Skip to content
Connect2id
Connect2id server

Connect2id server 19.1.1

This maintenance update of the Connect2id server fixes an issue that affected the use by clients of encrypted ID token hints in login requests as well as an issue that concerned the op.idToken.includeSubjectSessionClaims configuration property. More information about the release and the two fixed issues can be found in the notes below.

Download 19.1.1

For the signature validation: Public GPG key

Standard Connect2id server edition

Apache Tomcat package with Connect2id server 19.1.1: Connect2id-server.zip

GPG signature: Connect2id-server.zip.asc

SHA-256: e056bf2a7ee1b3e087f5354d10798a7bac67df755b825f62df2851287565aff2

Connect2id server 19.1.1 WAR package: c2id.war

GPG signature: c2id.war.asc

SHA-256: d69c516c86a788eef83d17ad716ad7197cf3755f7d4e5cdc6c8f72fd84375011

Multi-tenant edition

Apache Tomcat package with Connect2id server 19.1.1: Connect2id-server-mt.zip

GPG signature: Connect2id-server-mt.zip.asc

SHA-256: d372ccf1c2fb17c1d882d2665825f8f4f55224911da07ce782ebb3aa78aa240a

Connect2id server 19.1.1 WAR package: c2id-mt.war

GPG signature: c2id-mt.war.asc

SHA-256: 754b743160e1f17812058d78463b36cf4b5a28c95e3d13131347e3e6ee54b1aa

Questions?

For technical questions about this new release contact Connect2id support. To purchase a production license for the Connect2id server, renew or upgrade your support and updates subscription, email our sales.

Release notes

19.1.1 (2025-08-08)

Resolved issues

  • An empty op.idToken.includeSubjectSessionClaims configuration property must specify an empty list (no claims), not the default * (all claims) setting (issue server/1108).

  • Fixes an issue that prevented the use of encrypted ID token hints (id_token_hint) by clients at the authorisation endpoint. The issue was caused by incorrect introspection of ID token hints for the act (actor) claim for ID tokens issued in act-as and on-behalf-of scenarios (issue server/1107).

  • Includes additional information in the error_description for an incorrectly encrypted ID token hint (id_token_hint) to aid client developers. Common client errors include missing or incorrectly set cty (content type) header, missing kid (key ID) header (issue server/1110).

  • Abbreviates the names of URN-based OAuth 2.0 grant types in OP6225 and OP6226 token endpoint log INFO messages (issue server/1090).

Dependency changes

  • Updates to com.nimbusds:common:3.7.2