Connect2id server 7.8
Previously, for clients registered for self_signed_tls_client_auth, the Connect2id server would only accept strictly self-signed certificates. Starting with v7.8 client certificates that are signed by a CA will also be accepted.
In both cases -- self-signed or CA-signed certificate, the public key of the
client certificate must be registered with the Connect2id server in JWK
format, either by value (using the
jwks client registration parameter) or by
jwks_uri). Note that for a CA-signed certificate no PKI-based
validation is done by the Connect2id server, only its public key must match the
registered one. Prior PKI-based validation can still be performed in a TLS
terminator set up in front of the server.
This authentication method is specified in OAuth 2.0 Mutual TLS profile (draft-ietf-oauth-mtls-12).
Check out the release notes below for more information.
To download a ZIP package of Connect2id server 7.8:
As WAR package only:
Get in touch with Connect2id support.
- Updates self-signed certificate mutual TLS OAuth 2.0 client authentication (self_signed_tls_client_auth) to accept Certificate Authority (CA) signed certificates. Previously only strictly self-signed certificates were accepted. For self-signed as well as CA-signed certificates the public key of the certificate must be registered with the Connect2id server in JWK format, either by value (using the jwks client registration parameter) or by URL (using jwks_uri). See OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens (draft-ietf-oauth-mtls-12), section 2.2.
Removes stray System.out.println in authorisation session handler (issue server/406).
Updates logging of the configuration for the client X.509 certificate request HTTP header set by the TLS termination proxy (code OP6900).
Updates to com.nimbusds:oauth2-oidc-sdk:6.2
Updates to com.nimbusds:oauth-client-grant-handler:1.4