Release notes
Dependency updates
Underlying dependencies have been updated extensively. Local customizations may be affected.
OIDC improvement / updates
Correct behaviour in regards to "prompt=none"
When prompt=none is sent by the RP and the session is not authenticated the request is sent back in accordance to https://openid.net/specs/openid-connect-core-1_0.html#AuthError
Guide update
When setting up an OIDC OP the scenario now produces a jwks_uri based on the defined authorization endpoint URL domain + tenantID. (Same pattern as token_endpoint) .
Guide update
The kid param of the valve is now automatically set based on the selected keystore for the jwt signing.
Guide update
Token endpoint is now constructed using tenant in URI. Previously the tenant was put as a parameter in the query string.
Guide update
Scenario configurations creates a jwt with a proper "amr" configuration. Data type now is array.
JWKS response update
Removed “alg“ from jwks response. The parameter is optional. Sign algos should be configured in the “well-known/openid-configuration“ response. Currently defaults to RS256 which is the only alg supported.
New error handling for prompt_none - return with POST
When sending error response back when violating the promt=none request. The response must be sent back using HTTP - POST.
Changed behavior of OIDC scenarios
Most if the OIDC scenarios have been disabled for new creation. Already added scenarios remain and can be edited.
It is now recommended to use the OIDC->SAML Identity Provider scenario. Using this scenario provides accessibility to all authentication methods included in the platform. Using this scenario also makes it feasible to use already added SAML Identity Providers, both internal and external.
Added friendly name displaying SAML idp
When selecting an idp from a drop down the display name has bee added for clarity.
FrejaEIDSAML relying party id added
FrejaEIDSAML now support the property relyingPartyId facilitating MSP scenarions.
Compression added to some HTTP resources
Added support for Gzip compression when serving static files if user agent suports.
Disable logging for org.opensaml.xml in log4j2.xml
New default behaviour for open saml xml handling logging. Default now is OFF.