Connect2id server 3.2.1

8 July 2015

July sees another release of the Connect2id server for Single Sign-On with OpenID Connect, this time dedicated to fixing three issues submitted over the past few days.

Most significantly, the behaviour of the op.authz.alwaysPromptForConsent configuration setting has been extended to OpenID Connect prompt=none authentication requests. If enabled, this setting will no longer result in a consent_required error being returned to the client app with prompt=none. Instead, the Connect2id server API will generate the usual consent prompt message, allowing integrator’s code to perform various tasks, such as a preset_claims update, when a prompt=none request is being processed. We believe this change will make the API behaviour more consistent as well give integrators more options to play with.

For more information about the changes and bug fixes check the release notes below.

Download

To download a ZIP package of Connect2id server 3.2.1:

https://c2id-downloads.s3.eu-central-1.amazonaws.com/server/3.2.1/Connect2id-server.zip

As WAR only:

https://c2id-downloads.s3.eu-central-1.amazonaws.com/server/3.2.1/c2id.war

Questions?

Don’t hesitate to contact Connect2id support.

Connect2id Server 3.2.1 release notes

Configuration

/WEB-INF/oidcProvider.properties

* Extends the op.authz.alwaysPromptForConsent setting to apply to
  OpenID Connect prompt=none requests. A consent_required error will no
  longer be produced when this setting is enabled and a client requests
  an ID token refresh / user session check with prompt=none.

Web API

No changes

Dependencies

Upgrades to com.nimbusds:oauth2-oidc-sdk:4.14.1
Upgrades to com.nimbusds:oidc-session-store:2.2.1

Bug fixes

Fixes the URL encoding of login_required and consent_required OpenID Connect authentication request errors in the authorisation code flow (issue server/130).
Fixes deserialisation of subject identifiers with colons in cluster mode (issue session-store/15).