Privacyidea

Features
* User Registration: A user may register himself and thus create
his new user account.
* Password Reset: Using a recovery token a user may issue a
password reset without bothering the administrator or the
help desk.
* Enrollment Wizard for easy user token enrollment
* SMTP Servers: Define several system wide SMTP settings and use
these for
* Email token,
* SMTP SMS Provider,
* registration process,
* or password reset.

Enhancements
* Ease the Smartphone App (Google Authenticator) rollout.
Hide otplen, hash, timestep in the UI if a policy is defined.
* Add import of Aladdin/SafeNet XML file.
* Add import of password encrypted PSKC files.
* Add import of key encrypted PSKC files.

Fixes
* Support LDAP passwords with special non-ascii characters.
* Support LDAP BIND with special non-ascii characters.
* Fix problem with encrypted encryption key.
* Fix upgrading DB Schema for postgresql+psycopg2.
* Fix UI displaying of saved SMS Provider.
* Do not start challenge response with a locked/disabled token.

Features
* New token type: Security questions or questionnaire token.
* New token type: Paper token. OTP values printed on a piece of paper.
* Yubico Validation API: The yubikey tokens can authenticate via
/ttype/yubikey which follows the Yubico Validation Protocol.

Enhancements
* Add Web UI view to display the active challenges.
* The issuer for the Google Authenticator app can be configured.
* The LDAP machine resolver uses an LDAP server pool.
* The LDAP user resolver returns a list of mobile numbers.

Fixes
* The test email for the email token now has a sent date.
* Fix problem when using encrypted encryption key.
* Fix upper case problem when logging in to web UI
with REMOTE_USER.
* Fix allow set an empty PIN in the web UI.
* Fix import of token file in Web UI.

Features
* Improve U2F support with trusted facets
* Add Challenge Response and U2F support to SAML
* Add Web UI theming
* Add possibility to use REMOTE_USER for authentication at Web UI
* Fuzzy Authentication: restrict time since last authentication

Enhancements
* Allow mangle policy when fetching ssh keys
* Add realm support to ownCloud plugin
* Support Drupal passwords in SQL resolver
* Add validity period to token enrollment
* Set default enrollment token type in Web UI
* Add scope to LDAP resolver

Fixes
* Fix failcounter reset for challenge response tokens
* Fix confusing DB errors (column exist) during installation
* Fix email token TLS checkbox saving
* Fix TOTP testing in Web UI
* Fix SMS config loading in Web UI

Features
* Add support for U2F tokens
* Add signature to the API JSON response. Thus
the client can verify the response.

Enhancements
* When importing tokens, a realm can be chosen, so that all imported
tokens are immediately inserted into this realm.
* The user is able to change his password in the WebUI.
* The user can assign a token in the WebUI.
* Avoid the requiring of a PIN for some tokentypes like SSH
* Migrate to pymysql, the pure python mysql implementation
* The Audit Log tells if a previous OTP value was used again.

Fixes
* Enable login to WebUI with a loginname containing an sign.
* Fix the writing of logfile privacyidea.log

Features
* Add OCRA base TiQR token to authenticate by scanning
a QR code.
* Add Challenge Response authentication to Web UI
* Add 4-Eyes token, to enable two man policy. Two tokens
of two users are needed to authenticate.
* "Revoke Token" lets you perform special action on token types.
Tokens can be revoke, meaning they are blocked an can not
be unblocked anymore.

Enhancements
* Add HA information in the documentation.
* Add OpenVPN documentation.
* Add challenge response policy, to define if e.g. HOTP or TOTP are
allowed to be used in challenge response mode.
* Add hotkeys for easier use of Web Ui.
* Remove wrong system wide PassOnNoUser and PassOnNoToken.
* Set default language to "en" in Web UI.

Fixes
* Fix LDAP bug 179, which allows authentication with
wrong password under certain conditions
* Small fixes in coverage tests
* Fix username in web UI during enrollment
* Fix link to privacyIDEA logo in Web UI
* Fixed bug, that user was not able to resync his own tokens.

Features
* Add statistics
* Add German translation
* Add PinHandler in case of random PIN used
* Add automatic documentation of system setup
* Add ownCloud plugin

Enhancements
* Preset Email and SMS of a user when enrolling token
* Enable LDAP anonymous bind
* Add Hashalgorithms and digits to QR Code
* Add support for CentOS 6 and 7

Fixes
* Fix registration token
* Fix mOTP reuse problem