Privacyidea

Features:
* Add periodic tasks including a privacyidea-cron script. (992)
* Add task module "Simple Stats" to generate time series of certain
important statistics values in privacyIDEA (1105)
* Add task module "Event Counter" that allows to create time series of
any arbitrary event. (1029)
* New token type: TAN list, that can also import a prefefined
list of TANs (1057)
* Add Event Handler Pre-Handling, that e.g. allows for
even more easy token enrollment concepts (747)

Enhancements:
* Improve performance by adding SQL pooling for SQL Audit
and SQL Resolvers. (1167, 1140)
* Improve SQL Resolver to also verify bcrypt-hash passwords (1172)
* Allow multiple WHERE conditions in SQL Resolver (1039)
* Allow objectGUID as loginname in LDAP resolver for better
ownCloud support (1076)
* Add command in pi-manage to dump audit log information (1120)
* Add script to allow generation of AES keys on HSM (1159)
* Improve recovery mechanism from a lost HSM connection (1069)
* Improve Debug Logging to hide passwords in SQL connect strings (1162)
* Add script for easy privacyIDEA standalone setup (1093)
* ldap3, pyasn1, croniter updated in Ubuntu Launchpad repo (1085)
* Add a script that easily gathers support and diagnostic information (829)
* Add event handler management to pi-manage (1119)
* Allow to customize the challenge text for challenge response tokens (1096)
* Add user information to OATH CSV token import file (998)
* Improve migration scripts from LinOTP to also update counter values (1075)
* Add priority to policies to avoid contradicting policies (1031)
* The token event handler now can delete tokeninfo (988)
* Make the import of OATH CSV token specific, so that each
tokentype can define its own import strategy (1066)
* The Event Counter module now allows to decrease the counter (991)
* Allow time deltas to also contain seconds (1033)

Fixes:
* Allow to use unicode passwords with non-ascii characters for the
connect string in SQL Resolvers (1181)
* Fix problem that a wrong password hash was used, if user is created
in SQL Resolver (1114)
* Fix performance issue with slow token listing (1123)
* Fix the QR code regeneration if the user already has the maximum number
of allowed tokens (1153)
* Fix problem with privacyidea-pip-update in case of pip version 10 (1128)
* Fix problem if max_token_per_user was higher than 9 (1117)
* Fix hash algorithm in QR Code (1088)
* Set focus in username field in the login dialog (205)
* Fix disappearing scrollbar issue (1020)
* Fix import of SHA256 tokens (1061)
* Convert string values to unicode in the database model to
avoid misleading "error" messages (1000)
* Fix truncation of audit log in case of authentication failure (1034)
* Shorten audit information to fit into the database column (1037)
* Fix the RADIUS configuration test (1042)

Fixes in WebUI:
* Allow to display the messages of several C/R tokens (995, 1004)
* Use ng-if instead of ng-show to avoid errors in the javascript console (963)
* Remove reference to not-used system.addons.js to avoid errors in the javascript console
* Remove reference to not-used system.addons.html to avoid errors in the javascript console
* Use ng-src instead of src to avoid errors in the javascript console
* Avoid request to /false is image is not existing - avoid error in the javascript console
* Fix handling of U2F token in the WebUI login
* Require serial number in the assignment form (1011)
* Fix PIN comparison in token enroll and token assign (1010)
* Fix the empty username in token enroll or assign (918)

Fixes in Server:
* Add check for serial number present (1011)
* Fix validation of OCRA and TiQR token (1008)
* Add retry to cope with HSM issues (1003)
* Fix unicode in resolverconf database table with Oracle (999)

Features:
* Add automatic offline refill for Offline OTP tokens (839)
* Return realm and resolver of the user and allow mapping
group membership to the RADIUS protocol (896)
* Add new tokenkind (hardware, software, virtual) for all tokens (828)
* Support Vasco tokens via Import and via Web Enrollment (904, 903, 891)
* Add arbitrary tokeninfo field to authorization policy (873)
* New SMPP SMS provider (878)
* New event handler Counter for counting events for statistics and monitoring (951)

Enhancements:
* Enhance the statistics possibilities in WebUI (950)
* Allow reencryption of the database by importing PSKC to
a new database (940)
* Allow token janitor to export "PW" token type to PSKC (942)
* Also export and import the counter values of HOTP/TOTP to PSKC (943)
* SMS token can dynamically read phone number from user source (932)
* Email token can dynamically read email address from user source (932)
* Add policy to ignore the validity of a U2F attestation certificate (926)
* Improve the speed of the LinOTP migration script to cope with tens of
thousands of tokens (914)
* pi-manage can create API tokens with a chosen validity time (931)
* Allow user to set token description for HOTP and TOTP tokens
during enrollment (928) (Thanks to Taylor Chase for this contribution!)
* Add timeout to SMTP server configuration (919)
* Allow complex email templates for email tokens (684)
* LDAP resolver now supports arbitrary multivalue attributes (881)
* Allow Event Handler to match failing authentication (971)

Fixes:
* Several fixes in LDAP resolver to cope with ldap3/pyasn1 version issues and
other issues (911, 980, 982, 887)
* Skip misguiding LDAP error "AttributeError NonType" in log file (948)
* Add missing validity time in /validate/check response for email tokens (946)
(Thanks to Kleber Rocha/klinux for this contribution!)
* Fix the handling of the SMS expiration date (937)
* Fix serial length in the audit table to match the serial length in the token table (929)
(Thanks to Salvo Rapisarda for this contribution!)
* Fix Mail content sent by email token is rendered as attachment (915)
* Fix Editing SMTP Server definition clears the password (923)
* Fix pi-manage backup crash (Thanks to Pavol Ipoth for this contribution!)

Fixes:
* HTTP Timeout of HTTP SMS Gateway (889)
* Remove console.log from webui

Fixes:
* Allow to use TLS1.1 and TLS1.2 for LDAP Resolver (876)

Features:

* Allow export of tokens to PKSC file (790)
* Implement two-step enrollment of HOTP/TOTP tokens (797, 863, 865, 866)
* Allow WebUI customization via policies (795)

Enhancements:

* Add script to decrypt safeword tokens
* Allow using tags in the tokenissuer of smartphone tokens
* Try to re-establish lost HSM connections (787)
* Allow to rotate audit log based on multiple conditions (780, 833)
* Add dry-run option to audit log rotation (801)
* Allow dots in realm names (808)
* Mark empty but required fields in WebUI (810)
* Display success information after PIN is set (822)
* Add further tags to the user notification event handler (824)
* Add number of users to the subscription view (800)
* Add HTTP/HTTPS proxy settings to HTTP SMS Provider (835)
* Federation Handler allows to forward the authorization token (838)
* Use token janitor to export a user list (852)
* Use HSM for random key generation if possible (783)
* HTTP SMS Provider now takes TIMEOUT parameter into account
* Allow to configure length of generated serial numbers (583)

Fixes:

* Fix handling of only_realm option in token event handler (809)
* Fix scrollbar issues in WebUI (806, 823)
* Fix OTP counter of offline token (840)
* Fix conflicts between check_tokentype and passthru policies (846)
* Properly reset tab tile after session has been locked (850)
* Fix handling of fixed key size during enrollment (820)
* Make sure that only active policies are honored (825)
* Fix various bugs with non-ASCII data (754)
* Fix failcounter_clear_timeout (831)
* Only remove apache host definitions on first installation (834)