Connect2id server 6.2 makes it easier to implement stateless login / consent front-ends

This new release of the OpenID Connect / OAuth 2.0 server makes it easier to implement nible stateless UIs on top of it. It also exposes Redis client connection pool metrics (initially appeared in v5.0.5) for those of you who choose to deploy the Connect2id server in a two-tiered manner, with Redis / AWS ElastiCache providing the main in-memory store, and Infinispan the secondary (in invalidation mode).

Stateless front-ends

Stateless front-ends are good, because they are easy to maintain, deploy and scale.

One of the defining features of the Connect2id server is the avoidance of any hard-wired UIs; the server comes instead with a set of elegant web APIs so that all UI, such as login and consent interaction, is decoupled, and can be developed, tested and deployed independently. We have a nice guide explaining the advantages and mechanics of that.

Version 6.2 adds a new optional data parameter to the authorisation session, which can be used to store arbitrary state while the end-user credentials are being checked and consent is obtained. This may also include the duration to redirect to an external authentication service or another identity provider (IdP).

For example, the login page may offer the option to sign in with another IdP, such as Google or Twitter. Before the user gets redirected to the IdP of their choice, the state can be stored in the data parameter of the current authorisation session. Upon returning from the IdP, the state is resumed, and the login interaction can continue.

The data can be set at the start of the authorisation session, or at any time after that with a PUT call. To read the stored data do a GET for the authorisation session or a direct GET for the data sub-resource.

Check out the updated authorisation session API reference for details.

Redis connection pool metrics

If you have a Connect2id server cluster deployed with Redis / AWS ElastiCache as primary in-memory store and want to fine tune your Redis connection pools, these new metrics will provide you with the necessary data.

The new Redis connection pool gauges are made available at the existing /monitor/v1 endpoint, which already collects more than 100 metrics for all sorts of things.

Example Redis client connection pool metrics:

{
    "sessionStore.sessionMap.redisStore.numActiveConnections": {
      "value": 1
    },
    "sessionStore.sessionMap.redisStore.numIdleConnections": {
      "value": 6
    },
    "sessionStore.sessionMap.redisStore.numWaitingForConnection": {
      "value": 0
    },
    "sessionStore.sessionMap.redisStore.maxWaitingTimeForConnectionMs": {
          "value": 15
    },
    "sessionStore.sessionMap.redisStore.meanWaitingTimeForConnectionMs": {
      "value": 0
    }
}

Download

To download a ZIP package of Connect2id server 6.2:

https://connect2id.com/assets/products/server/download/6.2/Connect2id-server.zip

(SHA-1: a84329a865d8fa5ed49f2c937bb2e9300706b51a)

As WAR package only:

https://connect2id.com/assets/products/server/download/6.2/c2id.war

(SHA-1: 6ba80693c0fa0e46c0849d41358d9af892d58274)

Questions?

Get in touch Connect2id support, we'll be delighted to help out.


Release notes

6.2 (2017-01-12)

Configuration

  • No changes

Web API

  • /authz-sessions/rest/v3/

    • Enables storage of additional data in the authorisation session, to enable use cases such as a stateless login front-end that needs to perform a redirection to an external service or IdP as part of the authentication or consent process.
      • Adds new optional "data" parameter of type JSON object to the authorisation session.
      • The optional "data" can be set with the initial POST request for a new authorisation session, or with a dedicated PUT request to the authorisation session data resource.
      • The optional "data" can be retrieved with a GET for the authorisation session, or directly from the authorisation session data resource.
  • /monitor/v1/metrics

    • Adds Redis store connection pool metrics (of type gauge):
      • "[infinispan-cache-name].redisStore.numActiveConnections" -- the number of active Redis client connections in the pool.
      • "[infinispan-cache-name].redisStore.numIdleConnections" -- the number of idle Redis client connections in the pool.
      • "[infinispan-cache-name].redisStore.numWaitingForConnection" -- the number of threads waiting for a Redis client connection.
      • "[infinispan-cache-name].redisStore.meanWaitingTimeForConnectionMs" -- the mean time waiting to borrow a Redis client connection from the pool, in milliseconds.
      • "[infinispan-cache-name].redisStore.maxWaitingTimeForConnectionMs" -- the maximum time waiting to borrow a Redis client connection from the pool, in milliseconds.

Bug fixes

  • None

Dependencies

  • Upgrades to Nimbus JOSE+JWT 4.34.

  • Upgrades to Redis Store 8.2.1 (private Connect2id release)