Skip navigation



WebAuth 3.5.5 Announcement

The ITS WebAuth team is pleased to announce Stanford WebAuth 3.5.5. This release fixes an environment handling bug in mod_webauthldap and improves cookie and Shibboleth handling in WebLogin.

For documentation and downloads of WebAuth 3.5.5, see:


We have not yet updated the Red Hat and Solaris builds.

The user-visible changes in this release are:

  • Check for browser cookies on the first page visit to WebLogin via a redirect and show an error immediately if the user doesn't have cookies enabled. This works correctly in the presence of Apache authentication.

    There is a new template variable, err_cookies_disabled, for the error template, indicating that the user doesn't have cookies enabled. Old templates are supported but won't offer as nice of an error message. The err_cookies parameter to the login template is no longer used.

    Thanks to Joachim Keltsch for the patch.

  • Fix memory allocation in mod_webauthldap for the Kerberos ticket cache environment variable to use persistant rather than pool memory. Fixes occasional segfaults in mod_php.

  • Improve extraction of return URLs for user-friendly display when doing authentication for a Shibboleth IdP. Thanks, Robert Basch.

  • Show the correct pretty Shibboleth return URL when redisplaying the confirmation page. Thanks, Robert Basch.

Last modified Friday, 12-Dec-2014 02:31:12 PM

Stanford University Home Page