Skip to content
Connect2id
Connect2id server

Connect2id server 15.2

This Connect2id server release ships an update to the plugin interface (SPI) for sourcing claims (also called attributes) that get provided to client applications at the UserInfo endpoint and may also be fed into ID tokens and access tokens. The change enables plugins to find out the browser session ID where the claims sourcing was authorised.

The included plugin that delegates the claims sourcing to an HTTP endpoint was updated accordingly, so that web hooks that source such claims for the Connect2id server can find out the session ID or receive the complete session object. Note that the HTTP claims source plugin must be explicitly configured to receive these details, they will not be included by default.

This release also adds a measure to prevent the dispatch of back-channel logout notifications when the issuer alias mode PERSISTED_GRANT_ISOLATION is configured.

More information is available in the release notes below.

The dockerfile for the c2id/c2id-server-min image received a significant update that can be considered breaking. The c2id.war is now being copied unzipped to the docker image, to make it easier to edit its configurations files, for example the WEB-INF/log4j.xml that controls logging.

Download 15.2

For the signature validation: Public GPG key

Standard Connect2id server edition

Apache Tomcat package with Connect2id server 15.2: Connect2id-server.zip

GPG signature: Connect2id-server.zip.asc

SHA-256: 0d7b3bb9d560b6d6c0028fb11274912c1d9bb1f1afc066e2fca8f6d9fdb44b63

Connect2id server 15.2 WAR package: c2id.war

GPG signature: c2id.war.asc

SHA-256: 7888bcc9fc60baea6051b780a1902d3c24fcfdc505431e954ade47b014a3e96b

Multi-tenant edition

Apache Tomcat package with Connect2id server 15.2: Connect2id-server-mt.zip

GPG signature: Connect2id-server-mt.zip.asc

SHA-256: a09525dddc227d600555046b510a5d5007198a646e9b8af99a8ffd65c3b9e91f

Connect2id server 15.2 WAR package: c2id-mt.war

GPG signature: c2id-mt.war.asc

SHA-256: 3e4304f5767264aaccf856423a742579871ba04218b0e2c065b69af60bfa1aa0

Questions?

For technical questions about this new release contact Connect2id support. To purchase a production license for the Connect2id server, renew or upgrade your support and updates subscription, email our sales.

Release notes

15.2 (2024-02-16)

Configuration

  • /WEB-INF/httpClaimsSource.properties

    • op.httpClaimsSource.includeSubjectSessionID – New optional configuration property of type boolean. Enables / disables inclusion in the request of the subject (end-user) session ID where the claims sourcing was authorised. Disabled by default.

    • op.httpClaimsSource.includeSubjectSession – New optional configuration property of type boolean. Enables / disables inclusion in the request of the subject (end-user) session where the claims sourcing was authorised. Disabled by default.

SPI

  • Upgrades the Connect2id server SDK to com.nimbusds:c2id-server-sdk:5.2

    • New ClaimsSourceRequestContext.getSubjectSessionID method that returns the ID of the associated subject (end-user) session where the claims sourcing was authorised.

    • New SubjectSessionID interface to represent subject (end-user) session identifiers.

Resolved issues

  • When the op.issuerAliasMode configuration property is set to PERSISTED_GRANT_ISOLATION back-channel logout notifications on subject session close and expiration events must be disabled (issue server/969).

Dependency changes

  • Upgrades to com.nimbusds:c2id-server-sdk:5.2

  • Upgrades to com.nimbusds:oidc-claims-source-http:3.0

  • Updates to Log4j 2.22.1