Bugfixes
- fix
RequireAny
behaviour on 401/403/302: revert 9d6192b for non-stepup authentication cases
as the first non-matchingRequire claim
directive would immediately lead to an authorization error instead of continuing to process all Require statements to match any of those - make
OIDCUnautzAction 302|auth
(i.e. step up authentication) work with multiple/nestedRequire claim
expressions e.g. usingRequireAny
andRequire not claim
- fix refreshing claims from the userinfo endpoint when no
id_token
claims are stored in the session since environment variableOIDC_DONT_STORE_ID_TOKEN_CLAIMS_IN_SESSION
has been set - fix memory leak when refreshing claims from the userinfo endpoint
Other
- to make
OIDCUnAutzAction 403
actually return 403 in Apache 2.4 it also needsAuthzSendForbiddenOnFailure
again, i.e. the fix in 2.4.14 for it was reverted
Commercial
- binary packages for various other platforms such as Microsoft Windows 64bit/32bit, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7/8 on Power PC (ppc64, ppc64le), Oracle Linux 6/7, older Ubuntu and Debian distro's, Oracle HTTP Server 11.1/12.1/12.2, IBM HTTP Server 8/9, Solaris 11.4, IBM AIX 7.2 and Mac OS X are available under a commercial agreement via sales@openidc.com
- support for Redis over TLS, Redis (TLS) Sentinel, and Redis (TLS) Cluster is available under a commercial license via sales@openidc.com