Connect2id server 11.6.2
This is a maintenance update of the Connect2id server for OAuth 2.0 authorisation and OpenID Connect sign-in.
Check the release notes for more information.
Download
Standard Connect2id server edition
Apache Tomcat package with Connect2id server 11.6.2: Connect2id-server.zip
SHA-256: 6f70d8f0521420860249e03d4fde6f781cddbe20c6c72e74d8b391d03ab73035
Connect2id server 11.6.2 WAR package: c2id.war
SHA-256: 18b57e2f57588ddf7e98847111916cd585c5198531da4bfab59db22bb9330e8b
Multi-tenant edition
Apache Tomcat package with Connect2id server 11.6.2: Connect2id-server-mt.zip
SHA-256: ab2fb95ae74b4fec71fab11a684b2531199ce409c3022d9059c76d393f390686
Connect2id server 11.6.2 WAR package: c2id-multi-tenant.war
SHA-256: 4db6b8f2232f4838777d9052dd0c5671a0c4c5bd55314390e1209999fe97662a
Questions?
Contact Connect2id support.
Release notes
11.6.2 (2021-05-21)
Resolved issues
Fixes the HTTP 401 error response for an HTTP GET /clients request with an invalid master access token. The bug was introduced in 11.6.1 (issue server/668).
Fixes bug introduced in 11.3 (2021-03-31) that allowed OpenID authentication requests with response_type=id_token or response_type=id_token token to pass without a nonce (issue oidc-sdk/363).
Updates the logout endpoint OP2711 log INFO message that an ID token hint is required when the RP requests a post-logout redirection (issue server/671).
Dependency changes
Updates to com.nimbusds:oauth2-oidc-sdk:9.5.2
Updates to com.nimbusds:nimbus-jose-jwt:9.9.3
Updates to Infinispan 9.4.22.Final
Updates to com.google.crypto.tink:tink:1.5.0