OxAuth Versions Save

OAuth 2.0 server and client; OpenID Connect Provider (OP) & UMA Authorization Server (AS)

4.4.1

1 year ago

4.3.1

2 years ago

4.3.0

2 years ago

4.2.3

3 years ago

3.0.2

6 years ago

Notice

This document, also known as the Gluu Release Note, relates to the Gluu Release versioned 3.0.2 The work is licensed under “The MIT License” allowing the use, copy, modify, merge, publish, distribute, sub-license and sale without limitation and liability. This document extends only to the aforementioned release version in the heading.

UNLESS IT HAS BEEN EXPRESSLY AGREED UPON BY ANY WRITTEN AGREEMENT BEFOREHAND, THE WORK/RELEASE IS PROVIDED “AS IS”, WITHOUT ANY WARRANTY OR GUARANTEE OF ANY KIND EXPRESS OR IMPLIED. UNDER NO CIRCUMSTANCE, THE AUTHOR, OR GLUU SHALL BE LIABLE FOR ANY CLAIMS OR DAMAGES CAUSED DIRECTLY OR INDIRECTLY TO ANY PROPERTY OR LIFE WHILE INSTALLING OR USING THE RELEASE.

What's new in version 3.0.2

  1. Added: Default CORS support in web.xml file # 523
  2. Added: Client registration allowed with http for localhost #496
  3. Added: UMA RPT audit logs contain client_id and user_id #483
  4. Fixed: CORS filter not processing pre-flight requests #541 #458
  5. Fixed: "X-Frame-Options" header set by Apache prevents opiframe from being used by RP #543
  6. Fixed: Security error thrown using implicit flow when request the userinfo endpoint #529
  7. Fixed: UserInfoRestWebServiceImpl throwing 503 error #518
  8. Fixed: Error message #462
  9. Fixed: Binary tokens are indexed #194
  10. Fixed: UMA resource_set name is mandatory #468
  11. Fixed: Certificate authentication jetty support #481

v3.0.1

7 years ago

Notice

This document, also known as the Gluu Release Note, relates to the Gluu Release versioned 3.0.1 The work is licensed under “The MIT License” allowing the use, copy, modify, merge, publish, distribute, sub-license and sale without limitation and liability. This document extends only to the aforementioned release version in the heading.

UNLESS IT HAS BEEN EXPRESSLY AGREED UPON BY ANY WRITTEN AGREEMENT BEFOREHAND, THE WORK/RELEASE IS PROVIDED “AS IS”, WITHOUT ANY WARRANTY OR GUARANTEE OF ANY KIND EXPRESS OR IMPLIED. UNDER NO CIRCUMSTANCE, THE AUTHOR, OR GLUU SHALL BE LIABLE FOR ANY CLAIMS OR DAMAGES CAUSED DIRECTLY OR INDIRECTLY TO ANY PROPERTY OR LIFE WHILE INSTALLING OR USING THE RELEASE.

What's new in version 3.0.1

There are some major changes in Gluu Server Community Edition 3.0.1 from replacing tomcat with jetty to dropping opendj for openldap. The changes are available in the documentation hosted at https://gluu.org/docs/operation/intro.

  1. Added: Escape parameter values to prevent XSS attack #459
  2. Added: EndSession endpoint accepts id_token or session_state to end session #439
  3. Added: Support JSON Property for HTTPOnly #412
  4. Added: JSON property to control writing last update time to LDAP #410
  5. Updated: log4j: 2.x from log4j 1.x
  6. Updated: Login page #414
  7. Updated: Jquery library updated to 1.12.4
  8. Fixed: NPE in 3.0.0
  9. Fixed: UMA AM validation for oxauth behind proxy #472
  10. Fixed: oxLastLoginTime fail : print also exception
  11. Fixed: High load performance fixed #461 #463 #438 #408 #400 #399 #384
  12. Fixed: Failed to register client with custom attribute "oxAuthTrustedClient" #476
  13. Fixed: U2F Authentication #455
  14. Fixed: hostname required to match in request to token_endpoint #451
  15. Fixed: Login page footer message #449
  16. Fixed: metricService doesn't persist statistics to LDAP #448
  17. Fixed: DUO script fail #444
  18. Fixed: Persist authorizations throws NPE #442
  19. Fixed: Setting Pre-Auth true should not allow anything writter under ou=clientAuthorizations #441
  20. Fixed: Persist Authorization not functioning #440
  21. Fixed: Any primaryKey except UID does not function #436
  22. Fixed: Token Introspection fixes #433 #432
  23. Fixed: Pairwise identifier shows inum in id_token and Userinfo #430
  24. Fixed: Replaced activemq-all jar with required libraries #425
  25. Fixed: SCIM-Client fails to authenticate with UMA #402
  26. Fixed: Attribute values stored as UTF-8 string #387
  27. Fixed: default_acr_value is not used in authentication process #383
  28. Fixed: Authenticator should not add default message if count of messages >0 #379
  29. Fixed: Show error page with timestamp on oxauth error #377
  30. Fixed: SCIM with certain values causes Server Error 500 #372
  31. Fixed: auth_level_mapping discovery has double array #366

2.4.2

8 years ago

Notice

This document, also known as the Gluu Release Note, relates to the Gluu Release versioned 2.4.2. The work is licensed under “The MIT License” allowing the use, copy, modify, merge, publish, distribute, sub-license and sale without limitation and liability. This document extends only to the aforementioned release version in the heading.

