Today we released the version 2.22.1 of the privacyIDEA Enterprise Edition.

If you want to know more about the major changes from 2.21 to this version 2.22.1 please read our previous blog post.

Bug Fixes

In version 2.22.1 bugs in the Web UI and server have been fixed:

  • Login with Challenge Response tokens to the WebUI was improved.
  • The PIN, serial and username handling in the rollout and assignmed was fixed.
  • Annoying output in the browser console was removed.
  • Added check for serial number present.
  • Fixed validation of OCRA and TiQR token.
  • Added retry to cope with HSM issues.
  • Fixed unicode in resolverconf database table with Oracle.
You can find a complete Changelog at github.

About the privacyIDEA Enterprise Edition

The Enterprise Edition is released as version 2.X.1 a few weeks after the public release of version 2.X and contains necessary bug fixes.

The Enterprise Edition of the privacyIDEA Authentication System addresses companies and organizations, that need a reliable and stable update process. It is available for Ubuntu 16.04LTS, CentOS7/RHEL7 and the Univention Corporate Server. It is also available as an Appliance, that allows e.g. a simple setup of a master master replication.

Please get in touch, if you want to learn more or if you want to test the Enterprise Edition.

Today we released the privacyIDEA Authenticator version 1.0. We fixed typos and added a German translation.

The privacyIDEA Authenticator is available via the Google Play Store.

About the privacyIDEA Authenticator

Using the privacyIDEA Authenticator the smartphones of your users become the factor of possession for a secure login. The privacyIDEA Authenticator creates one time passwords according to the HOTP or TOTP algorithms. It is compatible with the Google Authenticator. However, in conjunction with the privacyIDEA Authentication System the privacyIDEA Authenticator also allows for a secure enrollment process. Thus neither the user nor an attacker can simply copy the secret key of the app during the enrollment process.

In privacyIDEA 2.22 the flexibilty of using arbitrary user attributes in the RADIUS protocol was heavily improved. But there are a lot of other features and enhancements. You can find the complete article at privacyidea.org.

The current version 2.21.4 of privacyIDEA Enterprise Edition is now available for Univention Corporate Server.

We already wrote about the new features in privacyIDEA 2.21 in a previous blog post. Now UCS users can also profit from these enhancements. privacyIDEA can be updated from version 2.20.1 to 2.21.4 easily from within the Appcenter.

Secure Rollout of Smartphones

privacyIDEA Authenticator

Using the smartphone and the privacyIDEA Authenticator App users can securely log in to e.g. the company’s VPN.

The most interesting feature of privacyIDEA 2.21.4 is the secure rollout of smartphones. During this process a part of the secret key is generated on the privacyIDEA server and the other part is generated on the privacyIDEA Authenticator App.

The privacyIDEA Authenticator App is currently available for Android phones via the Google Play Store.

You have questions? Ask us!

Today we released the stable version 2.21.1 of the privacyIDEA Enterprise Edition.

The Enterprise Edition as version 2.X.1 is released a few weeks after the corresponding major public release and contains necessary bug fixes. You can read about the features of version 2.21 like the secure smartphone enrollment in our previous blog post.

Version 2.21.1 fixes the following bug:

  • The LDAPS connection to the user directory like OpenLDAP or Active Directory only used TLS1.0. The administrator can now configure the user resolver to also use TLS1.1 or TLS1.2.

About the Enterprise Edition

The Enterprise Edition of the Multi-Factor-Authentication system privacyIDEA is ment for enterprises and organizations, which need a reliable update process. It is available for Ubuntu 16.04LTS, CentOS7, RHEL7 and the Univention Corporate Server. In addition the enterprise edition contains an appliance that helps you quickly and easily set up a high available master-master replication.

Please contact us if you have further questions, if you want to test the enterprise edtion or want to book a workshop.

Today privacyIDEA 2.21 was released. Read about it on the privacyIDEA project page.

With privacyIDEA 2.21 it will be possible to enroll smartphone based tokens in a more secure manner and mitigate the threat of simply copying the QR code of the enrolled token. NetKnights still runs a beta test of a new smartphone app. You are welcome to join the beta test!

Also there are enhancements in the event handlers, the rotating of the audit log and the customization of the UI.

The version 2.21 is available via the Ubuntu repositories for 16.04LTS and 14.04LTS and the python package index as a community version.

The enterprise version 2.21.1 will be realeased in a few weeks. Just contact us for any questions.

The privacyIDEA Enterprise Edition version 2.20.1 is now available for Univention Corporate Server. You can install or update privacyIDEA 2.20.1 on the UCS easily from the Univention App Center.

Please note that the subscription handling was changed in privacyIDEA4UCS. You now no longer need a special license file but the common subscription file, which is used with the common privacyIDEA Enterprise Edition. Existing clients already received the new subscription file. If you are running tests in a demo environment, you can create your own demo subscription file for privacyIDEA4UCS.

OCRA, Display-TAN and Federation in privacyIDEA 2.20.1

We already posted about the common release of privacyIDEA version 2.20.1. Now also customers running privacyIDEA on UCS can use the awesome new features:

New token types OCRA token and the Display-TAN card are not supported. In contrast to classic authentication scenarios the OCRA token also allows the signing of transaction data. Using an OCRA token the user can testify, that the data set he is sending is correct. The recepient can cryptographically verify, that the received data is still valid and unmodified. This can be used in banking scenarios and other applications, where data must not be modified.

