 (Berlin Group) and the implementation of the PSD2 variant of STET. The functional scope includes the dynamic registration of technical clients and the enforcement of roles and consents for access to the exposed PSD2 API.  IAM has also been extended to support remote consents in addition to local consents. Using remote consent, the bank can finely granular obtain and enforce the consent of the bank's customers.

Reporting

IAM 7.1 offers a new, optional reporting component. For the implementation, great value was placed on backward compatibility and customers can run the current logging solution in parallel with the new reporting.

The optional reporting component includes the following functionality:

  • New reporting messages that are optimized for creating dashboards on authentication and the use of authentication factors.
  • All log and reporting messages are JSON structured and all semantically equivalent attributes are used identically for IAM and WAF.
  • Built-in support for Elasticsearch and Kibana incl. ES index templates and Kibana dashboards.

Flows

The extension of the REST interfaces for the Loginapp have been continued and the following functional extensions have been implemented:

  • Password Reset is now available as flow
  • Selection of the authentication flow based on the forward location
  • Role dependent conditions can be used in aurthentication flows.
  • Enhancements in self registration
    • Several different self registration flows can be offered.
    • Consent to terms of services may be requested within the scope of the flow.

Dynamic Client Registration for OAuth 2.0

Dynamic Client Registration can now also be used as part of the Authorization Server for OAuth 2.0, so that clients can register themselves via a new REST interface. The REST endpoint can be protected by client certificate authentication so that only authorized parties can register new clients. 

For NextGen PSD2, Dynamic Client Registration has been implemented so that a previously unknown client is registered on-the-fly and no separate REST endpoint has to be used. This registration requires that a trusted X.509 certificate be used by the client.

For the administration of dynamically registered clients an administrative REST API is offered as part of the admin application. 

 

 

 

 

Docker improvements

Support for Docker Deployments is constantly being improved. With IAM 7.1 the Docker Images of IAM are also available for download at Docker Hub. To improve the integration in Docker IAM offers a health check endpoint and also the logging integration is now realized by default via stdout. Another improvement is the substantial reduction of space needed by IAM containers.

Further innovations

Beside the mentioned new functions many extensions and improvements have been implemented. E.g.:

  • Transaction approval for Kobil TMS and matrix cards
  • Content Security Policy (CSP) for Loginapp HTML
  • OpenAPI specification for IAM including WAF templates
  • Performance optimization in Active Directory usage
  • Login REST UI - modern login web application based on REST API

 

Did we strike your chords?

Information for you

-Our whitepaper-

IT-security solutions

Digitalisation is presenting businesses with new challenges which go far beyond information technology. This primarily relates to an aspect which is becoming increasingly important: IT security.

Read our whitepaper to find out how IT-Security will become the pioneer of degitalization.

Request free of charge

Accelerate digitisation

To stay technically viable in this digital transformation, you must increasingly switch to hybrid cloud environments. This requires new security approaches as well as coordinated identity and access management.

Find out more in our whitepaper in collaboration with Deloitte, eperi and SHE.

Request free of charge

OWASP Top 10 for API Security

OWASP has created a new Top10 list for API Security. The top 10 listed reflect a broad consensus on what the most important API security issues are at the moment.

In our whitepaper you will learn how our Airlock API addresses the OWASP Top 10.

Request free of charge