Version 2.4.0
Notice
This document, also known as the Gluu Release Note, relates to the Gluu Release versioned 2.4.0. The work is licensed under “The MIT License” allowing the use, copy, modify, merge, publish, distribute, sub-license and sale without limitation and liability. This document extends only to the "oxAuth" component of Gluu Server
UNLESS IT HAS BEEN EXPRESSLY AGREED UPON BY ANY WRITTEN AGREEMENT BEFOREHAND, THE WORK/RELEASE IS PROVIDED “AS IS”, WITHOUT ANY WARRANTY OR GUARANTEE OF ANY KIND EXPRESS OR IMPLIED. UNDER NO CIRCUMSTANCE, THE AUTHOR, OR GLUU SHALL BE LIABLE FOR ANY CLAIMS OR DAMAGES CAUSED DIRECTLY OR INDIRECTLY TO ANY PROPERTY OR LIFE WHILE INSTALLING OR USING THE RELEASE.
What's new in version 2.4.0
oxAuth
- Enhanced logout capabilities based on the new OpenID Connect draft for HTTP front channel logout
2 .Support for persistent pairwise identifiers in OpenID Connect - Support for private key OAuth2 client authentication #88
- Added support for OAuth 2.0 Form Post Response Mode #33
- Added ability to request PAT, AAT with client secret jwt
- Added meta tag for Internet Explorer compatability
- Added simple TokenRequest builder to simplify request construction for PAT/AAT
- Changed RDN of authorization_code grant #66
- Refresh token not persisted if token lifetime is 0
- Persist Authorizations by Person #83
- Script engine logs separated to new log file #77
- Skip client during html page construction if logout_uri is blank
- Added wikid person authentication module
- Disabled org.xdi.oxauth.ws.rs.ClientAuthenticationFilterEmbeddedTest.requestAccessTokenCustomClientAuth3
- Session not required to call logout.xhtml
- Fixed gplus login form
- Fixed various issues in front channel logout
- Fixed various issues with JWKs endpoints
- Cookie removed on session end if authorization grant is successfully identified by id_token_hint
- Pass client_id for PRIVATE_KEY_JWT authentication method
- Pass client_id parameter for PRIVATE_KEY_JWT