OpenAM 14.5.1 Released
Download
What’s new
Improvements
- Added XUI support to reCaptcha authentication Module
- Added Servlet 4+ support
- Added columns to sessions table in admin console
- Additional logging while using Windows SSO authentication module
- Removed network STS call for token verification
- Decreased maximum frequency with which the access time in the repository will be updated.
- Use the device code grant type as defined in RFC8628 [2]
- Advertise the device flow authorization endpoint in OIDC metadata [2]
- Add a validator to verify the count of lowercase letters in password fields [2]
- Allow running in Docker with a volume for configuration [4]
- Add logging gz compression and change default suffix to
-MM.dd.yy-kk.mm.gz
- Add “status” claim in JWT token
- Significant performance improvements
Fixes
- Fixed ForgeRock AM/OpenAM Security Advisory 201801-03 [1]
- Fixed CVE-2019-17495 vulnerability
- OAuth consent page ignores Accept-Language [1]
- If the state parameter is passed to the logout handler, it should be returned to the RP [2]
- When nonce is not returned in the id_token when using stateless tokens and request_type=code [2]
- The OIDC device flow RFC says the parameter should be called verification_uri [2]
- OIDC Device Flow does not work when implicit consent is allowed [2]
- Fixed user search by realm
- SAML2 module only works when it’s the first item in chain [2]
- Fix create-realm via cli [3]
- Correctly retrieve username from the ssoToken [2]
All changes
Thanks for the contibutions
1. https://github.com/openam-jp
2. Luca Leonardo Scorcia
3. Ryan Cogswell
4. Martijn van de Streek