Release 11.0.0

What's New

Release 11.0.4

Session expiry notification

To improve security and enhance the user experience, a browser session expiration alert has been introduced. Previously, users were not notified about session expiration, which caused the page to become unresponsive. Any action by the user revalidated the session and automatically logged them in, interrupting tasks after being idle. Now, a notification will appear on the screen a few minutes before the session is set to expire, providing an option to either continue the session or log out. If the user does not act on the notification within the given timeframe, they will be automatically logged out and prompted to log in again.

Release 11.0.3

Enhanced security measures implemented to protect against email flooding

A captcha mechanism has been introduced to mitigate the issue of email flooding in the Forgot Environment Name scenario. Now, when there are multiple requests, the captcha will be activated to guard against attacks.

FAQ section added to IBM webMethods iPaaS

IBM webMethods iPaaS documentation now includes a dedicated section for FAQs, addressing frequently asked questions and providing answers to common queries.

Release 11.0.2

Multiple user locked email

Prior to this release, a single user locked email was sent after the initial sequence of 10 invalid authentication attempts within a short time window. Now, upon expiration of the temporary lock (by default after 5 minutes), if additional invalid authentication attempts occur, more emails are sent. These emails include information on the number of attempts made and the duration of the ongoing temporary lock. This enhancement facilitates troubleshooting scenarios where temporary locks are triggered by a connection or API call with invalid credentials that repeatedly attempt authentication.

More control of onboarding users from external Identity Providers

When the Allow login if username exists setting of Single sign-on is enabled, IBM webMethods iPaaS users can log in from multiple Identity Providers (IdPs) linked to a single user profile. This can make it convenient for the same user to log in via different Identity Providers, but it does add some uncertainty regarding the security roles of such users.
With this release, a Cloud Tenant Administrator or an Account Administrator can now disconnect (forget) the user from any of the Identity Providers, ensuring that at least one remains linked. This allows administrators to correct undesired instances of users with multiple Identity Providers, providing them with more control over the associated security roles.

Release 11.0.1

Improved user locked email

The user locked email has now been enhanced to offer additional information about the potential causes for the account lock. It provides guidance on the required actions, including details on the number of consecutive incorrect authentication attempts associated with IBM webMethods iPaaS and the duration of the user lock until when it will remain in effect.

Separation of Free Forever tenants of IBM webMethods API Gateway and IBM webMethods Developer Portal

Prior to this release, the IBM webMethods API Gateway and IBM webMethods Developer Portal were bundled together when requesting a Free Forever edition of IBM webMethods API. Now, each product can be subscribed independently, and each has its own lifecycle.

Release 11.0.0

Use your Identity Provider as the default login page

You can now configure any external identity providers as the primary identity provider (IdP) to authenticate users for IBM webMethods iPaaS products.

With this newly added feature, you can set an external IdP as the Default identity provider on the Single Sign-On (SSO) page and use a direct login URL for your identity providers.

Read More