Connect2id server 15.2
This Connect2id server release ships an update to the plugin interface (SPI) for sourcing claims (also called attributes) that get provided to client applications at the UserInfo endpoint and may also be fed into ID tokens and access tokens. The change enables plugins to find out the browser session ID where the claims sourcing was authorised.
The included plugin that delegates the claims sourcing to an HTTP endpoint was updated accordingly, so that web hooks that source such claims for the Connect2id server can find out the session ID or receive the complete session object. Note that the HTTP claims source plugin must be explicitly configured to receive these details, they will not be included by default.
This release also adds a measure to prevent the dispatch of back-channel
logout notifications
when the issuer alias mode
PERSISTED_GRANT_ISOLATION is configured.
More information is available in the release notes below.
The dockerfile for the
c2id/c2id-server-min
image received a significant update that can be considered breaking. The
c2id.war is now being copied unzipped to the docker image, to make it easier
to edit its configurations files, for example the WEB-INF/log4j.xml that
controls logging.
Download 15.2
For the signature validation: Public GPG key
Standard Connect2id server edition
Apache Tomcat package with Connect2id server 15.2: Connect2id-server.zip
GPG signature: Connect2id-server.zip.asc
SHA-256: 0d7b3bb9d560b6d6c0028fb11274912c1d9bb1f1afc066e2fca8f6d9fdb44b63
Connect2id server 15.2 WAR package: c2id.war
GPG signature: c2id.war.asc
SHA-256: 7888bcc9fc60baea6051b780a1902d3c24fcfdc505431e954ade47b014a3e96b
Multi-tenant edition
Apache Tomcat package with Connect2id server 15.2: Connect2id-server-mt.zip
GPG signature: Connect2id-server-mt.zip.asc
SHA-256: a09525dddc227d600555046b510a5d5007198a646e9b8af99a8ffd65c3b9e91f
Connect2id server 15.2 WAR package: c2id-mt.war
GPG signature: c2id-mt.war.asc
SHA-256: 3e4304f5767264aaccf856423a742579871ba04218b0e2c065b69af60bfa1aa0
Questions?
For technical questions about this new release contact Connect2id support. To purchase a production license for the Connect2id server, renew or upgrade your support and updates subscription, email our sales.
Release notes
15.2 (2024-02-16)
Configuration
/WEB-INF/httpClaimsSource.properties
op.httpClaimsSource.includeSubjectSessionID -- New optional configuration property of type boolean. Enables / disables inclusion in the request of the subject (end-user) session ID where the claims sourcing was authorised. Disabled by default.
op.httpClaimsSource.includeSubjectSession -- New optional configuration property of type boolean. Enables / disables inclusion in the request of the subject (end-user) session where the claims sourcing was authorised. Disabled by default.
SPI
Upgrades the Connect2id server SDK to com.nimbusds:c2id-server-sdk:5.2
New
ClaimsSourceRequestContext.getSubjectSessionIDmethod that returns the ID of the associated subject (end-user) session where the claims sourcing was authorised.New
SubjectSessionIDinterface to represent subject (end-user) session identifiers.
Resolved issues
- When the
op.issuerAliasModeconfiguration property is set to PERSISTED_GRANT_ISOLATION back-channel logout notifications on subject session close and expiration events must be disabled (issue server/969).
Dependency changes
Upgrades to com.nimbusds:c2id-server-sdk:5.2
Upgrades to com.nimbusds:oidc-claims-source-http:3.0
Updates to Log4j 2.22.1