Features
- disable caching token introspection results by setting
OIDCOAuthTokenIntrospectionIntervalto-1; thanks @wadahiro - add exec support to
OIDCCryptoPassphrase; thanks @spanglerco - delete stale session cookies that aren't in the cache; thanks @spanglerco
- allow
OIDCDiscoverURLto be a relative URL; thanks @spanglerco - add
OIDCCABundlePathfor configuring path to curl CA bundle; thanks @spanglerco
Bugfixes
- enable authentication of sub-requests when the main request doesn't require authentication; thanks @spanglerco
- fix content processing for info and JWKs handler so mod_headers etc. work; closes #497
- avoid Apache 2.4 appending 401 HTML document text to step-up authentication HTML refresh page; closes #484
- add config check for
OIDCCryptoPassphrasein OAuth 2.0 RS setup with cache encryption enabled - populate
AUTH_TYPEwhen performing authentication; thanks @spanglerco - improve sanity checking on Redis reply
Security
- ensure that
subis returned from the userinfo endpoint following https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse; prevents potential ID spoofing; thanks Christian Fries of Ruhr-University Bochum - don't printout JSON errors about NULL characters in error log; thanks Christian Fries of Ruhr-University Bochum
- restrict printout of JSON parsing errors to 4096 bytes; thanks Christian Fries of Ruhr-University Bochum
Dependencies
libcjose >= 0.5.1
if your distribution does not providelibcjosein its package repository, recent packages for a number of platforms are available from the "Assets" section in release 2.4.0
Other
- binary packages for various other platforms such as Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7 Power PC (ppc64, ppc64le), Oracle Linux 6, older Ubuntu and Debian distro's, SUSE Linux Enterprise Server, IBM HTTP Server 8.5.5, Mac OS X and Microsoft Windows 64bit are available under a commercial agreement via sales@zmartzone.eu
- support for Redis (TLS) Cluster and Redis over TLS is available under a commercial license via sales@zmartzone.eu