Apache Linux Integration Kit

Changelog

  • The following is the change history for the Apache Linux Integration Kit.

Apache Linux Integration Kit 4.1.1 – August 2022

  • Fixed an issue that could cause an error with specific string length for the cookie name.

Apache Linux Integration Kit 4.1 – June 2022

  • Reimplemented fragment preservation with a new approach.

Apache Linux Integration Kit 4.0 – January 2022

  • Added support for:

    • Red Hat Enterprise Linux 8

    • Canonical Ubuntu 18.04

    • Canonical Ubuntu 20.04

  • Ended support for:

    • Red Hat Enterprise Linux 6

    • Canonical Ubuntu 14.04

    • Canonical Ubuntu 16.10

  • Updated OpenSSL version used to 1.1.1 for Red Hat Enterprise Linux 7.

  • Improved redirect handling. When users are redirected back from PingFederate after a flow, the Apache Linux Integration Kit Agent can now preserve fragments in the URI such as #MyHomePage. This behavior can be enabled with the PingFederateEnableFragmentPreservation setting in the mod_pf.conf configuration file.

Apache Linux Integration Kit 3.3.5 – November 2021

  • Improved the way the adapter handles browser cookie attributes and expired cookies.

  • Removed the OpenToken Adapter from the .zip archive. The latest version is available in the Java Integration Kit. Learn more in Updating the OpenToken Adapter.

  • Changed to a standardized .zip file structure to make automated deployments easier.

Apache Linux Integration Kit 3.3.4 – September 2020

  • Fixed an issue that could insert bad characters into legacy cookie names.

Apache Linux Integration Kit 3.3.3 – January 2020

  • Added support for the SameSite cookie flag in web browsers.

Apache Linux Integration Kit 3.3.2 – July 2018

  • Read cookie HTTP request header case insensitively.

  • Remove module info from Server HTTP response header.

Apache Linux Integration Kit 3.3.1 – February 2018

  • Added support for Amazon Web Services Application Load Balancer.

  • Resolved URL encoding issue with special characters.

Apache Linux Integration Kit 3.3 – July 2017

  • Removed support for Red Hat Enterprise Linux 5.

  • Improved encoding of query parameters.

  • Improved cookie name parsing.

Apache Linux Integration Kit 3.2.1 – February 2017

  • Resolved issue retrieving session token.

Apache Linux Integration Kit 3.2 – January 2017

  • Query Parameters are encoded properly.

  • Added support for the HttpOnly flag on cookies. HttpOnly prevents the cookie from being intercepted or manipulated. This mitigates a significant portion of vulnerabilities like cross-site scripting (XSS) that the cookie would otherwise be susceptible to. This ensures the Apache Agent’s behavior and security considerations are consistent with behavior for other adapters and agents. Refer to the PingFederateCookieHttpOnly option in the provided sample configuration mod_pf.conf.

  • Added support for disabling virtual hosts by port value.

  • Added support for Ubuntu 16.10.

  • Bug fixes.

Apache Linux Integration Kit 3.1 – June 2016

  • Added support for Oracle HTTP Server.

Apache Linux Integration Kit 3.1 – April 2015

  • Added support for Apache 2.2 on Red Hat Enterprise Linux 5.0 (64-bit).

  • (Performance enhancement) OpenToken lookup was optimized.

  • Fixed security vulnerability.

Apache Linux Integration Kit 3.0.1 – December 2014

  • Added Apache 2.4 support for Red Hat Enterprise Linux 7.0 and Ubuntu 14.04.

  • (Bug Fix) The Apache Agent properly handles directories containing spaces.

Apache Linux Integration Kit 3.0 – May 2014

  • Added support for Red Hat Enterprise Linux 6.5.

  • Added ability to specify custom configurations for virtual hosts.

  • Added ability in agent configuration file (mod_pf.conf) to expose OpenToken attributes for unprotected resources.

  • Added support for the Allow/Deny directives in combination with Satisfy Any to achieve IP allow or deny directives.

Apache Linux Integration Kit 2.4.1 – June 2013

  • Added support for Apache Server version 2.4.

Versions 2.3.7 through 2.4 were skipped for internal configuration management.

Apache Linux Integration Kit 2.3.6 – March 2013

  • Added support for Ubuntu 12.04 LTS.

  • Added support for Apache Server version 2.2.

Apache Linux Integration Kit 2.3.1 – December 2012

  • Updated to address security issue found since the previous release.

  • Added support for OpenToken 2.5.1 Adapter and the OpenToken 2.5.1 Agent.

Apache Linux Integration Kit 2.3 – December 2011

  • Added ability in agent configuration file (mod_pf.conf) to disable the Apache Agent for specified Virtual Hosts.

  • Added ability in mod_pf.conf to specify the Cache-Control HTTP header value.

  • (Bug fix) Added unescaping of single and double quotes in the attribute values. These are exposed to the application through the HTTP Headers and Server Variables.

  • Provided support for passing multivalued attributes through the HTTP headers.

Apache Linux Integration Kit 2.2.1 – February 2010

  • (Bug fix) POST data isn’t truncated by the Apache Agent.

Apache Linux Integration Kit 2.2 – September 2009

  • Added Apache Agent Start Page and Error Page.

  • Added support for default RHEL OpenSSL installation.

  • (Bug fix) Application Scheme/Host/Port options work with OpenToken sent as query parameter.

  • (Bug fix) Apache Agent checks POST, query, then cookie for valid OpenToken.

Apache Linux Integration Kit 2.1 – March 2009

  • Added support for Red Hat Enterprise Linux 4 and 5 (32-bit and 64-bit).

  • Added support for Apache 2.0 and 2.2.

  • Added support for prefork and worker multiprocessing modules.

  • Added alternative method for setting session attributes as HTTP headers or environment variables without a prefix.

  • Added reverse proxy support.

  • Added richer support for single logout.

Apache Linux Integration Kit 2.0 – November 2008

  • Simplified Apache module by removing deprecated functionality not specific to PingFederate.

  • Added ability to expose attributes as HTTP request headers.

  • SAML subject is logged in the Apache access_log.

  • Updated the OpenToken library to support password obfuscation.

  • Updated the OpenToken library to support the POST Transport Method.

  • (Bug fix) Cancel URLs no longer need to be contained in a protected resource.

  • (Bug fix) Cookie domain no longer validated against the agent-configuration file if query or POST is used as the initial transport method.

Apache Linux Integration Kit 1.1 – October 2008

  • Added support for dynamic TargetResource.

  • Simplified configuration by removing several items not needed for the PingFederate implementation.

  • Added support to filters to use the full request URL, including query parameters, to determine if a resource is to be protected.

  • (Bug fix) OpenToken session now uses the cookie-domain property out of mod_plaa.conf rather than the agent configuration file, which would result in failure for the module to start up if the transport mode was set to Query Parameter in the OpenToken adapter setup.

  • (Bug fix) Shipped with OpenToken 2.2.2, which no longer appends a question mark ? to the target resource URL, which Apache couldn’t process.

Apache Linux Integration Kit 1.0 – September 2007

  • Initial release.