Connect2id server 11.6.2

This is a maintenance update of the Connect2id server for OAuth 2.0 authorisation and OpenID Connect sign-in.

Check the release notes for more information.


Standard Connect2id server edition

Apache Tomcat package with Connect2id server 11.6.2:

SHA-256: 6f70d8f0521420860249e03d4fde6f781cddbe20c6c72e74d8b391d03ab73035

Connect2id server 11.6.2 WAR package: c2id.war

SHA-256: 18b57e2f57588ddf7e98847111916cd585c5198531da4bfab59db22bb9330e8b

Multi-tenant edition

Apache Tomcat package with Connect2id server 11.6.2:

SHA-256: ab2fb95ae74b4fec71fab11a684b2531199ce409c3022d9059c76d393f390686

Connect2id server 11.6.2 WAR package: c2id-multi-tenant.war

SHA-256: 4db6b8f2232f4838777d9052dd0c5671a0c4c5bd55314390e1209999fe97662a


Contact Connect2id support.

Release notes

11.6.2 (2021-05-21)

Resolved issues

  • Fixes the HTTP 401 error response for an HTTP GET /clients request with an invalid master access token. The bug was introduced in 11.6.1 (issue server/668).

  • Fixes bug introduced in 11.3 (2021-03-31) that allowed OpenID authentication requests with response_type=id_token or response_type=id_token token to pass without a nonce (issue oidc-sdk/363).

  • Updates the logout endpoint OP2711 log INFO message that an ID token hint is required when the RP requests a post-logout redirection (issue server/671).

Dependency changes

  • Updates to com.nimbusds:oauth2-oidc-sdk:9.5.2

  • Updates to com.nimbusds:nimbus-jose-jwt:9.9.3

  • Updates to Infinispan 9.4.22.Final

  • Updates to