Bugfixes
- fix "graceful" restart for shm/redis cache backends; see #296
- fix public client configurations; also add support for endpoint authentication method
none - fix issue with the combination of shared memory (
shm) cache and using encryption (OIDCCacheEncrypt On) where the cache value would be corrupted after the first (successful) retrieval
Features
- optionally remove request object parameters from the authorization request URL with
copy_and_remove_from_request; see #294 - add regex substitution for
*RemoteUserClaim; thanks @hihellobolke - add issuer specific redirect URI option (
issuer_specific_redirect_uri) for multi-provider setups to mitigate IDP mixup; see #291 - update experimental token binding support to https://tools.ietf.org/html/draft-ietf-tokbind-ttrp-01 and use header names prefixed with
Sec-; depends on mod_token_binding >=0.3.4now
Other
- don't abort when mutex operations fail and printout textual descriptions of errors returned by mutex operations
- support paths that are relative to the Apache root dir for:
OIDCHTMLErrorTemplate,OIDCPublicKeyFiles,OIDCPrivateKeyFiles,OIDCOAuthVerifyCertFiles,OIDCClientTokenEndpointCert,OIDCClientTokenEndpointKey,OIDCOAuthIntrospectionEndpointCertandOIDCOAuthIntrospectionEndpointKey - properly support JSON boolean values in metadata
.conffiles - add FreeBSD instructions to documentation; see #298
Packaging
- the libcjose 0.5.1 binaries that this module depends on are available from the release 2.3.0 "Downloads" section
- Ubuntu Wily packages can also be used on Ubuntu Xenial, Yakkety, Zesty and Artful; the Debian Wheezy package can be used on Ubuntu Precise