privacyIDEA is moving towards a central point to manage authentication items. This was done by adding the machine concept, SSH keys, using Yubikeys for booting LUKS and now by adding the possibility to manage certificates.
privacyIDEA acts as a central control room to manage all relevant points. In 2.3 the managing of client certificates was added. But privacyIDEA is not just another certificate authority. No, privacyIDEA follows the same concept as for user resolvers, machines and applications and lets you define CA connectors that – as the name suggests – connects to existing certain certificate authorities. Thus you may even have several CAs for different purposes and configure privacyIDEA to connect to them all.
Then you can assign certificates (a new token type) to the users and have the users enroll their certificates easily from within the modern Web UI. You can read more about this at the online documentation.
Also other interesting things were added like the registration token type, which eases the process of mass enrollment.
Adding the SCIM Resolver provides better means to be integrated into Cloud setups.
The new TYPO3 plugin is interesting for all Web Hosting companies.
The complete ChangeLog looks like this:
- Add connector to remote Certificate Authority.
- Add Tokentype “certificate” to manage certificates for users Certificates or Certificate Requests can be uploaded. Certificate Requests.(Keypair) can be generated in the browser.
- Add Tokentype “registration” for easier enrollment scenarios.
- Add TokenType “Email” to send OTP via Email.
- Add “First Steps” to online documentation to ease the process of getting up and running.
- Add handling of validity period of token.
- Enable download of Audit log as CSV.
- Add Resolver Priority, to handle a duplicate user in a realm.
- Add TYPO3 Plugin to enable OTP with TYPO3
- Add SCIM Resolver to fetch users from SCIM services
- Several Fixes like:
- Failcounter issue
- NTLM password check
- timestep during enrollment
- Yubikey CSV import