Connect2id server 5.0.1 maintenance release
Connect2id server users of the previous 5.0 release who still rely on the old version 2 of the authorisation session API (for binding an IdP login page and auth factors) are strongly advised to upgrade to this 5.0.1 maintenance release.
As you may recall, with Connect2id server 5.0 we updated the authorisation session API in order to support the OAuth 2.0 form_post response mode, and also to free integrators to implement custom and experimental response modes, such as Nat Sakimura's response mode based on window.postMessage.
This was a breaking change, which required a new API version - 3.
The old version 2 API is still supported, by means of a special filter that
rewrites the API messages from version 3. This maintenance release fixes a
rewrite bug that prevented correct reporting of HTTP 4xx status codes as well
as output from a GET /authz-session/v2/{sid} request.
The new version 3 API is unaffected.
Download
To download a ZIP package of Connect2id server 5.0.1:
https://connect2id.com/assets/products/server/download/5.0.1/Connect2id-server.zip
As WAR package only:
https://connect2id.com/assets/products/server/download/5.0.1/c2id.war
Questions?
Get in touch Connect2id support, we'll be delighted to help out.
Release notes
5.0.1 (2016-05-23)
Configuration
- No changes
Web API
- No changes
Bug fixes
- Fixes the servlet filter that provides a version 2 compatible view of the
Authorisation Session API at /authz-session/v2. The fixed bugs prevented the
correct output of 4xx HTTP responses from the API as well as GET
/authz-session/v2/{authz-session-id} responses (issue #213). Users of the
/authz-session/v2 API are strongly encouraged to upgrade. Users of the newer /authz-session/v3 API are not affected.
Dependencies
- No changes