Skip to content

Releases: jenkinsci/oic-auth-plugin

4.438.v6e62f6782770

09 Dec 12:26
6e62f67
Compare
Choose a tag to compare

🚀 New features and improvements

📦 Dependency updates

4.421.v5422614eb_e0a_

13 Nov 20:17
5422614
Compare
Choose a tag to compare

4.418.vccc7061f5b_6d

24 Oct 14:34
ccc7061
Compare
Choose a tag to compare

🚀 New features and improvements

🐛 Bug fixes

  • Resuse the original user principal to avoid crumb issues. (#426) @jtnord

📝 Documentation updates

  • fix plugin documentation of plugin configuration for endSessionEndpoint (#439) @sstoffregen

4.411.v990b_9d36e74e

14 Oct 10:03
990b9d3
Compare
Choose a tag to compare

🐛 Bug fixes

4.409.ve864b_f48b_0f3

14 Oct 07:47
Compare
Choose a tag to compare

🚀 New features and improvements

🐛 Bug fixes

👻 Maintenance

🚦 Tests

✍ Other changes

4.388.v4f73328eb_d2c

10 Oct 21:58
4f73328
Compare
Choose a tag to compare

💥 Breaking changes

Caution

The plugin now requires that the Issuer is set to enforce security and there is no option to disable this requirement as it is mandated in the Open ID Connect specification.
As such users who do not use automatic configuration via the well-known endpoint must first update to 4.355.v3a_fb_fca_b_96d4 and configure the Issuer before updating to this version.
Failure to do so will result in users unable to login, or Jenkins failing to start.

Caution

if using manual configuration and a JWKS Server URL has not been specified then either disable token validation will need to be enabled or the JWKS Server URL will need to be set before upgrading to this version.
Failure to do so will result in users unable to login.

Warning

The option to send the scopes when requesting the access token has been removed (although is still present in the UI). Users of non conformant OPs that require this functionality should remain on the previous version until the Open ID Connect Originating Party (often referred to as the iDP) fixes their implementation.

📝 Documentation updates

4.371.vc7c0c06e8a_f5

08 Oct 11:13
c7c0c06
Compare
Choose a tag to compare

🐛 Bug fixes

📝 Documentation updates

4.355.v3a_fb_fca_b_96d4

02 Oct 13:47
Compare
Choose a tag to compare

🔒 Security fixes

  • Fix SECURITY-3441 (1, 2).

Important

When using the "Manual entry" configuration mode, the new "Issuer" field must be populated after updating to protect from this issue. When using "Discovery via well-known endpoint", the Issuer will be set automatically.

4.354.v321ce67a_1de8

20 Sep 16:54
321ce67
Compare
Choose a tag to compare

🐛 Bug fixes

👻 Maintenance

4.350.v347c3b_8b_9d95

19 Sep 10:09
347c3b8
Compare
Choose a tag to compare

💥 Breaking changes

Important

The configuration format is backwards compatible with previous versions, but the casc format is not.

configuration of the provider side has been moved into a serverConfiguration section and split to 2 different types wellKnown for configuration via a auto discovery and manual for manual configuration.
e.g.
for manual configuration:

securityRealm:
   oic:
    serverConfiguration:
       manual:
         authorizationServerUrl: https://url.example.com/authorize
         jwksServerUrl: https://jwks.example.com/jwks
         tokenAuthMethod: client_secret_post
         tokenServerUrl: https://token.example.com/token
         scopes: scopes

and for auto configuration:


 securityRealm:
   oic:
     serverConfiguration:
       wellKnown:
         wellKnownOpenIDConfigurationUrl: https://idp.example.com:/someRealm/.well-known/openid-configuration

Caution

it has been reported #412 that very old configuration may not be migrated correctly.
it is therefore recommended to explicitly save the configuration in ${JENKINS_URL}/manage/configureSecurity/ before upgrading if the configuration has not been changed recently and you are not using Config-as-Code to manage the settings

✍ Other changes