We added U2F support, that can be used at the moment by administrators and users to login to the privacyIDEA Web UI. Enrolling the U2F token is easy just like authenticating with it. You may find a video about the U2F usage here.
FIDO U2F is ment to use one single device for multi factor authentication many different services, without one central identity provider.
Please note that you need to add a plugin to your Google Chrome for U2F to work. In an upcoming release you will be able to use the U2F registered with privacyIDEA also with other applications.
The second new feature is that the API also returns a signature field. This is the signature of the server response. Thus the client can verify that the server response is valid and was not modified by a potentially attacking party. Usually you will be using SSL with privacyIDEA which also should give you an unmodified response from the server. But if that is not enough for you, you may also verify the signature of the server’s JSON response.
- When importing tokens, a realm can be chosen, so that all imported tokens are immediately inserted into this realm.
- The user is able to change his password in the WebUI if this is an editable user store.
- The user can assign a token in the WebUI.
- For certain token types like SSH the user is not required anymore to enter a PIN.
- The Audit Log tells, if a previous OTP value was used again.
- We migrate to pymysql, with is a pure Python MySQL implementation making installation easier.
- Enable login to WebUI with usernames containing a @-sign. You can now login like user@emaildomain@realm, if your username is “user@emaildomain” in the privacyIDEA realm “realm”.
- Fix the creation of the privacyidea.log logfile.