WebAuth 3.5.5 Announcement
The ITS WebAuth team is pleased to announce Stanford WebAuth 3.5.5. This release fixes an environment handling bug in mod_webauthldap and improves cookie and Shibboleth handling in WebLogin.
For documentation and downloads of WebAuth 3.5.5, see:
We have not yet updated the Red Hat and Solaris builds.
The user-visible changes in this release are:
Check for browser cookies on the first page visit to WebLogin via a redirect and show an error immediately if the user doesn't have cookies enabled. This works correctly in the presence of Apache authentication.
There is a new template variable, err_cookies_disabled, for the error template, indicating that the user doesn't have cookies enabled. Old templates are supported but won't offer as nice of an error message. The err_cookies parameter to the login template is no longer used.
Thanks to Joachim Keltsch for the patch.
Fix memory allocation in mod_webauthldap for the Kerberos ticket cache environment variable to use persistant rather than pool memory. Fixes occasional segfaults in mod_php.
Improve extraction of return URLs for user-friendly display when doing authentication for a Shibboleth IdP. Thanks, Robert Basch.
Show the correct pretty Shibboleth return URL when redisplaying the confirmation page. Thanks, Robert Basch.