Hardened encryption of Redis-cached values
This release strengthens how the Orchestrator encrypts values stored in an external Redis cache. The on-disk format of cached entries has changed as a result.No action required on upgrade. The Orchestrator adopts the new format automatically. Entries written by earlier versions are ignored and expire on their own TTL if configured with a TTL. You do not need to flush or modify Redis, and no users are signed out — session stores do not use the Redis cache.What to expect after upgrading:- OIDC Provider. Refresh tokens issued before the upgrade are invalidated. Applications re-authorize on their next refresh; for users with an active session this is seamless, with no sign-in prompt. Existing JWT access tokens remain valid until they expire. The transition completes within your refresh-token lifetime (default 24 hours). Clients that authenticate without a user session, such as machine-to-machine clients, may need to re-authenticate once. Existing opaque access tokens will need to be re-issued.
- SAML Provider. Flows in progress at the moment of upgrade may need to be retried. Established sessions are unaffected.
- Service Extensions. Cached entries from before the upgrade are treated as misses and repopulated on next use. If an extension combines direct key access (disable-prefix) with value encryption, re-write previously stored values, as they are unreadable in the new format.
- Multi-node deployments. Complete the rollout promptly. Mixed-version clusters may not share cached entries, causing a temporary rise in re-authentications until all nodes are upgraded.
Fixes
- OIDC Provider: Return HTTP 400 for login callback failures caused by client errors
Internal improvements and maintenance updates.
Filter MCP tools by access token
MCP Proxy apps can now apply an OPA connection authorization policy that decides, per upstream MCP server, whether the gateway connects to it and lists its tools — evaluated against the caller’s access token. Instead of surfacing every upstream’s tools to every client, you can scope which tools each session sees based on identity.- MCP Proxy: Add OPA policy support for connection authorization, filtering which upstream MCP tools are exposed to a session based on the access token
Deployments
- Google Cloud Config Storage: Add read-only scope and workload identity support for the GCP config provider
Fixes
- MCP Provider: Fix HTTP deadline not being cleared when MCP is enabled, which could cause requests to time out unexpectedly
- MCP Proxy: Clean up upstream MCP sessions when the downstream session ends
- Service Extensions: Fix configuration bundle asset access for proxy app’s
CreateHeader, single logout’sParsePostLogoutSE, and session’sParseEvalIdleTimeoutSEandParseEvalMaxLifetimeSEservice extensions - OIDC Apps: Allow non-identity-provider namespaces to be used in token brokering exchange template interpolation
- MCP Proxy: Fixed token audience validation so a token is accepted when any one of its listed audiences matches an expected value, instead of being rejected unless all audiences matched.
- MCP Proxy: Fixed a signature verification issue that could block requests when multiple MCP servers are configured.
- Token Brokering (experimental): Add Federated Exchange flow, where the Orchestrator mints a short-lived JWT and exchanges it with an upstream authorization server (e.g., Databricks, GCP Workload Identity Federation). Mappings also support dynamic claim values via templating interpolation.
- OIDC Connector: Add
disableClientAuthenticationfor federation flows where the upstream authenticates via the subject token alone (e.g., Databricks account-wide federation) - OIDC Provider: Add support for RFC 7638-compliant JWK thumbprints as the
kid. Opt in per signing key withuseRFC7638Thumbprint: true— coordinate with relying parties first, since thekidwill change. - OIDC Client: Cache the actor token used in
client_credentials-backed token exchange requests
- OIDC Provider: Allow clients with only non-interactive grants to omit authentication
- Telemetry: Add support for v1 OTel configuration
- Security: Resolved security issues
- Config: Fixed
MAVERICS_DEBUG_MODE=truebeing silently ignored when alogger:block was configured. Setting the env var now correctly forces DEBUG-level logging as documented.
What’s new
MCPSignificantly expanded MCP observability so operators can run at info and still get full session traceability and audit coverage — no more flipping to debug to reconstruct what happened.- Every MCP request log now carries a hashed mcpSessionID, giving you end-to-end correlation across a client-to-Maverics session without exposing the raw Mcp-Session-Id credential.
