In the age of RESTful APIs and single-page applications the traditional Java Servlet-based web-applications with server-side page rendering and server-side HTTP session tracking no longer look sexy. Nonetheless, the technology is still quite popular and is used widely.
Some time ago we released an open source authenticator implementation for Apache Tomcat that allowed web-applications developed for form-based user authentication use OpenID Connect providers, such as Auth0, Google Identity Platform, Amazon Cognito, Microsoft Azure AD, Yahoo and others to log users in. Over time, users of our authenticator implementation have submitted a number of feature requests.
Last week, we were finally able to address those requests and a fully reworked implementation of the OpenID Authenticator for Tomcat, version 2.0 was published. You can find it here. Among new features is support for hybrid form-based and OpenID Connect based authentication, support for multiple OpenID Connect providers, security improvements.