yubik – privacyID3A https://www.privacyidea.org flexible, Open Source Multi Factor Authentication (2FA) Tue, 20 Dec 2022 07:49:16 +0000 en-US hourly 1 https://wordpress.org/?v=6.9.4 https://www.privacyidea.org/wp-content/uploads/2016/06/cropped-only-logo-white-background-32x32.png yubik – privacyID3A https://www.privacyidea.org 32 32 privacyIDEA 3.8 released https://www.privacyidea.org/privacyidea-3-8-released/ Tue, 20 Dec 2022 07:49:14 +0000 https://www.privacyidea.org/?p=2318 Transparent Rollout and Smartcard Login

We are happy to inform you, that we released privacyIDEA 3.8 today. 3.8 is an important milestone, since we start to support the Yubikey as a smartcard, that can also be used to login to Windows domains.

Support for smartcard login on Windows systems

privacyIDEA 3.8 can manage the Yubikey as a smartcard that holds a smartcard logon certificate. To obtain the smartcard logon certificate, the privacyIDEA server has a new certificate connector to communicate to all Microsoft Active Directory Certiticate Services in the connected Windows domain.

Thus the certificate on the Yubikey can directly be obtained from the Micrsoft CA but be managed within privacyIDEA.

Rollout during authentication

privacyIDEA supports Multi-Challenge-Response for a while. This mechanism can be used to reset an OTP PIN or authenticate with 4-eyes tokens or index-secret tokens.

In version 3.8 this same mechanism can now be used to enroll a token during authentication. The administrator can define a policy, which token type should be enrolled by the user. In several challenge-response steps thus the user can enroll HOTP, TOTP, email, SMS or PUSH tokens. Email and SMS tokens can even be enrolled in standard applications like the Netscaler.

SMS token enrollment during the login to Citrix ADC

HOTP, TOTP and PUSH enrollment require the application to display a QR code. This mechanism will be supported by all privacyIDEA plugins for e.g. Keycloak, simpleSAMLphp or ADFS.

Fast login, fast debugging, token groups

Using a new “preferred client mode” the administrator can define, which should be the preferred way for a user to authenticate, in case the user has more than one token type.

The audit log has been greatly improved for bug tracking. It now also records the thread ID of an API request.
Since the threat ID is also contained in the debug log file, this is a great handle to find the relevant detailed information to a specific request in the logs.

privacyIDEA 3.8 comes with the new conecpt of “token groups”. We plan to use this to improve SSH key management and the management of offline tokens.

For more details see the changelog at Github.

Install or Update

You can download and update privacyIDEA 3.8 via the community repositories for Ubuntu 18.04, 20.04 and now also 22.04 or via the python package index.

]]>