Fixes

Features

PKCE - See OIDC.SSO profile configuration documentation for the forcePKCE and allowPKCEPlain options.
OAuth2 Token Introspection - See OAUTH2.Introspection profile configuration documentation.

The open source license has been changed to Apache 2.0

See v1.0.0 release notes for the previously existing features.

Stop your Shibboleth IdP
Make a backup copy of your Shibboleth IdP home directory.
The conf/oidc-relying-party.xml file MUST be updated
- If you have not modified the file previously, you can copy the new version from the distribution archive over the existing file.
- If the file contains your modifications, the following changes existing in the distribution archive conf/oidc-relying-party.xml file need to be merged:
  - OIDC.SSO bean definition has two new parameters: p:forcePKCE and p:allowPKCEPlain
  - OAUTH2.Introspection bean (bean id="OAUTH2.Introspection") definition has been added
The following two new configuration properties may be set in conf/idp-oidc.properties. Examples are shown in distribution archive conf/idp-oidc.properties file
- idp.oidc.forcePKCE and idp.oidc.allowPKCEPlain, both defaulting to false.
Remove directories flows/oidc and flows/oauth2, and copy the corresponding folders from the distribution archive. The contents of both directories have changed.
Copy edit-webapp/WEB-INF/lib contents from the archive to replace the current edit-webapp/WEB-INF/lib contens
Remove v1.0.x binaries and their dependencies (from edit-webapp/WEB-INF/lib) before rebuilding the war.
- At least the following JAR files may contain multiple versions, make sure that only the latest version exists:
  - gson-2.8.*
  - idp-oidc-extension-api-1.*
  - idp-oidc-extension-impl-1.*
Rebuild Shibboleth IdP.
Start Shibboleth IdP.