Connect2id server 7.13

This is a mini update to the Connect2id server for OpenID Connect and OAuth 2.0.

• Upgrades the Redis connector, also fixing a bug that affected bulk operations when listing registered clients, persisted authorisations and tenants via the Connect2id server web APIs. Deployments configured for stateless clustering with Redis are encouraged to update.

• Upgrades the Connect2id server internals and SDK to v4.4 to expose a JSON Web Signature (JWS) verifier to the context of the key-based access token codec SPI. Can be used to validate the JWS of custom hybrid access tokens (key-based access token encoded in a JWT with metadata).

• Adds new resource for storing optional metadata (as JSON object) for a tenant. Available on the multitenant edition of the Connect2id server.

Check the release notes for more information.

Download

To download a ZIP package of Connect2id server 7.13:

https://c2id-downloads.s3.eu-central-1.amazonaws.com/server/7.13/Connect2id-server.zip

SHA-256: 8c31a2a41cd659b0c83eac89f0d4177eb889f694b118c5edb0936a13c8c7625b

As WAR package only:

https://c2id-downloads.s3.eu-central-1.amazonaws.com/server/7.13/c2id.war

SHA-256: 7c474253393ae6e66fdae77c3919af6338842892fa68db1c8ddeb5580d1d5510

Questions?

Contact Connect2id support.

Release notes

7.13 (2019-06-25)

Configuration

• /WEB-INF/infinispan--redis-.xml

  • Upgrades the Redis store configuration XML schema to support two classes of store connectors - a simple connector supporting only load / store operations and an extended connector also supporting bulk operations.

Web API

• /tenants/rest/v1/{tid}/metadata

  • New resource for storing arbitrary metadata (as JSON object) for a tenant. Supports GET and PUT. Available on the multitenant edition of the Connect2id server.

SPI

• com.nimbusds.openid.connect.provider.spi.tokens.TokenCodecContext

  • Provides a JWSVerifier in the context of the IdentifierAccessTokenCodec and SelfContainedAccessTokenClaimsCodec SPIs. Can be used to validate the JSON Web Signature (JWS) of custom hybrid access tokens (identifier-based access token encoded in a JWT with metadata) or custom secured fields in a token. Requires version 4.4 of the Connect2id server SDK.

Resolved issues

• Works around an Infinispan issue which omitted objects in bulk retrieval operations in stateless deployments with a Redis cache and an underlying persisting database (SQL, LDAP). The issue affected listing of client registrations, authorisation records and tenants (in the multitenant edition) via the Connect2id server web APIs (issue server/467).

Dependency changes

• Upgrades to com.nimbusds:c2id-server-sdk:4.4

• Updates to com.nimbusds:tenant-manager:3.2.1

• Updates to com.nimbusds:tenant-registry:4.1

• Upgrades to com.nimbusds:oauth2-authz-store:12.0

• Updates to com.nimbusds:nimbus-jose-jwt:7.3.1

• Updates to com.nimbusds:common:2.34

• Upgrades to com.nimbusds:infinispan-cachestore-common:2.4

• Upgrades to com.nimbusds:infinispan-cachestore-redis:9.2.7