Skip to content
This repository has been archived by the owner on Jan 4, 2025. It is now read-only.

Update to 2.4.14.4 #3

Merged
merged 910 commits into from
Dec 1, 2023
Merged

Update to 2.4.14.4 #3

merged 910 commits into from
Dec 1, 2023

Conversation

bester
Copy link

@bester bester commented Nov 15, 2023

No description provided.

zandbelt and others added 30 commits May 5, 2022 09:54
Signed-off-by: Hans Zandbelt <[email protected]>
see OpenIDC#853; thanks @studersi; bump to 2.4.11.3rc0

Signed-off-by: Hans Zandbelt <[email protected]>
Use optionally provided sid and iss parameters by the OP during front
channel logout as specified in
"OpenID Connect Front-Channel Logout 1.0 - draft 05" at
https://openid.net/specs/openid-connect-frontchannel-1_0.html.

* src/mod_auth_openidc.c::oidc_save_in_session:
     Always save the sid in the session if present as it can be used in
     the front channel logout case as well.

* src/mod_auth_openidc.c::oidc_cleanup_by_sid:
     New function to factor out some code from
     oidc_handle_logout_backchannel.

* oidc_handle_logout_request::oidc_handle_logout_request
     In case of a front channel logout where no session was provided look
     for the optional request parameters sid and iss to retrieve the
     session from the cache and clean it up. As some OP's like MS Azure
     do not provide the iss parameter as the spec mandates try to use a
     possible static provider in this case.

* oidc_handle_logout_request::oidc_handle_logout_backchannel:
     Make use of oidc_cleanup_by_sid.

* src/mod_auth_openidc.h:
     New defines for OIDC_REDIRECT_URI_REQUEST_SID and
     OIDC_REDIRECT_URI_REQUEST_ISS.
Use optionally provided sid and iss request parameters during front channel logout
fix for ipv6 hosts if logout url is set
thanks @@codemaker219; bump to 2.4.11.3rc1

Signed-off-by: Hans Zandbelt <[email protected]>
Escape periods in regular expressions for OIDCRedirectURLsAllowed documentation.
when used with array matching
closes #902; thanks @smanolache; bump to 2.4.11.3rc4

Signed-off-by: Hans Zandbelt <[email protected]>
Signed-off-by: Hans Zandbelt <[email protected]>
Signed-off-by: Hans Zandbelt <[email protected]>
Signed-off-by: Hans Zandbelt <[email protected]>
over the one returned in the frontchannel for "code token"
and "code id_token token" flows; for certification purposes

Signed-off-by: Hans Zandbelt <[email protected]>
for certification purposes

Signed-off-by: Hans Zandbelt <[email protected]>
for substitution; closes #915; bump to 2.4.11.4rc2

Signed-off-by: Hans Zandbelt <[email protected]>
* ChangeLog:
    Document change
* auth_openidc.conf
    Document the new directives
      OIDCMemCacheConnectionsMin
      OIDCMemCacheConnectionsSMax
      OIDCMemCacheConnectionsHMax
      OIDCMemCacheConnectionsTTL
* src/cache/memcache.c
    oidc_cache_memcache_post_config:
      Use the new parameters or use defaults when calling apr_memcache_server_create
* src/config.c
    oidc_set_uint32_slot:
      New function to set an apr_uint32_t value in the server config
    oidc_set_timeout_slot:
      New function to set an 32 bit uint timeout slot in the server config
    oidc_create_server_config:
      Init additional fields
    oidc_merge_server_config:
      Merge additional fields
    Declare the new directives
      OIDCMemCacheConnectionsMin
      OIDCMemCacheConnectionsSMax
      OIDCMemCacheConnectionsHMax
      OIDCMemCacheConnectionsTTL
* src/mod_auth_openidc.h
    Add new fields to struct oidc_cfg
* test/stub.c
    Add new stubs from httpd API:
      ap_mpm_query
      ap_timeout_parameter_parse
…tings

Allow setting connection pool parameters for Memcache server connections
or pull keys from the JWKS URI; for certification purposes

Signed-off-by: Hans Zandbelt <[email protected]>
zandbelt and others added 25 commits August 25, 2023 09:56
Signed-off-by: Hans Zandbelt <[email protected]>
also update github urls.  zmartzone account has been renamed OpenIDC.

[sc-27050]
see #1111; thanks @brandonk10; bump to 2.4.14.4rc0

Signed-off-by: Hans Zandbelt <[email protected]>
in 1cf0a98 when using OIDCRefreshAccessTokenBeforeExpiry

Signed-off-by: Hans Zandbelt <[email protected]>
when using OIDCPassClaimsAs <any> latin1; bump to 2.4.14.4rc1

Signed-off-by: Hans Zandbelt <[email protected]>
to customize the POST preservation/restore process
bump to 2.4.14.4rc3

Signed-off-by: Hans Zandbelt <[email protected]>
and use it instead of global locking for Redis caching

Signed-off-by: Hans Zandbelt <[email protected]>
to avoid parsing JSON on each request; bump to 2.4.14.4rc4

Signed-off-by: Hans Zandbelt <[email protected]>
free the parsed id_token that is returned; bump to 2.4.14.4rc5

Signed-off-by: Hans Zandbelt <[email protected]>
Signed-off-by: Hans Zandbelt <[email protected]>
@bester bester changed the base branch from globus to master November 15, 2023 20:04
@bester bester requested a review from JasonAlt November 15, 2023 21:15
@bester bester merged commit 7c4034c into master Dec 1, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.