Compared to 2.1, a major architectural refactoring is proposed, with the following objectives:
- introduce a new, flexible UI for web access (Weblogin), which will
- replace the existing login forms for Admin Console and Enduser UI
- adapt to the configured Access Management features, i.e.
- if a given deployment supports a certain SAML 2.0 IdP or OpenID Connect Provider, then the login form will adapt accordingly
- if a given deployment requires MFA, the login form will handle the flow
- introduce a new component (APIGW), which will provide API gateway features
- introduce a new component (Keymaster) with purpose of coordinating all the other components, centralizing common configuration required by all domains; this will allow to go beyond the current multi-tenancy approach which requires a pre-existing Master domain and the need to handle off-line each domain's configuration
- split the existing features set into three subsets, so that any given deployment will pick only what required:
- idrepo - everything needed to manage identities as a repository: mainly, CRUD operations on Users, Groups and Any Objects
- idm - the provisioning features required to propagate, push and pull identities back and forth to External Resources
- am - the authentication and authorization features - mostly to build on top of existing libraries
