Connect2id server 7.8.2

2018-12-15

This second update of the Connect2id server this week is also intended for deployments with DynamoDB and addresses a similar issue to the one in 7.8.1.

Check out the release notes below for more information.

Download

To download a ZIP package of Connect2id server 7.8.2:

https://connect2id.com/assets/products/server/download/7.8.2/Connect2id-server.zip

SHA-256: 0f78809a6e698a87c0c3e76ab33b24707b5b5368d3d203345b5941ac13a81e04

As WAR package only:

https://connect2id.com/assets/products/server/download/7.8.2/c2id.war

SHA-256: 0f78809a6e698a87c0c3e76ab33b24707b5b5368d3d203345b5941ac13a81e04

Questions?

Get in touch with Connect2id support.

Release notes

7.8.2 (2018-12-15)

Resolves issues

  • Updates persistence of consent sessions in DynamoDB to prevent exceptions on missing optional consent record scope and claims fields. All deployments utilising DynamoDB should update (issue server/412).

Dependency changes

  • Updates to com.nimbusds:oauth2-oidc-sdk:6.5

Connect2id server 7.8.1

2018-12-14

This update of the Connect2id server fixes a bug which affects retrieval of authorisation session data persisted in DynamoDB. All deployments that use DynamoDB should update.

Check out the release notes below for more information.

Download

To download a ZIP package of Connect2id server 7.8.1:

https://connect2id.com/assets/products/server/download/7.8.1/Connect2id-server.zip

SHA-256: aef1cb40d1b50f42d0250304abbdc9e24bac00a6e26ebfd0682007b5e71e4dab

As WAR package only:

https://connect2id.com/assets/products/server/download/7.8.1/c2id.war

SHA-256: 1d8dbf23d2457ebf476e05efa5ee59c9bb7911ef8ce10ccdc434822487fc5f1a

Questions?

Get in touch with Connect2id support.

Release notes

7.8.1 (2018-12-13)

Resolves issues

  • Updates persistence of consent sessions in DynamoDB to prevent exceptions on null claims, claims.id_token and claims.userinfo fields. All deployments utilising DynamoDB should update (issue server/411).

Dependency changes

  • Updates to com.nimbusds:oauth2-oidc-sdk:6.3

Connect2id server 7.8

2018-11-20

November's release of the OpenID Connect server updates OAuth 2.0 mutual TLS client authentication to accept Certificate Authority (CA) signed certificates.

Previously, for clients registered for self_signed_tls_client_auth, the Connect2id server would only accept strictly self-signed certificates. Starting with v7.8 client certificates that are signed by a CA will also be accepted.

In both cases -- self-signed or CA-signed certificate, the public key of the client certificate must be registered with the Connect2id server in JWK format, either by value (using the jwks client registration parameter) or by URL (using jwks_uri). Note that for a CA-signed certificate no PKI-based validation is done by the Connect2id server, only its public key must match the registered one. Prior PKI-based validation can still be performed in a TLS terminator set up in front of the server.

This authentication method is specified in OAuth 2.0 Mutual TLS profile (draft-ietf-oauth-mtls-12).

Check out the release notes below for more information.

Download

To download a ZIP package of Connect2id server 7.8:

https://connect2id.com/assets/products/server/download/7.8/Connect2id-server.zip

SHA-256: 04b4cd5194f2e2e8627aa86af5041c002bff87681537396c9553f682863f4bc2

As WAR package only:

https://connect2id.com/assets/products/server/download/7.8/c2id.war

SHA-256: 47c28265e05da49e003f775ba2e95e7daeed2c40fc831f7a3ce03e938b941622

Questions?

Get in touch with Connect2id support.

Release notes

7.8 (2018-11-20)

Summary

  • Updates self-signed certificate mutual TLS OAuth 2.0 client authentication (self_signed_tls_client_auth) to accept Certificate Authority (CA) signed certificates. Previously only strictly self-signed certificates were accepted. For self-signed as well as CA-signed certificates the public key of the certificate must be registered with the Connect2id server in JWK format, either by value (using the jwks client registration parameter) or by URL (using jwks_uri). See OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens (draft-ietf-oauth-mtls-12), section 2.2.

Resolves issues

  • Removes stray System.out.println in authorisation session handler (issue server/406).

  • Updates logging of the configuration for the client X.509 certificate request HTTP header set by the TLS termination proxy (code OP6900).

Dependency changes

  • Updates to com.nimbusds:oauth2-oidc-sdk:6.2

  • Updates to com.nimbusds:oauth-client-grant-handler:1.4