SSO Connect On-Prem 17.1.0
Released May 19, 2026
What’s New
SAML Engine Modernization: Migrated from the legacy OpenSAML-based stack to the Keycloak SAML library for improved security posture, maintainability, and FIPS-friendly operation. No administrator action required.
Modern HTTP Transport: Upgraded to Apache HttpClient 5 (httpcore5) bringing improved connection management and support for HTTP/2.
Improvements
Hardened authentication and login path with refined validation and standardized error handling.
Internal API call paths were consolidated to reduce duplication and improve reliability under load.
Security & Bug Fixes
Dependency updates across the platform, including Jetty, Keycloak SAML, Jackson Databind, Log4j, Bouncy Castle (bcprov/bcpkix), and Apache Commons Lang to current secure versions.
Addressed Jetty advisory CVE-2026-2332 via upgrade to Jetty 12.1.8.
No externally reported Critical customer bugs were recorded for this release at sign-off.
Compatibility & Upgrade Notes
No configuration changes are required for existing SSO deployments. All prior IdP/SP configurations remain compatible.
We recommend testing against your IdP (such as Okta, Entra ID, ADFS, Ping, or Keycloak) in a lower environment before production rollout.
Components Updated
Component
Previous
Updated
Benefit
1
Jetty
12.1.6
12.1.8
Security hardening and CVE coverage
2
Keycloak SAML
26.5.3
26.6.0
Modern, supported SAML processing
3
Jackson Databind
2.13.5
2.21.1
Remediation of older advisories
4
Log4j
2.20.0
2.25.4
Latest stable logging stack
5
Bouncy Castle (bcprov)
1.78
1.84
Cryptography library updates
6
Bouncy Castle (bcpkix)
1.77
1.84
Enhanced crypto support
7
Apache Commons Lang
3.14.0
3.18.0
Maintenance uplift
Last updated