Connect2id server 2.3
There’s nothing fancy in the new 2.3 release of the Connect2id server, just a bunch of incremental improvements to provide for a more solid SSO, IdP and authorisation service, based on the standard OAuth 2.0 / OpenID Connect protocol stack.
1. Safer configuration
The Connect2id server configuration used to have properties that are given sensible default values in case they are undefined or commented out. While convenient, this makes it hard to detect mistyped property keys as then the default property would kick in and mask the configuration error. To address this from now on all configuration properties must be defined explicitly.
Other changes to make server configuration safer:
-
JWT-encoded access tokens can no longer be configured to include the end-user session ID as a claim; this can be a potential security risk and is no longer supported.
-
Added more checks to guard against potential misconfiguration.
2. You can register clients with preset ID’s
When new OAuth 2.0 / OpenID Connect clients are registered they are
automatically given a randomly generated client_id
. You now also have the
option to preset the client
identifier.
This feature was actually added in version 2.2 on customer request, but has not been announced here yet.
3. Infinispan 7
The Connect2id server has been upgraded to the latest 7th release of Infinispan which is used for clustered in-memory storage and caching. Among other things it adds support for handling partitioned (split-brain) clusters. We still have to evaluate whether this new feature applies to the data model of the Connect2id server which is optimised for availability and data consistency is less of an issue.
Please, also note that Infinispan 7 comes with a brand new XML configuration. While this may sound scary, migrating your existing config to the new format is relatively easy. Contact our support if you need assistance with that.
4. Other changes
The following components have also been upgraded:
- Version 3.2.2 of the Nimbus JOSE+JWT toolkit.
- Version 4.7.1 of the OAuth 2.0 / OpenID Connect toolkit.
- Version 2.0.6 of the Connect2id server toolkit.
Upgrading from 2.1 or later
How to upgrade to the new 2.3 release:
-
Save / backup your existing Connect2id server configurations in
webapps/c2id/WEB-INF
. -
Undeploy your existing
c2id
instance, e.g. from the Tomcat management panel. -
Deploy the new
c2id.war
onto your web server, which you can extract from the download package. -
Restore your previous configuration files, then remove the comments from all properties that used to have default values (see point 1). Also, make sure you migrate your existing Infinispan settings to the new format.
-
Restart the
c2id
instance.
Ready to try out the new Connect2id server?
Proceed to the download section to get the latest package. Should you have any questions, get in touch with us. We’ll be delighted to hear from you :-)