A short update on various tasks in progress…
Firstly, a reminder that IdP V4 will be EOL as of September 1, just a couple of weeks off. There likely will not be another V4 patch at this point, barring something serious.
We discovered a fairly serious bug warranting an IdP V5 patch release, so that was completed. It was not a security issue, but deployments that do not use the shipping defaults for managing client sessions via HTML Storage would have been prone to more frequent re-authentication due to cookie issues, which some had been reporting anecdotally. A decent backlog of other small issues had been accumulating as well.
The first version of After identifying some last minute issues, the WebAuthn plugin will be available shortly, probably later this week. It has not seen much testing, but getting it “done” officially is the best way to find the problems so if this is something you’re interested in, please take a look once it’s availablein a “release candidate” state after today, for testing. The final release of 1.0 will be at the end of this month.
A new version of the OIDC OP plugin should be coming soonish, most of the major tasks are nearing completion. Tha major features are advanced capabilities like PAR and DPoP support. Work on OpenID Federation support will commence once that’s complete.
...