Client change log

Here is the log for changes to the OA4MP client.

3.2

  • OAUTH-185: Support for custom scopes and additional claims.
  • OAUTH-186: Improved error handling and validation in client registration form.
  • OAUTH-188: Fixed broken links in the getting-started page.
  • CIL-216: Updated documentation for registration and clarified what the refresh token lifetime field means.

3.1.1

  • OAUTH-178: document setting endpoints in the configuration.

3.0

  • OAUTH-167: Change keypair default lifetime to 0.

1.2

  • Updated documentation to accurately reflect OAuth 2 client registration process.
  • OAUTH-150: Added support to configuration for secret element.

1.1.3

  • OAUTH-142: Clients can now specify how often to generate a keypair to be used in generating certification requests. Until now, every such request was generated using a fresh keypair. However, if clients are put under very heavy load generating such keypairs can slow response times drastically. It is now configurable how often to re-generate the keypair. The option of setting it to zero will cause a new keypair to be generated every time, as per previous versions. The default is to regenerate the keypair once every 24 hours which should be adequate for all installations.
  • OAUTH-145, OAUTH-146: Session cross-over bug. If a user started to get a certificate repeatedly but did not finish, then JSP would create a new JSESSIONID for each attempt. Subsequent attempts might have returned an incorrect session (browser dependant) which may or may not be valid. This gave extremely intermittent failures that were hard to reproduce.
  • OAUTH-147: Potential cleanup thread failure with a filestore. If a filestore is used and one of the files is corrupted (e.g. due to a system crash at the time of writing it) then the cleanup thread would fail to start. Now such corrupted files are simply logged in catalina.out and ignored otherwise.
  • OAUTH-148: Maria DB support is now implemented.

1.1.2

  • OAUTH-128: Java SNI (Server Name Indication) is supported in Java 7 (required for this release of OA4MP) but the underlying Apache SSL libraries did not support it. These have been upgraded.
  • OAUTH-135: Failure in authentication were not displaying the correct message. They should route the user back to the login page for another attempt.
  • OAUTH-137: Documentation for cert lifetime configuration parameter was incorrect and the default of zero has been changed to 12 hours.

1.1.1

  • Added an FAQ section to the website.
  • OAUTH-105:Added support for file includes to configuration files.
  • OAUTH-105: Added checks to prevent cycles in aliases and files
  • OAUTH-107: An exception is thrown on the client side if the protocol is not https. The fixes a low-level OAuth bug that would happen if the server redirected from http to https.
  • OAUTH-110: All clients may now specify a keystore (or more) to use when connecting to an OA4MP server.

1.1

  • Added support to make showing redirect optional for clients.
  • Added ability to specify pages in the client servlet via configuration. There are three of them. A general error page, a page showing the successful completion of getting a cert and finally a page where the redirect -- if showing the redirct page is enabled -- is located. All of these are paths relative to the web app itself.

1.0.7

Added support to make using log 4j optional. It had been disabled that interfered with some installations.

1.0.6

  • Fixed OAUTH-77: Added the ability to override the callback URI on a per request basis
  • Storage support, either via the file system or a database which allows for persistent storage so that delegated credentials may be used in other applications.
  • Improved handling of errors
  • Version number is printed at each server startup.
  • Added support for automatically cleaning up the asset store
  • Many documentation updates to 1.0.6.
  • Added signatures for the lastest downloadable war.

1.0.5

  • The sample client now shows the generated private key on the redirect page.
  • Due to limited proxy support being added in the 1.0.5 server, the client now can display a complete certificate chain rather than a single cert.

Last modified 09/22/16.
©2000-2013 Board of Trustees of the University of Illinois.