A second main feature is the federation handler. This allows to forward special authentication requests to other, subordinate privacyIDEA systems. This is interesting for federated organizations and infrastructures. Departments may run their own privacyIDEA systems. A central privacyIDEA system in the orgnization can then forward the authentication requests to the corresponding departments.

A complete changelog can be found here.

Get your personal subscription file for privacyIDEA4UCS!

We are happy to answer any of your questions!

 

Today we released the stable version 2.20.1 of the privacyIDEA Enterprise Edition.

The Enterprise Edition as version 2.X.1 is released a few weeks after the corresponding major public release and contains necessary bug fixes. We already wrote about version 2.20.

Version 2.20.1 now fixes some minor bugs:

  • When using PostgreSQL database the administrator can now filter for the data as expected.
  • During enrollment the default realm will be set as default in the UI.
  • Errors with PassOnNoUser and PassOnNoToken were fixed.
  • The genkey parameter during enrollment was consolidated.

The Enterprise Edition of the Multi-Factor-Authentication system privacyIDEA is ment for enterprises and organizations, which need a reliable update process. It is available for Ubuntu 14.04LTS, Ubuntu 16.04LTS, CentOS7, RHEL7 and the Univention Corporate Server.

Today we released privacyIDEA 2.20. Packages are publically available in the Laundpad repositories for Ubuntu 14.04LTS and 16.04LTS. You can also install the new version via the Python Package Index on any other distribution.

New Features in privacyIDEA

Federation-Handler

The new federation handler allows to forward authentication requests to sibling privacyIDEA instances.

This way you can setup network structures, where brances of an enterprise or sub organizations can run their own privacyIDEA instance under their own control. Authentication requests will be handled by a central privacyIDEA instance and forwarded to the corresponding instance, where the user and the user’s tokens are managed.

This way business devisions, departments or sub contractors can manage the tokens of their own employees.

The federation handler also offers new possibilities and business models for service providers.

New token type OCRA and DisplayTAN

In version 2.20 we also added the basic token type OCRA and the special type DisplayTAN. The DisplayTAN is a hardware card, which can communitcate with a smartphone via Bluetooth LE. This way the OCRA challenge is sent to the card, the user can check the challenge data and the card will generate an OTP value as response.

OCRA is specified in RFC 6287. A common use case is signing bank transactions. This way a TAN (OTP value) can be generated in hardware, and this TAN totally depends on the transaction information. Thus privacyIDEA can be perfectly used to manage authentication and signing devices for banking scenarios. We already talked about this in a previous blog post.

Login with different login names

The LDAP resolver now allows that a user can login with different LDAP attributes. The administrator can specify the list of attributes, which may be used as login names. This way an user can choose if he will login with the sAMAccountNAme, the email address or a telephone number.

Authentication cache

The administrator can now define if and how long succesful authentication should be cached. This way it is possible for a certain amount of time to authenticate with the very same OTP value again. Yes, this is not the original idea of OTP. But certain specific applications may need such a functionality. This behaviour is specified in an authentication policy, which can also depend on time and client IP.

More functions

Many policies now allow to use resolvers in the policy definition. This way the administrator can define the behaviour of privacyIDEA depending on user groups in detail.

During the rollout process of smartphone tokens, privacyIDEA display a QR-Code to the user. If the user is in doubt, that the QR-Code may be also seen by an attacker, he can now immediately regenerate the QR-Code.

All event handler definitions can now be ordered to your needs. This way the administrator can precisely define the behaviour and reaction of privacyIDEA.

The conditions of event handlers may now contain times and time deltas.

Challenge Response tokens can now be used to unlock the UI.

While installing Ubuntu packages, a PGP key pair is generated. The public PGP key can be easily used to encrypt the seed files before importing tokens.

You can find a complete changelog at Github.

Enterprise Edition and Consultancy

NetKnights provides consulting and support with the privacyIDEA Enterprise Edition. Using Open Source you optimize your total cost of ownership this way, that there are no external limitations which dictate how long or short your may use the software. Getting the privacyIDEA Enterprise Edition including an SLA you get the warranty and thus operating safety.

You want to stay tuned? Please subscribe to our newsletter!

You want to know more? Get in touch!

 

The Enterprise Version 2.19.1 of privacyIDEA is now available on the Univention Corporate Server. With version 2.19.1 privacyIDEA is now available on the Univention Corporate Server 4.2. Customers can easily upgrade from UCS 4.1 with privacyIDEA 2.18.1 to UCS 4.2 with privaccyIDEA 2.19.1.

Besides the improvements in Univention Corporate Server 4.2 privacyIDEA 2.19.1 also comes with interesting improvements. These are the generic user cache, which can reduce the authentication time dramatically. Using policies the administrator can define which U2F devices may be registered and used by the users. A Token Janitor allows the administrator to find orphaned tokens and either disable or delete these. We already blogged about the complete new features in privacyIDEA 2.19.

Service Level Agreement and Subscription

privacyIDEA4UCS can be installed on the Univention Corporate Server quickly and easily via the Univention App Center. You can find further details on privacyIDEA4UCS on the product page and also get a test subscription. The normal service level agreement for privacyIDEA also entitles the customer to use privacyIDEA on the Univention Corporate Server.