baserev update by copy to link target

• Files Changed
• Browse Source

------------------------------------------------------------------
- Update to version 2.3.10.2
  * fix XSS vulnerability CSNC-2019-001 wrt. poll parameter in
    OIDC Session Management RP iframe
  * fix bug in current URL detection where query parameters would
    be duplicated
  * fix warning printout in oidc_delete_oldest_state_cookies
  * fix encryption buffer tag length mismatch
  * retain the unparsed URL path in current/original URL determination,
    and thereby preserve and support URL-encoded characters in paths
    when redirecting back to the original URL
  * add state to code exchange token requests only in multi-provider
    setups
  * optionally delete the oldest state cookie(s)
  * add support for refreshing an access token associated with an
    OIDC session using OIDCRefreshAccessTokenBeforeExpiry
  * fix parsing of cookie name in OIDCOAuthAcceptTokenAs when the cookie
    option is not listed last
  * fix OAuth 2.0 RS config check when OIDCOAuthServerMetadataURL is set
  * add support for draft https://www.ietf.org/id/draft-ietf-oauth-mtls-12.txt
    OAuth 2.0 Mutual TLS Client Certificate Bound Access Tokens when
    running as an OAuth 2.0 RS, validating cnf["x5t#S256"] claims.
  * ignore/trim spaces in X-Forwarded-* headers
  * deal with forwarding proxy setups
  * improve OIDC backchannel logout based on config/Discover
  * add OIDCProviderBackChannelLogoutSupported config primitive
  * parse/interpret `backchannel_logout_supported` in Discovery document
  * add `id_token_token_binding_cnf`: `tbh` to dynamic client registration
    metadata
  * support backchannel logout according to:

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- submission to SLE15SP1 because of fate#324447

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

initialized devel package after accepting 645516

• Files Changed
• Browse Source

- build with hiredis only for openSUSE where hiredis is available
- add a version for jansson BuildRequires

• Files Changed
• Browse Source

- update to 2.3.8
- changes in 2.3.8
  * fix return result FALSE when JWT payload parsing fails
  * add LGTM code quality badges
  * fix 3 LGTM alerts
  * improve auto-detection of XMLHttpRequests via Accept header
  * initialize test_proto_authorization_request properly
  * add sanity check on provider->auth_request_method
  * allow usage with LibreSSL
  * don't return content with 503 since it will turn the HTTP
    status code into a 200
  * add option to set an upper limit to the number of concurrent
    state cookies via OIDCStateMaxNumberOfCookies
  * make the default maximum number of parallel state cookies
    7 instead of unlimited
  * fix using access token as endpoint auth method in
    introspection calls
  * fix reading access_token form POST parameters when combined
    with `AuthType auth-openidc`
- changes in 2.3.7
  * abort when string length for remote user name substitution
    is larger than 255 characters
  * fix Redis concurrency issue when used with multiple vhosts
  * add support for authorization server metadata with
    OIDCOAuthServerMetadataURL as in RFC 8414
  * refactor session object creation
  * clear session cookie and contents if cache corruption is detected
  * use apr_pstrdup when setting r->user
  * reserve 255 characters in remote username substition instead of 50
- changes in 2.3.6

• Files Changed
• Browse Source

New package.

This module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Requested in fate#323817.

• Browse Source