Connect2id server 7.5.2

Posted on 2018-08-02

This week we have another patch release of the Connect2id server to properly clean up resources allocated by the back-channel logout token dispatcher on server shutdown. See the release notes for details.

Download

To download a ZIP package of Connect2id server 7.5.2:

https://connect2id.com/assets/products/server/download/7.5.2/Connect2id-server.zip

SHA-256: 048bb5c1e6483891c980a1670f19ac4e3746b65fd1a9e7c7ad6d5423bf939321

As WAR package only:

https://connect2id.com/assets/products/server/download/7.5.2/c2id.war

SHA-256: ab513eccb19f68fd1194ad6870f882a56cab4f621c985e847f2f6c561286b288

Questions?

Get in touch with Connect2id support.


Release notes

7.5.2 (2018-08-02)

Resolved issues

  • Forces close of all pooled HTTP connections in the back-channel logout token dispatcher on Connect2id server shutdown, works around Netty issue 6891 which prevented clean up of a ThreadLocal (issue server/393).

Connect2id server 7.5.1

Posted on 2018-07-30

This is a maintenance release of the Connect2id server which fixes a bug introduced in version 7.5 that prevented the server from receiving client X.509 certificates used for self-signed certificate authentication (self_signed_tls_client_auth) at the token endpoint. Further details in the release notes.

Download

To download a ZIP package of Connect2id server 7.5.1:

https://connect2id.com/assets/products/server/download/7.5.1/Connect2id-server.zip

SHA-256: 1f6c38de8ea72e5c94e32cf28d9963ff46cf3f939776e4a7d5dbabe389cf936d

As WAR package only:

https://connect2id.com/assets/products/server/download/7.5.1/c2id.war

SHA-256: 4b20b1c26a686ecaaf346e83b405f28ce70d5e6a7623b8d27f05aa1917353817

Questions?

Get in touch with Connect2id support.


Release notes

7.5.1 (2018-07-30)

Resolved issues

  • Fixes a bug introduced in Connect2id server 7.5 which prevented receiving client X.509 certificates set by a TLS termination proxy via the HTTP header configured in op.tls.clientX509CertHeader. The bug affected token requests by OAuth 2.0 clients / OpenID relying parties registered for self-signed certificate mutual TLS authentication (self_signed_tls_client_auth) (issue server/390).

Connect2id server 7.5 enables publishing of custom OpenID provider metadata

Posted on 2018-07-26

Support for custom OP / AS metadata

With Connect2id server 7.5 you can now include custom fields in the OpenID provider and OAuth 2.0 authorisation server metadata. To do that set the new op.customMetadata configuration property:

op.customMetadata = {"custom-param-1":"val-1","custom-param-2":"val-2"}

The custom-param-1 and custom-param-2 fields will then get published alongside the standard ones.

The JSON object can also be given an additional BASE64 encoding, to make it easier to pass the value in Connect2id server deployments configured via Java system properties set from a command line shell:

op.customMetadata = eyJjdXN0b20tcGFyYW0tMSI6InZhbC0xLCJjdXN0b20tcGFyYW0tMiI6InZhbC0yfQ==

Block client X.509 certificates at the token endpoint

The configuration was also extended to enable blocking of client certificates at the token endpoint, if for some reason issuing of client certificate bound access tokens, as per draft-ietf-oauth-mtls, is not desired. The default setting is to bind the tokens.

Download

To download a ZIP package of Connect2id server 7.5:

https://connect2id.com/assets/products/server/download/7.5/Connect2id-server.zip

SHA-256: b41c853d8a1dfd1a97e88154a019e09b84dd4c9f7f85e8130e7f80cefbd85835

As WAR package only:

https://connect2id.com/assets/products/server/download/7.5/c2id.war

SHA-256: 994378b93455692b3b3196179b2d82483520aed71b49db74d5fa60ca0b795e72

Questions?

Get in touch with Connect2id support.


Release notes

7.5 (2018-07-26)

Configuration

  • /WEB-INF/oidcProvider.properties

    • op.customMetadata — New configuration property for setting custom OpenID provider / OAuth 2.0 Authorisation server metadata to be included for publishing at the .well-known/openid-configuration and .well-known/oauth-authorization-server endpoints. If set the metadata must be represented as a JSON object string containing the custom fields, and can be optionally BASE64 encoded to ease passing the configuration property from a command line shell.

    • op.tls.blockClientX509Certs — New configuration property for blocking client X.509 certificates received at the token endpoint. Can be used to prevent binding of issued access tokens to client X.509 certificates received with a token request when such binding isn’t desired.

Dependency changes

  • Upgrades to org.asynchttpclient:async-http-client:2.5.2

  • Upgrades to com.zaxxer:HikariCP:2.7.9

  • Upgrades to org.mariadb.jdbc:mariadb-java-client:2.2.6

  • Upgrades to org.postgresql:postgresql:42.2.4