I’m happy to announce the release of the OpenID Connect provider and authenticator in version 1.31.
This release happens shortly after the release of OpenID 1.30, with an important fix and a major improvement :
- OIDC-122 - OIDCClientConfiguration cannot be found in a subwiki allows OIDC client configurations that are defined in the main wiki to be accessible from the subwikis
- OIDC-123 - Implement relying party initiated logout now allows to select different logout mechanisms depending on the OIDC Provider configured. This also allows to implement custom logout mechanisms if your OIDC Provider has particular expectations. Two logout mechanisms are currently provided by default in the authenticator.
Note that as part of this improvement, the OIDC Authenticator will have its default login mechanism modified. Prior to 1.31, the default login mechanism was based on the authenticator performing a request to the OpenID Provider to log the user out (back-channel logout), while in 1.31, the default mechanism will redirect the user to the OpenID Provider logout page (RP-initated logout).
The default RP-initiated logout mechanism has been chosen because it has a broader support amongst popular OpenID Providers. It is possible to switch to the back-channel logout with a configuration variable.
See the documentation to learn more.