OpenAM 14.6.2 Released
What’s new
Improvements
- Removed OpenDJ git submodule
- Changed default notification expiration time in IdRepo for JAX-RPC interface
- Updated Apache Cassandra version
- Increase Cassandra DataStore perfomance: replace secondary indexes with materialized views
- Added RS384, RS512, ES256, ES384, ES512 STS signature types
- Added allow STS claim mapping for empty+null (remove) and constants with quotes “”
- Allow use DMZ host without domain
- Allow ignore status in STS claim-maps
- WindowsDesktopSSO allow fallback from Kerberos if SUFFICIENT module in service chain
- Allowed to configure embedded cassandra path
- Improved generateSessionId perfomance (exclude search by handle)
- Improved session quota exhaustion performance: replace parallel execution with thread pool
- Migration to Apache Cassandra 4
- Added MD5 hash digest password encryption for Mysql IDP data store
- Added kid (key alias) to JWS STS tokens
- Add encryption to sensitive CTS data: SESSION_ID + SESSION_HANDLE
- Modified login check for selfService, this correct making it disapear on stage 2
Fixes
- JWT is always considered invalid
- OpenID Connect - Wrong condition in CheckSession
- Fixed CVE-2019-10172: A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries
Thanks for the contributions
2. Andrea