Connect2id server 6.6.1 maintenance release

2017-04-12

This is a small maintenance release of the Connect2id server.

Summary:

1. Fixes client_secret provisioning client_secret_jwt authentication with HS384 and HS512 at the token endpoint to ensure the client secret is of sufficient length for the HMAC algorithm.

2. Upgrades several dependencies under the hood - the OAuth 2.0 / OpenID Connect SDK, Nimbus JOSE+JWT, the JDBC connector for MySQL databases and Log4j.

Download

To download a ZIP package of Connect2id server 6.6.1:

https://connect2id.com/assets/products/server/download/6.6.1/Connect2id-server.zip

(SHA-256: a8360793842a68aa3758682bf16b69a7bf1aac9f6ffb309b609a7518e922d549)

As WAR package only:

https://connect2id.com/assets/products/server/download/6.6.1/c2id.war

(SHA-256: 7dd33494e40a889cbcd4427117af1d08d4b28539a4402b916c62dff1b1fca739)

Questions?

Get in touch Connect2id support to receive assistance.

---

Release notes

6.6.1 (2017-04-12)

Configuration

• No changes

Web API

• No changes

Bug fixes

• For client_secret provisioning for client_secret_jwt authentication with HS384 and HS512 at the token endpoint to ensure the client secret is of sufficient length for the HMAC algorithm (issue #272).

Dependencies

• Upgrades to com.nimbusds:oauth2-oidc-sdk:5.24.2

• Upgrades to com.nimbusds:nimbus-jose-jwt:4.35

• Upgrades to mysql:mysql-connector-java:5.1.41

• Upgrades to Log4j 2.8.2