Release 2.4.12 was (re-)certified for all OpenID Connect Relying Party conformance profiles using the OpenID Foundation's certification suite: https://openid.net/certification/#RPs.
Features
- allow storing the
id_tokenin aclient-cookiebased session so that it can be used asid_token_hintvalue in a logout request later; see #812 and #888 - allow setting connection pool parameters for Memcache server connections; see #916; thanks @rpluem-vf
- add option to set a username for Redis >= 6.x ACL authentication via
OIDCRedisCacheUsername - register
request_object_signing_algin dynamic client registration when usingrequest_uri
Bugfixes
- increase size of the output buffer when using
libpcre2for substitution; closes #915 - support
OIDCSessionInactivityTimeoutvalues greater than 30 days when using Memcache; see #936, thanks @takesson - allow for step-up discovery with an external URL using HTML refresh; fixes behaviour on CentOS 7/8 when combined with
ProxyPass - apply exact length matching for
at_hashandc_hashvalidation - store access token obtained from backchannel in session over the one returned in the frontchannel for
code tokenandcode id_token tokenflows - check ID token signed response algorithm on backchannel
logout_tokenand retrieve its configuration value from the client metadata file
Packaging
- packages for CentOS 9, Debian Bookworm and Ubuntu Jammy have been added
- the (commercially provided) Windows 64bit/32bit builds now include support for Memcache and Redis
Commercial
- binary packages for various other platforms such as Microsoft Windows 64bit/32bit, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7/8 on Power PC (ppc64, ppc64le), Oracle Linux 6/7, older Ubuntu and Debian distro's, Oracle HTTP Server 11.1/12.1/12.2, IBM HTTP Server 8/9, Solaris 11.4, IBM AIX 7.2 and Mac OS X are available under a commercial agreement via sales@zmartzone.eu
- support for Redis over TLS, Redis (TLS) Sentinel, and Redis (TLS) Cluster is available under a commercial license via sales@zmartzone.eu