- Proxy-path logs also carry an upstreamMCPSessionID, so you can follow a single interaction from the client, through Maverics, to the upstream MCP server on the same line.
- Every tool call emits a single tool call completed log at info with an outcome of success, tool_error, or failed — consistent across bridge and proxy modes.
- Every list-tools call emits a single list tools completed log at info with the outcome and tool count.
- Session register/unregister and upstream session established/terminated events are now surfaced at info.
- Raw session IDs never appear in logs or traces.
Fixed
MCP ProxyFixed an issue where responses from upstream MCP servers using gzip compression could reach the client corrupted or unreadable. Compressed responses are now handled correctly.Improvements
LoggingAudit and security events now log at info level. This makes them visible in standard log pipelines without needing to lower global log thresholds, so your SIEM and observability tooling will pick them up by default.- Logout: Fix bug where logout redirect URLs containing pre-existing query parameters (e.g., Azure B2C custom policy endpoints with
?p=<policy>) produced malformed URLs with duplicate?characters, causing downstream parameters likeid_token_hintandstateto be silently dropped
- MCP Proxy: Fix path parameter handling and improve tolerance for common schema quirks in MCP bridge apps built from OpenAPI specs
- OIDC Provider: Add token brokering (experimental) to the OIDC provider. Clients can exchange a Maverics access token for upstream service tokens using standard RFC 8693 token exchange. The initial release supports session passthrough mode, which returns a cached upstream token. Token brokering integrates with existing OPA token minting policies for authorization.
- Telemetry: Add W3C
traceparentheader propagation to maintain a stable traceID across the entire request lifecycle. When a request enters the Orchestrator, the traceID is preserved and forwarded to all downstream services — including identity providers and MCP endpoints — enabling true end-to-end distributed tracing with a single, consistent identifier. This is especially valuable when the Orchestrator acts as an auth provider to an AI Identity Gateway, where a single user prompt can trigger a chain of token exchanges, policy evaluations, and tool invocations across multiple services. With a stable traceID, operators can trace an AI gateway request from initial authentication through policy evaluation, token minting, and downstream MCP tool calls, correlating every hop in a single distributed trace.
- SAML Provider: Make NameID name qualifiers optional
- SAML Provider: Fix WS-Fed name claim incorrectly being included in SAML assertions
- SAML Provider: Correct XML namespacing across all SAML response types
- Telemetry: Add stable Secure Orchestrator ID (
soid) to all log entries and OTel telemetry (service.instance.id) for deployment correlation - OIDC Connector: Add configurable error handling for authentication callbacks
- OIDC Provider: Fix state parameter encoding in form post response mode
- Security: Resolved security issues
- MCP Proxy: Gracefully re-establish session with the upstream MCP server and retry the request when the session is terminated
- Proxy Apps: Allow service extensions to be reused across all application types by loosening namespace validation
- Connectors: HYPR connector now reads custom HTML files from the configuration bundle
- MCP Proxy: Gracefully re-establish sessions with upstream and retry requests when a session is terminated
- Proxy Apps: Allow service extensions to be reused across all app types
- Connectors: Support reading custom HTML files from the configuration bundle for Hypr integrations
- TLS: Add max version configuration for all TLS settings
- Session: Fixed an issue where empty sessions were persisted when the SLO endpoint terminated an unestablished session
- MCP Proxy: Add configurable scopes and token lifetimes for all MCP protocol operations
- Security: Resolved security issues
- Security: Resolved CVE-2026-2405
- MCP Proxy: Respect outbound authorization policy when making list tools requests
- SAML Apps: Enable claims mapping and the BuildClaims service extension to be used together
- MCP Proxy: Explicitly handle session termination errors that are returned from the upstream
- OIDC Connector: Add client assertion authentication mechanism (rfc 7523)
- OIDC Connector: Add support for JWT client assertion authentication as part of the token exchange grant
- OIDC Provider: Demonstrate JWT client authentication can be used with authcode, token-exchange grants
- OIDC Provider: Make openid scope and scope param optional
- SAML Provider: Ensure SAML Response elements are ordered correctly
- OIDC Provider: Add Subject and Actor token claims to token minting policy