CILogon Service Update

Post date: Mar 28, 2017 1:54:34 PM

CILogon is pleased to announce a service update to cilogon.org. Changes to the CILogon service include the following.

User-Facing Changes

    • New GitHub Support: You can now use a GitHub account to log on to CILogon. GitHub logons will be issued certificates from the CILogon OpenID CA. For CILogon clients that currently use a 'skin' to prevent the use of Google authentications (e.g., Globus), CILogon will also prevent the use of GitHub authentications. CILogon client administrators can contact help@cilogon.org to enable GitHub authentications for their ‘skin’ configuration.
    • New Google OAuth2 Library: When using Google as your selected Identity Provider (IdP), if you are signed in to just a single Google Account, you will not be prompted to choose a Google Account.
    • Better Single Sign On Handling: When using an OAuth flow (e.g., from a clients such as Globus), the authentication with your chosen IdP is remembered so that future uses of CILogon with that same IdP do not redirect to the IdP.
    • LIGO Secondary IdPs: Users of backup LIGO IdPs (e.g., logon2.ligo.org) now appear to CILogon as users of the standard LIGO IdP (i.e., logon.ligo.org). However, LIGO users should not notice any functional difference.
    • OAuth2 Response Mode Handling: For the OAuth 2.0 flow, CILogon now handles response_mode=form_post to support MediaWiki.
    • OAuth2/OpenID Connect (OIDC) Identifier Claim: For the OAuth 2.0 flow, authentications with external OAuth2 IdPs (Google, GitHub) now issue the IdP unique identifier in the "oidc" claim when requesting the "org.cilogon.userinfo" scope.
    • Signed OIDC Tokens: ID tokens are now signed as required by the OpenID Connect specification.

Internal Changes

    • CILogon PHP library code has been refactored to comply with PSR-2 (Coding Style) and PSR-4 (Autoloader) standards. This will enable the CILogon code repository to move from SourceForge.net to GitHub.com.
    • All third party libraries are now included using PHP Composer. This allows CILogon to (1) specify the version number of the included libraries and (2) easily update to newer library versions as needed.
    • Code comments have been reformatted to be compatible with PHPDoc.
    • Several Java servlet code bugs have been fixed.