Blog »

Connect2id server 9.1.1 and 8.2.2

2020-03-26

This is a maintenance release of the Connect2id server.

The update is recommended for stateless Connect2id server deployments (single node or cluster) with an SQL RDBMS (MySQL, PostgreSQL, Microsoft SQL server). This applies to the Infinispan configuration files with the following pattern:

/WEB-INF/infinispan-stateless-{mysql|postgres95|sqlserver}.xml

Stateless cluster deployments with Redis as the in-memory / cache store are not affected.

The update fixes a bug which can cause premature expiration of OAuth 2.0 authorisation codes resulting from a prompt=none authorisation request, or from an authorisation request which was fulfilled from persisted consent (where the entire consent was on record), causing the code-for-token exchange to fail with an invalid / expired code error message.

The release notes below provide more information.

Download 9.1.1

To download a ZIP package of Connect2id server 9.1.1:

https://connect2id.com/assets/products/server/download/9.1.1/Connect2id-server.zip

SHA-256: 79fbfe1785d03c0260dac506a9092c9820162c3c0725ad6058c5bcee73033b80

As WAR package only:

https://connect2id.com/assets/products/server/download/9.1.1/c2id.war

SHA-256: 1622db4e9d7e29142d5df0a88261941ae3648628f73413408508007877342a83

Download 8.2.2

To download a ZIP package of Connect2id server 8.2.2:

https://connect2id.com/assets/products/server/download/8.2.2/Connect2id-server.zip

SHA-256: 2323b1d98f7c0e94bd92eb137a7b650fc9a4591151f604d8f9a1c62da7378d03

As WAR package only:

https://connect2id.com/assets/products/server/download/8.2.2/c2id.war

SHA-256: 26ced5bb3044ab8c2b8541a2fc31d81b7b2eb8d0b224b179d56a6761265b0bd3

Questions?

Contact Connect2id support.

Release notes

9.1.1 (2020-03-26)

Resolved issues

  • Fixes premature expiration of OAuth 2.0 authorisation codes resulting from prompt=none or persisted consent authorisations in stateless Connect2id server deployments (single node or cluster) with an SQL RDBMS database (MySQL, PostgreSQL, Microsoft SQL server). Applies to Infinispan configurations infinispan-stateless-{mysql|postgres95|sqlserver}.xml (where Redis is not used as an in-memory cache / store). Affected deployments should update (issue authz-store/176).

  • Adds debug logging for authorisation grant put (AS0230) and authorisation grant retrieval (AS0222) (issues authz-store/174 and 175).

Dependency changes

  • Upgrades to com.nimbusds:oauth2-authz-store:14.4.2

  • Updates to com.nimbusds:nimbus-jose-jwt:8.11

8.2.2 (2020-03-26)

Resolved issues

  • Fixes premature expiration of OAuth 2.0 authorisation codes resulting from prompt=none or persisted consent authorisations in stateless Connect2id server deployments (single node or cluster) with an SQL RDBMS database (MySQL, PostgreSQL, Microsoft SQL server). Applies to Infinispan configurations infinispan-stateless-{mysql|postgres95|sqlserver}.xml (where Redis is not used as an in-memory cache / store). Affected deployments should update (issue authz-store/176).

Dependency changes

  • Upgrades to com.nimbusds:oauth2-authz-store:14.2.1

  • Updates to com.nimbusds:nimbus-jose-jwt:8.11