34 lines
1.6 KiB
Text
34 lines
1.6 KiB
Text
|
== RH-SSO 7.2
|
||
|
|
|
||
|
|
The following changes have occurred from RH-SSO 7.1 to RH-SSO 7.2.
|
||
|
|
|
||
|
|
=== New Password Hashing algorithms
|
||
|
|
|
||
|
|
We have added two new password hashing algorithms (pbkdf2-sha256 and pbkdf2-sha512). New realms will use the pbkdf2-sha256
|
||
|
|
hashing algorithm with 27500 hashing iterations. Since pbkdf2-sha256 is slightly faster than pbkdf2 the iterations was
|
||
|
|
increased to 27500 from 20000.
|
||
|
|
|
||
|
|
Existing realms are upgraded if the password policy contains the default value for the hashing algorithm (not specified) and
|
||
|
|
iteration (20000). If you have changed the hashing iterations, you need to manually change to pbkdf2-sha256 if you'd like
|
||
|
|
to use the more secure hashing algorithm.
|
||
|
|
|
||
|
|
=== ID Token requires scope=openid
|
||
|
|
|
||
|
|
In RH-SSO 7.0, the ID Token was returned regardless if `scope=openid` query parameter was present or not in authorization
|
||
|
|
request. This is incorrect according to the OpenID Connect specification.
|
||
|
|
|
||
|
|
In RH-SSO 7.1, we added this query parameter to adapters, but left the old behavior to accommodate migration.
|
||
|
|
|
||
|
|
In RH-SSO 7.2, this behavior has changed and the `scope=openid` query parameter is now required to mark the request as an
|
||
|
|
OpenID Connect request. If this query parameter is omitted the ID Token will not be generated.
|
||
|
|
|
||
|
|
=== Microsoft SQL Server requires extra dependency
|
||
|
|
|
||
|
|
Microsoft JDBC Driver 6.0 requires additional dependency added to the JDBC driver module. If you observe an
|
||
|
|
`NoClassDefFoundError` error when using Microsoft SQL Server please add the following dependency to your JDBC driver
|
||
|
|
`module.xml` file:
|
||
|
|
|
||
|
|
[source,xml]
|
||
|
|
----
|
||
|
|
<module name="javax.xml.bind.api"/>
|
||
|
|
----
|