Connect2id server 6.1.2 maintenance release

Posted on 2016-12-15

This is a quick maintenance release of the Connect2id server before we head into the holidays. What’s in it:

UTF8 support in MySQL

When the Connect2id server is provisioned with an MySQL backend, the server will automatically create all its tables when it accesses the database for the first time. In prior releases when this was done the tables assumed the default character set encoding of the provisioned database. This is typically set to "Latin1", which is suitable for strings using the latin alphabet, but not for other languages.

Starting from this version on the Connect2id server will explicitly set the character set of the tables that it creates to UTF-8, to ensure complete i18n support.

If you have an existing Connect2id server with an MySQL database where the character set was originally set to "Latin1", and you don’t expect to be using non-western languages, you can upgrade to 6.1.2 and continue with the same database as it is.

If you wish to switch your existing MySQL database to UTF-8, you will need to dump your data, and then import it into a freshly provisioned database. Some of the VARCHAR key columns will need to have their sizes adjusted, so that the total row size with multi-byte characters doesn’t exceed the MySQL restriction of 65535 bytes. Get in touch with our support to receive assistance.

Helpful error reporting on malformed basic client authentication

Every now and then we receive calls from developers who wonder why their client basic authentication at the token endpoint fails, despite having the correct credentials. That’s because the OAuth 2.0 spec (RFC 6749) mandates an additional layer of URL-encoding of the client_id and client_secret before they get concatenated, to prevent potential issues if they happen to contain the ‘:’ character that is meant to delimit them.

We updated the Connect2id server to return a more detailed error description whenever the basic authentication is malformed, and thus save developers and us time.

HTTP/1.1 400 Bad Request
Content-Type: application/json

  "error"             : "invalid_request",
  "error_description" : "Invalid request: Malformed client secret basic 
                         authentication (see RFC 6749, section 2.3.1): Missing 
                         credentials delimiter \":\""


To download a ZIP package of Connect2id server 6.1.2:

(SHA-1: 66ac83671ebb448112a38798a9c212d3d38b5451)

(SHA-1: 55f0663337eccec58e6611a30d02eb59f4a81ac0)


For any questions, post to the comments section below or email our support team.

Release notes for Connect2id server 6.1.2 (2016-12-15)


  • For Connect2id servers using MySQL as backend, updates the create table statements to explicitly make UTF-8 the default character set. The VARCHAR(x) sizes of key fields are adjusted where needed to accommodate the MySQL row restriction of 65535 bytes. Changes the type of "clients" fields "client_name", "client_uri", "logo_uri", "policy_uri", "tos_uri" and "data" from VARCHAR(X) to JSON. Changes the type of "id_access_tokens" fields "uip" and "dat" to JSON.

  • Improves error reporting on malformed client secret basic authentication at the token endpoint, includes reference to RFC 6749, section 2.3.1 (issue oidc-sdk/201).


  • /WEB-INF/infinispan-mysql.xml

    • Updates the MySQL JDBC URL to set the connection encoding to UTF-8, e.g. "jdbc:mysql://localhost/c2id?useUnicode=yes&characterEncoding=UTF-8"


  • No changes

Bug fixes

  • None


  • Upgrades to com.nimbusds:oauth2-authz-store:5.10

  • Upgrades to com.nimbusds:oidc-session-store:4.13

  • Upgrades to com.nimbusds:oauth2-oidc-sdk:5.19.1

  • Upgrades to com.nimbusds:nimbus-jose-jwt:4.33

  • Upgrades to com.nimbusds:common:2.2

  • Upgrades to com.nimbusds:infinispan-cachestore-ldap:2.2.2

  • Upgrades to com.nimbusds:infinispan-cachestore-sql:2.5.7

Connect2id server 6.1.1 maintenance release

Posted on 2016-11-29

We’re ending November with a small maintenance release of the Connect2id server that updates Infinispan and a number of other libraries to their most recent stable versions.

The provided H2 database config also received a tweak to make sure the H2 files can be correctly located and loaded at Connectid server startup, regardless of the current directory.

Check the release notes below to see what has been updated.


To download a ZIP package of Connect2id server 6.1.1:

(SHA-1: 4afec1b819b917b4cb968a00c84c6f1f3d8c0cd2)

(SHA-1: 2df2a17192bd0aed8ee8a3845a4baf2b03cdf6cf)


For any questions, post to the comments section below or email our support team.

Release notes for Connect2id server 6.1.1 (2016-11-29)


  • /WEB-INF/infinispan-h2.xml

    • Updates the H2 dataSource.url properties to permit Apache Tomcat startup from any current directory so that the H2 database files can be correctly located and loaded.


  • No changes

Bug fixes

  • None


  • Upgrades to com.nimbusds:oauth2-oidc-sdk:5.18.1

  • Upgrades to com.nimbusds:nimbus-jose-jwt:4.29

  • Upgrades to org.infinispan:infinispan-core:8.2.5

  • Upgrades to com.h2database:h2:1.4.193

  • Upgrades org.postgresql:postgresql:9.4.1212

  • Upgrades to mysql:mysql-connector-java:5.1.40

  • Upgrades JAX-RS Jersey to 2.24.1

  • Upgrades to Apache Commons IO 2.5

  • Upgrades Log4j to 2.7

Enjoy snappier metrics with Connect2id server 6.1

Posted on 2016-11-19

We updated the Connect2id server to deliver snappier metrics, especially if you’re dealing with very large user bases (in the order of 1 mio+ users). The primary metrics bottleneck were the gauges for tracking the number of active sessions and persisted authorisations. We optimised their responsiveness by patching up the Infinispan connectors for the Redis and SQL stores.

Various other bits and pieces also got small updates, such as the OAuth 2.0 / OpenID Connect SDK which captures much of the IdP / AS server logic.


To download a ZIP package of Connect2id server 6.1:

(SHA-1: 1cf1a8850392ddad8ace039c6b3350ea0ecd4664)

(SHA-1: 83ae7ba060e574a961bbf0733935802401508311)


For any questions, write the comments section below or email our support team.

Connect2id server 6.1 (2016-11-16)



  • /clients/

    • Returns detailed error_description on a client registration request for pairwise subject identifiers with one or more redirect_uris missing from the sector_identifier_uri document.
  • /monitor/v1/metrics

    • Adds new clientStore.numRegistrations gauge to track the number of OAuth 2.0 / OpenID Connect client registrations.

    • Deprecates the clientStore.numCachedRegistrations gauge, use clientStore.numRegistrations instead.

    • Improves responsiveness of the following object count metrics when Redis is utilised as primary or passivating in-memory session store: sessionStore.numSessions, authzStore.numAuthzCodes, authzStore.numIdAccessTokens, authzStore.numLongLivedAuthorizations, authzStore.numRevocationJournalEntries, authzSessionStore.numSessions and clientStore.numRegistrations.

Bug fixes

  • None


  • Upgrades to com.nimbusds:oauth2-oidc-sdk:5.17.6

  • Upgrades to com.nimbusds:oauth2-authz-store:5.9.3

  • Upgrades to com.nimbusds:oidc-session-store:4.12.2

  • Upgrades to com.nimbusds:infinispan-cachestore-common:1.3

  • Upgrades to com.nimbusds:infinispan-cachestore-ldap:2.2.1

  • Upgrades to com.nimbusds:infinispan-cachestore-sql:2.5.6

  • Upgrades to com.nimbusds:infinispan-cachestore-redis:8.2

  • Upgrades to redis.clients:jedis:2.8.2