Releases: GluuFederation/oxAuth
Version 4.4.1
Version 4.3.1
Merge branch 'version_4.3.1' of https://github.com/GluuFederation/oxA…
Version 4.3.0
Merge remote-tracking branch 'origin/version_4.3.0' into version_4.3.0
Version 4.2.3
(4.2.3) added basic and post client authentication for stat https://github.com/GluuFederation/oxAuth/issues/1512
oxAuth Version 3.0.2
Notice
This document, also known as the Gluu Release Note, relates to the Gluu Release versioned 3.0.2 The work is licensed under “The MIT License” allowing the use, copy, modify, merge, publish, distribute, sub-license and sale without limitation and liability. This document extends only to the aforementioned release version in the heading.
UNLESS IT HAS BEEN EXPRESSLY AGREED UPON BY ANY WRITTEN AGREEMENT BEFOREHAND, THE WORK/RELEASE IS PROVIDED “AS IS”, WITHOUT ANY WARRANTY OR GUARANTEE OF ANY KIND EXPRESS OR IMPLIED. UNDER NO CIRCUMSTANCE, THE AUTHOR, OR GLUU SHALL BE LIABLE FOR ANY CLAIMS OR DAMAGES CAUSED DIRECTLY OR INDIRECTLY TO ANY PROPERTY OR LIFE WHILE INSTALLING OR USING THE RELEASE.
What's new in version 3.0.2
- Added: Default CORS support in web.xml file # 523
- Added: Client registration allowed with http for localhost #496
- Added: UMA RPT audit logs contain client_id and user_id #483
- Fixed: CORS filter not processing pre-flight requests #541 #458
- Fixed: "X-Frame-Options" header set by Apache prevents opiframe from being used by RP #543
- Fixed: Security error thrown using implicit flow when request the userinfo endpoint #529
- Fixed: UserInfoRestWebServiceImpl throwing 503 error #518
- Fixed: Error message #462
- Fixed: Binary tokens are indexed #194
- Fixed: UMA resource_set name is mandatory #468
- Fixed: Certificate authentication jetty support #481
oxAuth Version 3.0.1
Notice
This document, also known as the Gluu Release Note, relates to the Gluu Release versioned 3.0.1 The work is licensed under “The MIT License” allowing the use, copy, modify, merge, publish, distribute, sub-license and sale without limitation and liability. This document extends only to the aforementioned release version in the heading.
UNLESS IT HAS BEEN EXPRESSLY AGREED UPON BY ANY WRITTEN AGREEMENT BEFOREHAND, THE WORK/RELEASE IS PROVIDED “AS IS”, WITHOUT ANY WARRANTY OR GUARANTEE OF ANY KIND EXPRESS OR IMPLIED. UNDER NO CIRCUMSTANCE, THE AUTHOR, OR GLUU SHALL BE LIABLE FOR ANY CLAIMS OR DAMAGES CAUSED DIRECTLY OR INDIRECTLY TO ANY PROPERTY OR LIFE WHILE INSTALLING OR USING THE RELEASE.
What's new in version 3.0.1
There are some major changes in Gluu Server Community Edition 3.0.1 from replacing tomcat
with jetty
to dropping opendj
for openldap
. The changes are available in the documentation hosted at https://gluu.org/docs/operation/intro.
- Added: Escape parameter values to prevent XSS attack #459
- Added: EndSession endpoint accepts id_token or session_state to end session #439
- Added: Support JSON Property for HTTPOnly #412
- Added: JSON property to control writing last update time to LDAP #410
- Updated: log4j: 2.x from log4j 1.x
- Updated: Login page #414
- Updated: Jquery library updated to 1.12.4
- Fixed: NPE in 3.0.0
- Fixed: UMA AM validation for oxauth behind proxy #472
- Fixed: oxLastLoginTime fail : print also exception
- Fixed: High load performance fixed #461 #463 #438 #408 #400 #399 #384
- Fixed: Failed to register client with custom attribute "oxAuthTrustedClient" #476
- Fixed: U2F Authentication #455
- Fixed:
hostname
required to match in request to token_endpoint #451 - Fixed: Login page footer message #449
- Fixed: metricService doesn't persist statistics to LDAP #448
- Fixed: DUO script fail #444
- Fixed: Persist authorizations throws NPE #442
- Fixed: Setting Pre-Auth true should not allow anything writter under
ou=clientAuthorizations
#441 - Fixed: Persist Authorization not functioning #440
- Fixed: Any primaryKey except UID does not function #436
- Fixed: Token Introspection fixes #433 #432
- Fixed: Pairwise identifier shows inum in id_token and Userinfo #430
- Fixed: Replaced activemq-all jar with required libraries #425
- Fixed: SCIM-Client fails to authenticate with UMA #402
- Fixed: Attribute values stored as UTF-8 string #387
- Fixed: default_acr_value is not used in authentication process #383
- Fixed: Authenticator should not add default message if count of messages >0 #379
- Fixed: Show error page with timestamp on oxauth error #377
- Fixed: SCIM with certain values causes Server Error 500 #372
- Fixed: auth_level_mapping discovery has double array #366
Version 2.4.2
Notice
This document, also known as the Gluu Release Note, relates to the Gluu Release versioned 2.4.2. The work is licensed under “The MIT License” allowing the use, copy, modify, merge, publish, distribute, sub-license and sale without limitation and liability. This document extends only to the aforementioned release version in the heading.
