Privacyidea

Featurs
* Add HSM support via AES keys (534)
* Improved Event Handler for flexible notification (511)
* Signed subscription files for adding and checking
for extra functionality during authentication request (502)

Enhancements
* Allow additional filter attributes in the Audit Log (519)
* Show or hide realms in the login dialog via policy (517)
* Improve UI if admin is not allowed for certain actions (516, 512)
* Disable OTP PIN during enrollment via policy (439)
* Allow automatic sending of registration code via email (514)

Fixes
* Allow compatibility with ldap3 >= 2.0.7 (533 535)
* Fix problem with Notification when no tokenowner is available (528)
* Fix confusion of client HTTP parameters (529)
* Fix enabled flag with certain database types (527)
* Catch error in case of faulty overrideClient definition (526)
* Truncate Audit lines, that are too long for the DB table (525)

Features
* Client Overview. Display the type of the requesting
authenticating clients (489)
* Support for NitroKey OTP mode (admin client)

Enhancements
* Performance enhancements using Caching singletons for
Config, Realm, Resolver and Policies
* Allow configuration of the registration email text (494)
* Return SAML attributes only in case of successful
authentication (500)
* Policy "reset_all_user_tokens" allow to reset all
failcounters on successful authentication (471)
* Client rewrite mapping also checks for
X-Forwarded-For (395, 495)

Fixes
* Fixing RemoteUser fails to display WebUI (499)
* String comparison in HOSTS resolver (484)

Features
* Import PGP encrypted seed files
* Allow UserNotification for user actions
* Allow UserNotification on validate/check events,
to notify the user on a failed authentication or
a locked token.

Enhancements
* Add thread ID in REST API Response
* Performance improvement: Cache LDAP Requests 473
* Performance improvement: Optimize resolver iteration 474
* Add "Check OTP only" in WebUI
* Improve "get serial by OTP" in WebUI
* Add script to get serial by OTP

Fixes
* Restrict GET /user for corresponding admins 460

Features
* Allow central definition of SMS gateways
to be used with tokens. 392
* User SMS for User Notificaton Event Handler. 435
* Add PIN change setting for each token. 429
* Force PIN change in web UI. 432

Enhancements
* Performence enhancements
* speed up loading of audit log in web UI.
* avoid double loadin of tokens and audit entries in web UI. 436
* Additional log level (enhanced Debug) to even log passwords in
debug mode.
* Add new logo. 430
* Add quick actions in the token list: reset failcounter,
toggle active. 426
* REST API returns OTP length on successful authentication. 407
* Add intelligent OverrideAuthorizationClient system setting,
that allows defined proxies to reset the client IP. 395

Fixes
* Display token count in web UI. 437
* Use correct default_tokentype in token enrollment. 427
* Fix HOTP resync problems. 412

Features
* Event Handler Framework 360
* local CA connector can enroll certificates
for users. Users can download PKCS12 file. 383
* Add and edit users in LDAP resolvers 372
* Hardware Security Module support via PKCS11
* Time dependent policies 358

Enhancements
* Policy for web UI enrollment wizard 402
* Realm dropdown box at login screen 400
* Apply user policy settings 390
* Improve QR Code for TOTP token enrollment 384
* Add documentation for enrollment wizard 381
* Improve pi-manage backup to use pymysql 375
* Use X-Forwarded-For HTTP header as client IP 356
* Add meta-package privacyidea-mysql 376

Fixes
* Adduser honors resolver setting in policy 403
* Add documentation for SPASS token 399
* Hide enrollment link (WebUI) is user can not enroll 398
* Fix getSerial for TOTP tokens 393
* Fix system config checkboxes 378
* Allow a realm to be remove from a token 363
* Improve the date handling in emails 352
* Sending test emails 350
* Authentication with active token not possible if
the user has a disabled token 339

Features
* RADIUS Servers: Allow central definition of RADIUS servers
* RADIUS passthru policy: Authentication requests for users
with no tokens can be forwarded to a specified RADIUS server

Enhancements
* Allow objectGUID in LDAP-Resolver of Active Directory
* Use paged searches in LDAP. LDAP resolver will find all
users in the LDAP directory.
* Allow privacyIDEA instance name to be configured for
the AUDIT log
* Allow special characters in LDAP loginnames and passwords
* Add arbitrary attributes to SAML Authentication response
* Enhance the handling of YUBICO mode yubikeys with the
YUBICO API. The prefix is handled correctly.
* Allow in get_tokens to be filtered for tokeninfo.
* Add paged search in LDAP resolver. This allows responses
with more than 1000 objects.

Fixes
* Fix SMTP authentication
* Fix Enrollment Wizard for non-default realm users
* Registration process: If an email can not be delivered,
the token is deleted, since it can not be used.