UNLESS IT HAS BEEN EXPRESSLY AGREED UPON BY ANY WRITTEN AGREEMENT BEFOREHAND, THE WORK/RELEASE IS PROVIDED “AS IS”, WITHOUT ANY WARRANTY OR GUARANTEE OF ANY KIND EXPRESS OR IMPLIED. UNDER NO CIRCUMSTANCE, THE AUTHOR, OR GLUU SHALL BE LIABLE FOR ANY CLAIMS OR DAMAGES CAUSED DIRECTLY OR INDIRECTLY TO ANY PROPERTY OR LIFE WHILE INSTALLING OR USING THE RELEASE.

What's new in version 2.4.2

oxAuth

  1. Fixed: UMA ticket invalidation #179

2.4.1

8 years ago

Notice

This document, also known as the Gluu Release Note, relates to the Gluu Release versioned 2.4.1. The work is licensed under “The MIT License” allowing the use, copy, modify, merge, publish, distribute, sub-license and sale without limitation and liability. This document extends only to the aforementioned release version in the heading.

UNLESS IT HAS BEEN EXPRESSLY AGREED UPON BY ANY WRITTEN AGREEMENT BEFOREHAND, THE WORK/RELEASE IS PROVIDED “AS IS”, WITHOUT ANY WARRANTY OR GUARANTEE OF ANY KIND EXPRESS OR IMPLIED. UNDER NO CIRCUMSTANCE, THE AUTHOR, OR GLUU SHALL BE LIABLE FOR ANY CLAIMS OR DAMAGES CAUSED DIRECTLY OR INDIRECTLY TO ANY PROPERTY OR LIFE WHILE INSTALLING OR USING THE RELEASE.

What's new in version 2.4.1

oxAuth

  1. Added: Device compromised mark based on U2F internal counter
  2. Added: UMA 1.0.1: JWT used for RPT #111
  3. Added: Generare password for JSF client state encrption #102
  4. Added: Auto authentication using an existing, valid session
  5. Fixed: JWT header type #109
  6. Fixed: session_id compliance with OpenID draft # 103
  7. Fixed: determination of supportedLDAPVersion attribute #105
  8. Fixed: Method to determine authorizationPage URL
  9. Fixed: Register Button Error on Login Form
  10. Fixed: client_id error handling on new authorization requests
  11. Updated: Paralled request to /oxauth/seam/resource/restv1/oxauth/authorize
  12. Updated: Richfaces JSF library version upgraded to 3.3.4.Final #101
  13. Updated: DUO Integration Script #114
  14. Updated: Check sessionUser upon acr_values change
  15. Updated: Jquery to version 1.11.4
  16. Updated: end session endpoint - post_logout_redirect_uri is optional

2.4.0

8 years ago

Notice

This document, also known as the Gluu Release Note, relates to the Gluu Release versioned 2.4.0. The work is licensed under “The MIT License” allowing the use, copy, modify, merge, publish, distribute, sub-license and sale without limitation and liability. This document extends only to the "oxAuth" component of Gluu Server

UNLESS IT HAS BEEN EXPRESSLY AGREED UPON BY ANY WRITTEN AGREEMENT BEFOREHAND, THE WORK/RELEASE IS PROVIDED “AS IS”, WITHOUT ANY WARRANTY OR GUARANTEE OF ANY KIND EXPRESS OR IMPLIED. UNDER NO CIRCUMSTANCE, THE AUTHOR, OR GLUU SHALL BE LIABLE FOR ANY CLAIMS OR DAMAGES CAUSED DIRECTLY OR INDIRECTLY TO ANY PROPERTY OR LIFE WHILE INSTALLING OR USING THE RELEASE.

What's new in version 2.4.0

oxAuth

  1. Enhanced logout capabilities based on the new OpenID Connect draft for HTTP front channel logout 2 .Support for persistent pairwise identifiers in OpenID Connect
  2. Support for private key OAuth2 client authentication #88
  3. Added support for OAuth 2.0 Form Post Response Mode #33
  4. Added ability to request PAT, AAT with client secret jwt
  5. Added meta tag for Internet Explorer compatability
  6. Added simple TokenRequest builder to simplify request construction for PAT/AAT
  7. Changed RDN of authorization_code grant #66
  8. Refresh token not persisted if token lifetime is 0
  9. Persist Authorizations by Person #83
  10. Script engine logs separated to new log file #77
  11. Skip client during html page construction if logout_uri is blank
  12. Added wikid person authentication module
  13. Disabled org.xdi.oxauth.ws.rs.ClientAuthenticationFilterEmbeddedTest.requestAccessTokenCustomClientAuth3
  14. Session not required to call logout.xhtml
  15. Fixed gplus login form
  16. Fixed various issues in front channel logout
  17. Fixed various issues with JWKs endpoints
  18. Cookie removed on session end if authorization grant is successfully identified by id_token_hint
  19. Pass client_id for PRIVATE_KEY_JWT authentication method
  20. Pass client_id parameter for PRIVATE_KEY_JWT

2.3.5

8 years ago

Notice

This document, also known as the Gluu Release Note, relates to the Gluu Release versioned 2.3.5. The work is licensed under “The MIT License” allowing the use, copy, modify, merge, publish, distribute, sub-license and sale without limitation and liability. This document extends only to the aforementioned release version in the heading.

What's New?

  1. Allow SCIM to use custom attributes
  2. Allow to change user uid via SCIM API
  3. Render ldapURL value in attribute-resolver.xml and login.config properly if there are ore than 1 LDAP server
  4. Allow access to SCIM only users wich belong to manager group.
  5. Disable SCIM by default