UNLESS IT HAS BEEN EXPRESSLY AGREED UPON BY ANY WRITTEN AGREEMENT BEFOREHAND, THE WORK/RELEASE IS PROVIDED “AS IS”, WITHOUT ANY WARRANTY OR GUARANTEE OF ANY KIND EXPRESS OR IMPLIED. UNDER NO CIRCUMSTANCE, THE AUTHOR, OR GLUU SHALL BE LIABLE FOR ANY CLAIMS OR DAMAGES CAUSED DIRECTLY OR INDIRECTLY TO ANY PROPERTY OR LIFE WHILE INSTALLING OR USING THE RELEASE.
What's new in version 2.4.2
oxAuth
- Fixed: UMA ticket invalidation #179
Version 2.4.1
Notice
This document, also known as the Gluu Release Note, relates to the Gluu Release versioned 2.4.1. The work is licensed under “The MIT License” allowing the use, copy, modify, merge, publish, distribute, sub-license and sale without limitation and liability. This document extends only to the aforementioned release version in the heading.
UNLESS IT HAS BEEN EXPRESSLY AGREED UPON BY ANY WRITTEN AGREEMENT BEFOREHAND, THE WORK/RELEASE IS PROVIDED “AS IS”, WITHOUT ANY WARRANTY OR GUARANTEE OF ANY KIND EXPRESS OR IMPLIED. UNDER NO CIRCUMSTANCE, THE AUTHOR, OR GLUU SHALL BE LIABLE FOR ANY CLAIMS OR DAMAGES CAUSED DIRECTLY OR INDIRECTLY TO ANY PROPERTY OR LIFE WHILE INSTALLING OR USING THE RELEASE.
What's new in version 2.4.1
oxAuth
- Added: Device compromised mark based on U2F internal counter
- Added: UMA 1.0.1: JWT used for RPT #111
- Added: Generare password for JSF client state encrption #102
- Added: Auto authentication using an existing, valid session
- Fixed: JWT header type #109
- Fixed: session_id compliance with OpenID draft # 103
- Fixed: determination of supportedLDAPVersion attribute #105
- Fixed: Method to determine authorizationPage URL
- Fixed: Register Button Error on Login Form
- Fixed: client_id error handling on new authorization requests
- Updated: Paralled request to /oxauth/seam/resource/restv1/oxauth/authorize
- Updated: Richfaces JSF library version upgraded to 3.3.4.Final #101
- Updated: DUO Integration Script #114
- Updated: Check sessionUser upon acr_values change
- Updated: Jquery to version 1.11.4
- Updated: end session endpoint - post_logout_redirect_uri is optional
Version 2.4.0
Notice
This document, also known as the Gluu Release Note, relates to the Gluu Release versioned 2.4.0. The work is licensed under “The MIT License” allowing the use, copy, modify, merge, publish, distribute, sub-license and sale without limitation and liability. This document extends only to the "oxAuth" component of Gluu Server
UNLESS IT HAS BEEN EXPRESSLY AGREED UPON BY ANY WRITTEN AGREEMENT BEFOREHAND, THE WORK/RELEASE IS PROVIDED “AS IS”, WITHOUT ANY WARRANTY OR GUARANTEE OF ANY KIND EXPRESS OR IMPLIED. UNDER NO CIRCUMSTANCE, THE AUTHOR, OR GLUU SHALL BE LIABLE FOR ANY CLAIMS OR DAMAGES CAUSED DIRECTLY OR INDIRECTLY TO ANY PROPERTY OR LIFE WHILE INSTALLING OR USING THE RELEASE.
What's new in version 2.4.0
oxAuth
- Enhanced logout capabilities based on the new OpenID Connect draft for HTTP front channel logout
2 .Support for persistent pairwise identifiers in OpenID Connect - Support for private key OAuth2 client authentication #88
- Added support for OAuth 2.0 Form Post Response Mode #33
- Added ability to request PAT, AAT with client secret jwt
- Added meta tag for Internet Explorer compatability
- Added simple TokenRequest builder to simplify request construction for PAT/AAT
- Changed RDN of authorization_code grant #66
- Refresh token not persisted if token lifetime is 0
- Persist Authorizations by Person #83
- Script engine logs separated to new log file #77
- Skip client during html page construction if logout_uri is blank
- Added wikid person authentication module
- Disabled org.xdi.oxauth.ws.rs.ClientAuthenticationFilterEmbeddedTest.requestAccessTokenCustomClientAuth3
- Session not required to call logout.xhtml
- Fixed gplus login form
- Fixed various issues in front channel logout
- Fixed various issues with JWKs endpoints
- Cookie removed on session end if authorization grant is successfully identified by id_token_hint
- Pass client_id for PRIVATE_KEY_JWT authentication method
- Pass client_id parameter for PRIVATE_KEY_JWT
Version 2.3.5
Notice
This document, also known as the Gluu Release Note, relates to the Gluu Release versioned 2.3.5. The work is licensed under “The MIT License” allowing the use, copy, modify, merge, publish, distribute, sub-license and sale without limitation and liability. This document extends only to the aforementioned release version in the heading.
What's New?
- Allow SCIM to use custom attributes
- Allow to change user uid via SCIM API
- Render ldapURL value in attribute-resolver.xml and login.config properly if there are ore than 1 LDAP server
- Allow access to SCIM only users wich belong to manager group.
- Disable SCIM by default