OpenID Connect Relying Party and OAuth 2.0 Resource Server for Apache HTTP Server 2.x
OpenID Connect Relying Party and OAuth 2.0 Resource Server for Apache HTTP Server 2.x
- Developed at Apache:Modules
- Sources inherited from project openSUSE:Factory
-
2
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Factory:zSystems/apache2-mod_auth_openidc && cd $_
- Create Badge
Refresh
Refresh
Source Files
Filename | Size | Changed |
---|---|---|
apache2-mod_auth_openidc-2.4.4.tar.gz | 0000250879 245 KB | |
apache2-mod_auth_openidc.changes | 0000012994 12.7 KB | |
apache2-mod_auth_openidc.spec | 0000002243 2.19 KB |
Revision 11 (latest revision is 31)
Dominique Leuenberger (dimstar_suse)
accepted
request 831365
from
Petr Gajdos (pgajdos)
(revision 11)
- Update to version 2.4.4 * Security - prevent XSS and open redirect on OIDC session management OP iframe, introducing generic OIDCRedirectURLsAllowed primitive; thanks Andrew Brady - add OIDCStateCookiePrefix primitive for the state cookie prefix to anonymise the state cookie name * Bugfixes - fix double Set-Cookie behaviour when using OIDCSessionType client-cookie, calling the session info hook and writing out a session update (twice); thanks @deisser - reverse order of creating HTML response and writing the (client-type) session cookie in the session info hook so the session data is actually saved; thanks @deisser - delete state cookie when it cannot be decoded/decrypted - avoid an Apache authorisation error and HTTP 500 when logout is triggered by a different RP * Features - add conditional expression to OIDCUnAuthAction to override auto-detection of non-browser requests; see #479; thanks @raro42 and @marcstern * Other - fixes for various compiler warnings/issues (older and newer versions of GCC) - add grant_types to dynamic client registration request [OIDC conformance test suite] - don't send access_token in user info request when method is set to POST [OIDC conformance test suite] - add recommended cache headers on backchannel logout response https://openid.net/specs/openid-connect-backchannel-1_0.html#rfc.section.2.8 [OIDC conformance test suite] - allow Content-Type check on backchannel logout to have postfixes (utf-8 etc.) [OIDC conformance test suite] (forwarded request 831329 from stroeder)
Comments 0