Switch branches/tags
Nothing to show
Find file
Fetching contributors…
Cannot retrieve contributors at this time
55 lines (45 sloc) 2.84 KB
# See for a full ChangeLog history.
# Some issue references are from an old Trac installation. New bugs can be found
# at and are prefixed with a #
Fixed issue #13 - issue with handling POST data
Fixed issue #10 - curl_unescape deprecated / libcurl doesn't unescape '+' as a space
Version 0.6
Now a true authorization module (using ap_hook_check_user_id) (issue 79)
Because now using propper hook, REMOTE_USER now accessible to mod_rewrite (issue #2)
Now using integrated apache logging rather than logging directly to apache log with printing to stderr
Fixed error that caused openid_identifier to leak into return_to, causes cancel messages to fail (issue 92)
Fixed problem with module not always recognizing when locked URL was using https (issue 83)
Version 0.5
Added support for HTML form submission (POSTs) per the 2.0 spec (issue 52)
Created AuthOpenIDCookiePath option (issue 76)
Nonce is now more secure (issue 77)
Version 0.4
Fixed bug involving custom auth cookie names (issue 27)
No longer clearing attribute exchange parameters (issue 34) - see wiki page for attribute exchange
Added ability to specify external program for authorization (issues 8, 35, and 17)
Fixed bug that left openid params in referrer param after custom login page redirect (issue 28).
Fixed bug that resulted in referrer param not having http/s being set correctly (issue 26).
Fixed bug that resulted in auth error when too many requests were hitting Session DB (issue 36).
Fixed bug that set REMOTE_USER to normalized id rather than claimed id (issue 37).
Version 0.3
Added support for OpenID 2.0 spec - using new libopkele
Removed support for BDB - now SQLite only
Fixed security issue with sessions potentially being valid for too long (issue 16)
Changed get param from openid.identity to openid_identifier (per 2.0 spec - issue 14)
Version 0.2.1
302 Redirect issue fixed - nasty, reason for 0.2.1 release (issue 6)
AuthOpenIDEnabled now allowed in .htaccess files (issue 9)
Fixed links on default login page (issue 12)
Version 0.2 and openid.sreg parameters are no longer cleansed from URL (issue 1)
Added AuthOpenIDServerName configuration option (issue 3)
Removed dependency on libpcre++ (libpcre still required)
Added a modauthopenid.referrer parameter that is passed on to login pages (issue 4)
Updated code to work with libopkele version 3 API
Version 0.1
Changed license to less restrictive MIT license to avoid legal nasties in the future.
Added sqlite support as an alternative to bdb.
Added AuthOpenIDCookieLifespan option.
Fixed bug where REMOTE_USER CGI environment variable was not being set correctly when ID was delegated.
Fixed bug where REMOTE_USER CGI environment variable was not being set if the session cookie wasn't enabled.