4.350.v347c3b_8b_9d95

💥 Breaking changes

• rework configuration of the plugin (#399) @jtnord

Important

The configuration format is backwards compatible with previous versions, but the casc format is not.

configuration of the provider side has been moved into a serverConfiguration section and split to 2 different types wellKnown for configuration via a auto discovery and manual for manual configuration.
e.g.
for manual configuration:

securityRealm:
   oic:
    serverConfiguration:
       manual:
         authorizationServerUrl: https://url.example.com/authorize
         jwksServerUrl: https://jwks.example.com/jwks
         tokenAuthMethod: client_secret_post
         tokenServerUrl: https://token.example.com/token
         scopes: scopes

and for auto configuration:

 securityRealm:
   oic:
     serverConfiguration:
       wellKnown:
         wellKnownOpenIDConfigurationUrl: https://idp.example.com:/someRealm/.well-known/openid-configuration

Caution

it has been reported #412 that very old configuration may not be migrated correctly.
it is therefore recommended to explicitly save the configuration in ${JENKINS_URL}/manage/configureSecurity/ before upgrading if the configuration has not been changed recently and you are not using Config-as-Code to manage the settings

✍ Other changes

• use batch mode for running maven (#400) @jtnord

4.346.v10401f543622

🐛 Bug fixes

• Compare username based on ID strategy on token refresh (#394) @eva-mueller-coremedia

4.340.ve70636c6590e

🚀 New features and improvements

• Allow access using a Jenkins API token without an OIDC Session (#386) @mikecirioli

4.331.vd925b_f76f3a_c

👷 Changes for plugin developers

• POM cleanup (#390) @basil

4.330.v6fdfc07513e3

👷 Changes for plugin developers

• Forward compatibility with jenkinsci/jenkins#7268 (#389) @basil

4.329.v994d3f265d68

👷 Changes for plugin developers

• Update SCM URL (#388) @basil

4.324.vfd49d010926b_

🐛 Bug fixes

• Fix calculation of expiration timestamp (#359) @mprausa

4.320.v23537cb_a_b_5c6

🚀 New features and improvements

• Add support for Microsoft AD FS (#368) @jtnord

🚦 Tests

• Make hashcode test really useful (#373) @Vlatombe

4.303.v84089a_708ea_7

🐛 Bug fixes

• Fix redirect loop when oic credentials have expired but jenkins session is still valid (#357) @mikecirioli

4.299.v5ca_eb_6a_f3e6d

🐛 Bug fixes

• Stop persisting OicSession in HTTP session when only OIDC state is required (#353) @Vlatombe