Privacyidea

Fixes:
* Performance: avoid using wildcard serials in functions like
get_tokens, get_realms_of_token and copy_token
* Performance: avoid reload of static configuration
* Performance: Clean up LDAP cache, so that it will not grow to big and
further LDAP cache usage optimization (1246)
* Performance: Make signing the audit log configurable (1262)
* Performance: Make the auth counter per token configurable (1262)
* Performance: Fix HSM auto recovery after an HSM failure and make
MAX_RETRIES configurable (1278)
* Fix the double get requests of challenges in the UI
* Auditlog now honors the admin realm in the policies (1244)
* Fix description of realm dropdown policy (1245)
* Allow token janitor to use chunk sizes
* Allow Audit rotation to be performed in chunks to avoid deadlocks.
* Improve documentation about required and optional parameters in
the SQL Audit module.
* Cast userid to string to avoid casts problems with PostgreSQL
* Update pyopenssl dependency.

Fixes:
* Fix problem with empty username (1227)

Fixes:
* Fix PassOnNoUser in combination with event handler (1206)
* Fix loading of Event handler detail view (1210)
* Fix Challenge-Response login at Web UI (1216)
* Fix triggerchallenge to only use active tokens (1217)
* Write all installed package to diagnostics file and
also write the resolver config in privacyidea-diag

Features:
* Add periodic tasks including a privacyidea-cron script. (992)
* Add task module "Simple Stats" to generate time series of certain
important statistics values in privacyIDEA (1105)
* Add task module "Event Counter" that allows to create time series of
any arbitrary event. (1029)
* New token type: TAN list, that can also import a prefefined
list of TANs (1057)
* Add Event Handler Pre-Handling, that e.g. allows for
even more easy token enrollment concepts (747)

Enhancements:
* Improve performance by adding SQL pooling for SQL Audit
and SQL Resolvers. (1167, 1140)
* Improve SQL Resolver to also verify bcrypt-hash passwords (1172)
* Allow multiple WHERE conditions in SQL Resolver (1039)
* Allow objectGUID as loginname in LDAP resolver for better
ownCloud support (1076)
* Add command in pi-manage to dump audit log information (1120)
* Add script to allow generation of AES keys on HSM (1159)
* Improve recovery mechanism from a lost HSM connection (1069)
* Improve Debug Logging to hide passwords in SQL connect strings (1162)
* Add script for easy privacyIDEA standalone setup (1093)
* ldap3, pyasn1, croniter updated in Ubuntu Launchpad repo (1085)
* Add a script that easily gathers support and diagnostic information (829)
* Add event handler management to pi-manage (1119)
* Allow to customize the challenge text for challenge response tokens (1096)
* Add user information to OATH CSV token import file (998)
* Improve migration scripts from LinOTP to also update counter values (1075)
* Add priority to policies to avoid contradicting policies (1031)
* The token event handler now can delete tokeninfo (988)
* Make the import of OATH CSV token specific, so that each
tokentype can define its own import strategy (1066)
* The Event Counter module now allows to decrease the counter (991)
* Allow time deltas to also contain seconds (1033)

Fixes:
* Allow to use unicode passwords with non-ascii characters for the
connect string in SQL Resolvers (1181)
* Fix problem that a wrong password hash was used, if user is created
in SQL Resolver (1114)
* Fix performance issue with slow token listing (1123)
* Fix the QR code regeneration if the user already has the maximum number
of allowed tokens (1153)
* Fix problem with privacyidea-pip-update in case of pip version 10 (1128)
* Fix problem if max_token_per_user was higher than 9 (1117)
* Fix hash algorithm in QR Code (1088)
* Set focus in username field in the login dialog (205)
* Fix disappearing scrollbar issue (1020)
* Fix import of SHA256 tokens (1061)
* Convert string values to unicode in the database model to
avoid misleading "error" messages (1000)
* Fix truncation of audit log in case of authentication failure (1034)
* Shorten audit information to fit into the database column (1037)
* Fix the RADIUS configuration test (1042)

Fixes in WebUI:
* Allow to display the messages of several C/R tokens (995, 1004)
* Use ng-if instead of ng-show to avoid errors in the javascript console (963)
* Remove reference to not-used system.addons.js to avoid errors in the javascript console
* Remove reference to not-used system.addons.html to avoid errors in the javascript console
* Use ng-src instead of src to avoid errors in the javascript console
* Avoid request to /false is image is not existing - avoid error in the javascript console
* Fix handling of U2F token in the WebUI login
* Require serial number in the assignment form (1011)
* Fix PIN comparison in token enroll and token assign (1010)
* Fix the empty username in token enroll or assign (918)

Fixes in Server:
* Add check for serial number present (1011)
* Fix validation of OCRA and TiQR token (1008)
* Add retry to cope with HSM issues (1003)
* Fix unicode in resolverconf database table with Oracle (999)

Features:
* Add automatic offline refill for Offline OTP tokens (839)
* Return realm and resolver of the user and allow mapping
group membership to the RADIUS protocol (896)
* Add new tokenkind (hardware, software, virtual) for all tokens (828)
* Support Vasco tokens via Import and via Web Enrollment (904, 903, 891)
* Add arbitrary tokeninfo field to authorization policy (873)
* New SMPP SMS provider (878)
* New event handler Counter for counting events for statistics and monitoring (951)

Enhancements:
* Enhance the statistics possibilities in WebUI (950)
* Allow reencryption of the database by importing PSKC to
a new database (940)
* Allow token janitor to export "PW" token type to PSKC (942)
* Also export and import the counter values of HOTP/TOTP to PSKC (943)
* SMS token can dynamically read phone number from user source (932)
* Email token can dynamically read email address from user source (932)
* Add policy to ignore the validity of a U2F attestation certificate (926)
* Improve the speed of the LinOTP migration script to cope with tens of
thousands of tokens (914)
* pi-manage can create API tokens with a chosen validity time (931)
* Allow user to set token description for HOTP and TOTP tokens
during enrollment (928) (Thanks to Taylor Chase for this contribution!)
* Add timeout to SMTP server configuration (919)
* Allow complex email templates for email tokens (684)
* LDAP resolver now supports arbitrary multivalue attributes (881)
* Allow Event Handler to match failing authentication (971)

Fixes:
* Several fixes in LDAP resolver to cope with ldap3/pyasn1 version issues and
other issues (911, 980, 982, 887)
* Skip misguiding LDAP error "AttributeError NonType" in log file (948)
* Add missing validity time in /validate/check response for email tokens (946)
(Thanks to Kleber Rocha/klinux for this contribution!)
* Fix the handling of the SMS expiration date (937)
* Fix serial length in the audit table to match the serial length in the token table (929)
(Thanks to Salvo Rapisarda for this contribution!)
* Fix Mail content sent by email token is rendered as attachment (915)
* Fix Editing SMTP Server definition clears the password (923)
* Fix pi-manage backup crash (Thanks to Pavol Ipoth for this contribution!)