Connect2id server 7.4

Following last week's release of Connect2id server 7.3 which brought support for the OpenID Connect front and back-channel logout extensions we now have a small update to the logout session web API.

If your deployment only needs to handle logout requests initiated by the OpenID provider (i.e. no logout requests received from OpenID relying parties), the API will be enabled without having to declare a logout page (end-session endpoint) in the server configuration. This should make more sense to developers and integrators of the Connect2id server.

You can find further information in the release notes below.

Download

To download a ZIP package of Connect2id server 7.4:

https://connect2id.com/assets/products/server/download/7.4/Connect2id-server.zip

SHA-256: 2752304c12e1e8236f9917d4ffa3f151e1a53ce1c5d79c0fe73477c8752b2b96

As WAR package only:

https://connect2id.com/assets/products/server/download/7.4/c2id.war

SHA-256: f7cc07756f9ee4737ad53b55746480bc7fcdb6fc19d75b1b6fdf169d4e591538

Questions?

Get in touch with Connect2id support.


Release notes

7.4 (2018-07-16)

Web API

  • /logout-sessions/rest/v1/

    • Updates the logout session web API so that OpenID provider (OP) initiated logout requests are accepted for processing without a configured OpenID Connect end-session endpoint URL (see op.logout.endpoint and OpenID Connect Session Management 1.0, section 5. RP-Initiated Logout (draft 28)). The API change was made because a logout (end-session) HTML page is not technically required for OP-initiated logout requests, only for RP-initiated ones (issue server/383).