Connect2id server 2.4

The new 2.4 release of the Connect2id server allows administrators to override any configuration setting using standard Java system properties. Most of the underlying server components have also been upgraded.

Using system properties to override selected configuration details

The Connect2id server has been configured with the help of a few property files located in the WEB-INF folder of the web application. This method is proven and works well, but has its shortcomings:

• You need to repackage the WAR in order to make a configuration change.

• Managing configurations in a cluster or cloud environment where certain parameters need to change across server nodes is difficult. For example, you may want to have each Connect2id server node connect to a different LDAP server backend.

• You don’t want to store sensitive credentials, such as API access tokens or LDAP credentials, in the configuration files.

To address these issues the new 2.4 release allows any configuration setting to be overridden from system properties.

These are passed using the optional -D[property]=[value] argument to the JVM.

For example, to specify an LDAP server for the client registry from system properties:

-Dop.clientReg.ldapServer.url=ldap://192.168.100.200

In a Tomcat container these overriding properties can be set in the tomcat/bin/setenv.sh script.

If you’re using AWS Elastic Beanstalk to deploy your Connect2id server the properties can be set from the management console or CLI. Other PaaS providers offer similar means for setting the system properties environment for a Java web application.

Bug fixes

We fixed a bug that affected Infinispan serialisation of the client secret expiration in OpenID Connect client registrations when the value is set to zero (no expiration).

Other changes

The following components have also been upgraded:

• Version 3.4 of the Nimbus JOSE+JWT toolkit.
• Version 4.8 of the OAuth 2.0 / OpenID Connect toolkit.
• Version 2.0.7 of the Connect2id server toolkit.
• Version 1.3 of the LDAP claims source.
• Version 1.2 of the Password grant handler web API.
• Version 1.2 of the Client credentials grant handler.
• Version 7.0.2 of Infinispan.

Upgrading from 2.3

How to upgrade to the new 2.4 release:

1. Save / backup your existing Connect2id server configurations in webapps/c2id/WEB-INF.

2. Undeploy your existing c2id instance, e.g. from the Tomcat management panel.

3. Deploy the new c2id.war onto your web server, which you can extract from the download package.

4. Restore your previous configuration files.

5. Restart the c2id instance.

Ready to try out the new Connect2id server?

Proceed to the download section to get the new package. Questions? Get in touch with us, we’ll be delighted to hear from you.