Underlying dependencies have been updated extensively. Local customizations may be affected.
When prompt=none is sent by the RP and the session is not authenticated the request is sent back in accordance to https://openid.net/specs/openid-connect-core-1_0.html#AuthError
When setting up an OIDC OP the scenario now produces a jwks_uri based on the defined authorization endpoint URL domain + tenantID. (Same pattern as token_endpoint) .
The kid param of the valve is now automatically set based on the selected keystore for the jwt signing.
Token endpoint is now constructed using tenant in URI. Previously the tenant was put as a parameter in the query string.
Scenario configurations creates a jwt with a proper "amr" configuration. Data type now is array.
Removed “alg“ from jwks response. The parameter is optional. Sign algos should be configured in the “well-known/openid-configuration“ response. Currently defaults to RS256 which is the only alg supported.
When sending error response back when violating the promt=none request. The response must be sent back using HTTP - POST.
Most if the OIDC scenarios have been disabled for new creation. Already added scenarios remain and can be edited.
It is now recommended to use the OIDC->SAML Identity Provider scenario. Using this scenario provides accessibility to all authentication methods included in the platform. Using this scenario also makes it feasible to use already added SAML Identity Providers, both internal and external.
When selecting an idp from a drop down the display name has bee added for clarity.
FrejaEIDSAML now support the property relyingPartyId facilitating MSP scenarions.
Added support for Gzip compression when serving static files if user agent suports.
New default behaviour for open saml xml handling logging. Default now is OFF.