OpenAM 14.5.1 Released

What’s new

Added XUI support to reCaptcha authentication Module
Added Servlet 4+ support
Added columns to sessions table in admin console
Additional logging while using Windows SSO authentication module
Removed network STS call for token verification
Decreased maximum frequency with which the access time in the repository will be updated.
Use the device code grant type as defined in RFC8628 ^[2]
Advertise the device flow authorization endpoint in OIDC metadata ^[2]
Add a validator to verify the count of lowercase letters in password fields ^[2]
Allow running in Docker with a volume for configuration ^[4]
Add logging gz compression and change default suffix to -MM.dd.yy-kk.mm.gz
Add “status” claim in JWT token
Significant performance improvements

Fixed ForgeRock AM/OpenAM Security Advisory 201801-03 ^[1]
Fixed CVE-2019-17495 vulnerability
OAuth consent page ignores Accept-Language ^[1]
If the state parameter is passed to the logout handler, it should be returned to the RP ^[2]
When nonce is not returned in the id_token when using stateless tokens and request_type=code ^[2]
The OIDC device flow RFC says the parameter should be called verification_uri ^[2]
OIDC Device Flow does not work when implicit consent is allowed ^[2]
Fixed user search by realm
SAML2 module only works when it’s the first item in chain ^[2]
Fix create-realm via cli ^[3]
Correctly retrieve username from the ssoToken ^[2]