Blog »

Connect2id server 12.1

2021-07-05

The Connect2id server receives a maintenance update this week which also ships a new configuration setting to include a jti (JWT ID) claim in the issued ID tokens. This extra claim can be used to uniquely identify the token, be it for audit or other purposes.

To have the jti claim included in ID tokens:

op.idToken.includeJWTID=true

This release fixes several issues and is recommended for v12.0 deployments.

You can find more information in the release notes.

Download

Standard Connect2id server edition

Apache Tomcat package with Connect2id server 12.1: Connect2id-server.zip

SHA-256: be053c6974e9f76029223b7eaafb7209e48feeb5c9635db68ccb3f73229a3bf1

Connect2id server 12.1 WAR package: c2id.war

SHA-256: 39183858459e1ddbdb511e5383670f0d8a4fb6f09b10bf614e14327df26302a5

Multi-tenant edition

Apache Tomcat package with Connect2id server 12.1: Connect2id-server-mt.zip

SHA-256: d124cf2afd85970399db023e40c959b6e18f4ae72270750f5ed018ba12e0d1bb

Connect2id server 12.1 WAR package: c2id-multi-tenant.war

SHA-256: c45f9c2b83c71b2ef6b172f2645c1afedd15f8855a1aff2e5a28acb7992acae2

Questions?

Contact Connect2id support.

Release notes

12.1 (2021-07-05)

Configuration

  • /WEB-INF/oidcProvider.properties

    • op.idToken.includeJWTID -- New configuration property to enable / disable inclusion of a JWT ID claim ("jti") in issued ID tokens. Disabled by default.

Resolved issues

  • Fixes JSON encoding issue that affected serialisation of the ~/7E character into objects and for persistence since v11.3 (issue common/62).

  • Fixes a bug that prevented completion of plain OAuth 2.0 authorisation requests with prompt=none and resulted in a HTTP 500 server error. OpenID authentication requests were not affected (issue server/681).

  • Fixes the label for the OP6520 log event at the token introspection endpoint (issue server/687).

Dependency changes

  • Updates to com.nimbusds:oauth2-oidc-sdk:9.9.1

  • Updates to com.nimbusds:nimbus-jose-jwt:9.10.1

  • Updates to com.nimbusds:oauth2-authz-store:17.2

  • Updates to com.nimbusds:oidc-session-store:14.5.2

  • Updates to com.nimbusds:common:2.45.4

  • Updates to com.thetransactioncompany:pretty-json:1.4.3

  • Adds com.google.code.gson:gson:2.8.7