...
This is a feature release accompanying a new version of the OIDC commons library along with some general improvements and minor bug fixes. It is the first release that requires Shibboleth IdP 5.0.0 or later. Previous versions of the plugin are not compatible with IdP 5.
...
In addition to the request validation against client metadata (JSON or SAML), the plugin now supports validation against a policy for unregistered clients. A policy is used for validating the incoming client ID, scope, redirection URI, and response type parameters or their subsets, depending on the endpoint where the validation is done. If the request is compliant with the policy, the unverified profile configuration is applied. The validation against policy is only performed with the unverified profile configurations (see shibboleth.UnverifiedRelyingParty in RelyingPartyConfiguration ). The verified profile configurations (shibboleth.DefaultRelyingParty and shibboleth.RelyingPartyOverrides) still require the registered client metadata in the same way as before.
...
idp.oidc.ResponseHeaderFilter: it It was related to the now removed custom response header filter
idp.oidc.refreshToken.defaultLifetime: already deprecated in version 3.3.0, use idp.oidc.refreshToken.defaultTimeout instead
...
shibboleth.oidc.Conditions.MetadataValueEquals: an a utility bean to be used for instance with activation conditions to match if a specific metadata claim contains a specific value
shibboleth.oidc.PlainRequestObjectClaimsValidation: if If defined, it will be used for the validation of unsigned request objects
shibboleth.oidc.SignedRequestObjectClaimsValidation: if If defined, it will be used for the validation of signed request objetsobjects
3.4.0 (May 15, 2023)
| Jira Legacy | ||||||||
|---|---|---|---|---|---|---|---|---|
|
...