Revisions of apache2-mod_auth_openidc
buildservice-autocommit
accepted
request 677627
from
Kristyna Streitova (kstreitova)
(revision 9)
baserev update by copy to link target
Kristyna Streitova (kstreitova)
accepted
request 677609
from
Martin Hauke (mnhauke)
(revision 8)
------------------------------------------------------------------ - Update to version 2.3.10.2 * fix XSS vulnerability CSNC-2019-001 wrt. poll parameter in OIDC Session Management RP iframe * fix bug in current URL detection where query parameters would be duplicated * fix warning printout in oidc_delete_oldest_state_cookies * fix encryption buffer tag length mismatch * retain the unparsed URL path in current/original URL determination, and thereby preserve and support URL-encoded characters in paths when redirecting back to the original URL * add state to code exchange token requests only in multi-provider setups * optionally delete the oldest state cookie(s) * add support for refreshing an access token associated with an OIDC session using OIDCRefreshAccessTokenBeforeExpiry * fix parsing of cookie name in OIDCOAuthAcceptTokenAs when the cookie option is not listed last * fix OAuth 2.0 RS config check when OIDCOAuthServerMetadataURL is set * add support for draft https://www.ietf.org/id/draft-ietf-oauth-mtls-12.txt OAuth 2.0 Mutual TLS Client Certificate Bound Access Tokens when running as an OAuth 2.0 RS, validating cnf["x5t#S256"] claims. * ignore/trim spaces in X-Forwarded-* headers * deal with forwarding proxy setups * improve OIDC backchannel logout based on config/Discover * add OIDCProviderBackChannelLogoutSupported config primitive * parse/interpret `backchannel_logout_supported` in Discovery document * add `id_token_token_binding_cnf`: `tbh` to dynamic client registration metadata * support backchannel logout according to:
buildservice-autocommit
accepted
request 670308
from
Kristyna Streitova (kstreitova)
(revision 7)
baserev update by copy to link target
Kristyna Streitova (kstreitova)
accepted
request 670307
from
Kristyna Streitova (kstreitova)
(revision 6)
- submission to SLE15SP1 because of fate#324447
buildservice-autocommit
accepted
request 653617
from
Factory Maintainer (factory-maintainer)
(revision 5)
baserev update by copy to link target
Dominique Leuenberger (dimstar_suse)
accepted
request 645516
from
Kristyna Streitova (kstreitova)
(revision 4)
initialized devel package after accepting 645516
Petr Gajdos (pgajdos)
accepted
request 649646
from
Kristyna Streitova (kstreitova)
(revision 3)
- build with hiredis only for openSUSE where hiredis is available - add a version for jansson BuildRequires
Kristyna Streitova (kstreitova)
accepted
request 645513
from
Kristyna Streitova (kstreitova)
(revision 2)
- update to 2.3.8 - changes in 2.3.8 * fix return result FALSE when JWT payload parsing fails * add LGTM code quality badges * fix 3 LGTM alerts * improve auto-detection of XMLHttpRequests via Accept header * initialize test_proto_authorization_request properly * add sanity check on provider->auth_request_method * allow usage with LibreSSL * don't return content with 503 since it will turn the HTTP status code into a 200 * add option to set an upper limit to the number of concurrent state cookies via OIDCStateMaxNumberOfCookies * make the default maximum number of parallel state cookies 7 instead of unlimited * fix using access token as endpoint auth method in introspection calls * fix reading access_token form POST parameters when combined with `AuthType auth-openidc` - changes in 2.3.7 * abort when string length for remote user name substitution is larger than 255 characters * fix Redis concurrency issue when used with multiple vhosts * add support for authorization server metadata with OIDCOAuthServerMetadataURL as in RFC 8414 * refactor session object creation * clear session cookie and contents if cache corruption is detected * use apr_pstrdup when setting r->user * reserve 255 characters in remote username substition instead of 50 - changes in 2.3.6
Petr Gajdos (pgajdos)
accepted
request 603961
from
Vítězslav Čížek (vitezslav_cizek)
(revision 1)
New package. This module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Requested in fate#323817.
Displaying revisions 61 - 69 of 69