Skip to content

1.1.1

Latest
Latest
Compare
Choose a tag to compare
@hjmikkon hjmikkon released this 11 Mar 21:34
v1.1.1
5b83dbf

Fixes

ClientInformationResolvers are prematurely expiring cached keys #34
Redirect URI validation possibly throwing NPE #35
Configuration property for client secret expiration not wired #36
Claims stored to authorization code not set to access tokens #43

Features

See v1.1.0 release notes for the list of features.

Installation

The installation process is described in https://github.com/CSCfi/shibboleth-idp-oidc-extension/wiki/Installing-from-archive.

Updating from v1.1.0

  • Stop your Shibboleth IdP
  • Make a backup copy of your Shibboleth IdP home directory.
  • Remove directories flows/oidc and copy the corresponding folder with its subdirectories from the distribution archive.
    • The files flows/oidc/token/token-beans.xml and flows/oidc/register/register-beans.xml have changed.
  • Copy edit-webapp/WEB-INF/lib contents from the archive to replace the current edit-webapp/WEB-INF/lib contents
  • Remove v1.1.0 binaries and their older duplicate dependencies (from edit-webapp/WEB-INF/lib) before rebuilding the war.
    • At least the following JAR files may contain multiple versions, make sure that only the latest version exists:
      • idp-oidc-extension-api-1.*
      • idp-oidc-extension-impl-1.*
      • nimbus-jose-jwt-8.*
  • Rebuild Shibboleth IdP.
  • Start Shibboleth IdP.

Updating from v1.0.x

  • Stop your Shibboleth IdP

  • Make a backup copy of your Shibboleth IdP home directory.

  • The conf/oidc-relying-party.xml file MUST be updated

    • If you have not modified the file previously, you can copy the new version from the distribution archive over the existing file.
    • If the file contains your modifications, the following changes existing in the distribution archive conf/oidc-relying-party.xml file need to be merged:
      • OIDC.SSO bean definition has two new parameters: p:forcePKCE and p:allowPKCEPlain
      • OAUTH2.Introspection bean (bean id="OAUTH2.Introspection") definition has been added

  • The following two new configuration properties may be set in conf/idp-oidc.properties. Examples are shown in distribution archive conf/idp-oidc.properties file

    • idp.oidc.forcePKCE and idp.oidc.allowPKCEPlain, both defaulting to false.

  • Remove directories flows/oidc and flows/oauth2, and copy the corresponding folders from the distribution archive. The contents of both directories have changed.

  • Copy edit-webapp/WEB-INF/lib contents from the archive to replace the current edit-webapp/WEB-INF/lib contents

  • Remove v1.0.x binaries and their dependencies (from edit-webapp/WEB-INF/lib) before rebuilding the war.

    • At least the following JAR files may contain multiple versions, make sure that only the latest version exists:
      • gson-2.8.*
      • idp-oidc-extension-api-1.*
      • idp-oidc-extension-impl-1.*
      • nimbus-jose-jwt-8.*

  • Rebuild Shibboleth IdP.

  • Start Shibboleth IdP.

Assets 4
Loading