OpenAM 14.4.2 Released
What’s new
-
Prevented errors when getting group DN while using multiple Data Stores in Realm
-
Ability to authenticate without initiating authentication process for any authentication chain, not only default
-
Enable
openam-auth-radius
module to be extended and do additional parsing and validation of the radius response packet (namely Access-Accept packet). The changes are introducing a new protected method ‘readAttributesFromResponsePacket(Packet response)’ that is called after successful authentication against the RADIUS server. The method by default is a no-op. In an extension class the developer can override the method and either read and store attributes or throw an AuthLoginException if login failure should result from additional parsing. -
Updated Apache Santuario XML for java to prevent CVE-2019-12400 security issue
-
Implemented special filter for KBA(Knowledge based authentication) which ensures that only users with an SSO Token which has Administrator-level access or the owner of the resource are allowed to access the resources protected. [1]
-
Use request locale for authentication error messages [1]
-
Added OAuth2 endpoint validation to prevent user redirection to a phishing site [1]
-
Prevented deleting authentication module instances of the same type. [1]
-
Fixed error that user remains on ‘Loading’ page if using ‘OAuth2.0/OIDC’ auth module and authId token expires[1]
-
Fixed error when JWKS endpoint returns extra null byte in modulus
-
Fixed bad link for OAuth 2.0 in Realm > Applications menu
-
Updated
How to Run After Build
chapter in README.md -
Enabled maven caching while build in Travis CI
-
Fixed other issues (more details)
References
1. Thanks to https://github.com/openam-jp community for these changes