v4.35.0

4.35.0 (2022-04-18)

Important Change: OpenID Connect subject identifiers have changed as per ad84c8c. You may be required by relying parties to remap/relink users to the new subject identifiers which are now opaque id's rather than the username in order to comply with the OpenID Connect standard. While we aim to keep changes like this to a minimum, OpenID Connect is still in beta as we iron out all the important functionality.

Bug Fixes

• configuration: missing valid keys (#3207) (5aa25ec)
• configuration: remove unused password policy option (#3149) (9d5ac45)
• configuration: sector identifier not parsed correctly (#3142) (44bd707)
• oidc: missing amr claim supported in discovery (#3147) (148ec1e)
• oidc: show detailed error reasons (#3175) (f97474f)
• server: incorrect remote ip logged in error handler (#3139) (ce6bf74)
• server: locale format incorrect (#3154) (79935c7)
• server: respond with 404/405 appropriately (#3087) (2502d89)
• web: description of profile scope is not accurate (#3146) (f9da940)
• web: lowercase locales are not consistent with localization platforms (#3141) (4503ac0)
• web: update client rendering method (#3106) (fa143ea)

Features

• authentication: password policy (#2723) (8659ba3)
• authorization: domain regex match with named groups (#2789) (3c1bb3e)
• commands: user opaque identifiers commands (#3144) (5a0a15f)
• configuration: allow rfc4918 http verbs in acl (#2988) (b2d35d8)
• configuration: configurable default second factor method (#3081) (e99fb7a)
• implement mutual tls in the web server (#3065) (3ca438e), closes #3041
• notification: password reset notification custom templates (#2828) (bfd5d66), closes #2755 #2756
• oidc: client id claims (#3150) (e7112bf)
• oidc: implement amr claim (#2969) (0116506)
• oidc: opaque subject identifiers (#3129) (ad84c8c)
• oidc: pairwise subject identifiers (#3116) (8bb8207)
• oidc: persistent storage (#2965) (0a970ae)
• oidc: pre-configured consent (#3118) (66a450e), closes #2598
• oidc: provide cors config including options handlers (#3005) (4ebd8fd)
• server: zxcvbn password policy server side (#3151) (92aba8e)
• templates: display link in mails sent by authelia (#2785) (1bae65a)
• totp: secret customization (#2681) (9b6bcca)
• web: add de i18n translation (#3043) (c3faa38)
• web: add user display name to oidc consent view (#3138) (90edf11), closes #2595
• web: i18n asset overrides (#3040) (aac4c47)
• web: password reset custom url (#3111) (a2eb031), closes #1934 #2854

Docker Container

• docker pull authelia/authelia:4.35.0
• docker pull ghcr.io/authelia/authelia:4.35.0