Connect2id server 12.17
This September release of the Connect2id server updates the
revocation web API
to enable callers to conserve server and network resources. When revoking the
tokens and persisted consent for a given subject (end-user) or client the
server will return all matching long-lived (persisted)
authorisations
that have been deleted. For a revoked client with thousands or millions of
end-users this can potentially result in the streaming of megabytes of removed
authorisations into the HTTP response. In such cases or whenever the revocation
is not interested in what authorisations are affected or their details, a new
quiet=true
query parameter can now be applied to omit the streaming and
return a HTTP 204 No Content response.
Example use of the quiet=true
query parameter when revoking a client with ID
zaqu4ong
:
POST /authz-store/rest/v3/revocation?quiet=true HTTP/1.1
Host: c2id.com
Authorization: Bearer ztucZS1ZyFKgh0tUEruUtiSTXhnexmd6
Content-Type: application/x-www-form-urlencoded
client_id=zaqu4ong
The HTTP 204 No Content response:
Status Code: 204 No Content
The authorisation session API and the token exchange plugin received two bug fixes.
Check the release notes below for details.
Download 12.17
For the signature validation: Public GPG key
Standard Connect2id server edition
Apache Tomcat package with Connect2id server 12.17: Connect2id-server.zip
GPG signature: Connect2id-server.zip.asc
SHA-256: 84959987d94ebca82ac9296161b63631d1fe71208250de5e01dfc682a14d5e79
Connect2id server 12.17 WAR package: c2id.war
GPG signature: c2id.war.asc
SHA-256: eb0cd476641f68228002d63af810fe26a83b5c1bb811ca22443691c4e8b5dd9e
Multi-tenant edition
Apache Tomcat package with Connect2id server 12.17: Connect2id-server-mt.zip
GPG signature: Connect2id-server-mt.zip.asc
SHA-256: 6941ba145e5f58073aeb05f004886a8d9a509cdb20ba9fb63418945063381179
Connect2id server 12.17 WAR package: c2id-multi-tenant.war
GPG signature: c2id-multi-tenant.war.asc
SHA-256: 504fe78e94d6d6f6ebd8bae647e15823336962043caa7c725346c740751d1c04
Questions?
If you have technical questions about this new release contact Connect2id support. To purchase a production license for the Connect2id server, renew or upgrade your support and updates subscription, email our sales.
Release notes
12.17 (2022-09-14)
Web API
-
/authz-store/rest/v2/revocation
- Adds support for an optional “quiet” query parameter when posting a
revocation. When set to
quiet=true
an HTTP 204 No Content response will be returned; if any authorisation(s) were matched by the revocation parameters and removed they will not be returned in the response body.
- Adds support for an optional “quiet” query parameter when posting a
revocation. When set to
Resolved issues
-
The authorisation session web API must not set the “required_sub” parameter in the authentication prompt to the end-user ID when the Connect2id server is configured with alwaysPromptForAuth=true and the end-user has an active session. This resulted in a incorrect OpenID Connect login_required error if the current end-user is (re)authenticated to another subject (end-user ID) as a result of the authentication prompt. The fix corrects the behaviour so that the original session is closed and a new one with the new subject (end-user ID) is started (issue server/781).
-
The op.grantHandler.tokenExchange.webAPI.actorToken.types configuration property of the token exchange grant handler plugin must support setting of no actor token types accepted. The default value must also be none (issue grant-handlers-web/1).
Dependency changes
-
Updates to com.nimbusds:oauth2-authz-store:18.2
-
Updates to com.nimbusds:oidc-session-store:14.9.2
-
Updates to com.nimbusds:oauth-grant-handlers-web:1.0.3
-
Updates to com.nimbusds:tenant-manager:6.0.4
-
Updates to com.nimbusds:tenant-registry:6.0.3
-
Updates to com.google.crypto.tink:tink:1.7.0
-
Updates DropWizard to 4.2.12
-
Updates to com.unboundid:unboundid-ldapsdk:6.0.6
-
Updates to com.nimbusds:infinispan-cachestore-sql:4.2.8
-
Updates to org.postgresql:postgresql:42.5.0
-
Updates to org.mariadb.jdbc:mariadb-java-client:2.7.6
-
Updates to com.microsoft.sqlserver:mssql-jdbc:11.2.1.jre11