python-privacyidea (2.16-1trusty) trusty; urgency=low

  Featurs
  * Add HSM support via AES keys (#534)
  * Improved Event Handler for flexible notification (#511)
  * Signed subscription files for adding and checking
    for extra functionality during authentication request (#502)

  Enhancements
  * Allow additional filter attributes in the Audit Log (#519)
  * Show or hide realms in the login dialog via policy (#517)
  * Improve UI if admin is not allowed for certain actions (#516, #512)
  * Disable OTP PIN during enrollment via policy (#439)
  * Allow automatic sending of registration code via email (#514)

  Fixes
  * Allow compatibility with ldap3 >= 2.0.7 (#533 #535)
  * Fix problem with Notification when no tokenowner is available (#528)
  * Fix confusion of client HTTP parameters (#529)
  * Fix enabled flag with certain database types (#527)
  * Catch error in case of faulty overrideClient definition (#526)
  * Truncate Audit lines, that are too long for the DB table (#525)

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Thu, 10 Nov 2016 15:00:00 +0200

python-privacyidea (2.15-1trusty) trusty; urgency=low
 
  Features
  * Client Overview. Display the type of the requesting
    authenticating clients (#489)
  * Support for NitroKey OTP mode (admin client)

  Enhancements
  * Builds on Ubuntu 16.04 Xenial
  * Performance enhancements using Caching singletons for
    Config, Realm, Resolver and Policies
  * Allow configuration of the registration email text (#494)
  * Return SAML attributes only in case of successful
    authentication (#500)
  * Policy "reset_all_user_tokens" allow to reset all
    failcounters on successful authentication (#471)
  * Client rewrite mapping also checks for
    X-Forwarded-For (#395, #495)

  Fixes
  * Fixing RemoteUser fails to display WebUI (#499)
  * String comparison in HOSTS resolver (#484)

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Thu, 06 Oct 2016 08:30:00 +0200

python-privacyidea (2.14-1trusty) trusty; urgency=low

  Features
  * Import PGP encrypted seed files
  * Allow UserNotification for user actions
  * Allow UserNotification on validate/check events,
    to notify the user on a failed authentication or
    a locked token.

  Enhancements
  * Add thread ID in REST API Response
  * Performence improvement: Cache LDAP Requests #473
  * Performance improvement: Optimize resolver iteration #474
  * Add "Check OTP only" in WebUI
  * Improve "get serial by OTP" in WebUI
  * Add script to get serial by OTP

  Fixes
  * Restrict GET /user for corresponding admins #460

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Wed, 15 Aug 2016 00:03:00 +0200

python-privacyidea (2.13-1trusty) trusty; urgency=low

  Features
  * Allow central definition of SMS gateways 
    to be used with tokens. #392
  * User SMS for User Notificaton Event Handler. #435
  * Add PIN change setting for each token. #429
  * Force PIN change in web UI. #432

  Enhancements
  * Performence enhancements
    * speed up loading of audit log in web UI.
    * avoid double loadin of tokens and audit entries in web UI. #436
  * Additional log level (enhanced Debug) to even log passwords in 
    debug mode.
  * Add new logo. #430
  * Add quick actions in the token list: reset failcounter, 
    toggle active. #426
  * REST API returns OTP length on successful authentication. #407
  * Add intelligent OverrideAuthorizationClient system setting,
    that allows defined proxies to reset the client IP. #395

  Fixes
  * Display token count in web UI. #437
  * Use correct default_tokentype in token enrollment. #427
  * Fix HOTP resync problems. #412
  
 -- Cornelius Kölbel <cornelius@privacyidea.org>  Thu, 30 Jun 2016 12:00:00 +0200

python-privacyidea (2.12-1trusty) trusty; urgency=low

  Features
  * Event Handler Framework #360
  * local CA connector can enroll certificates
    for users. Users can download PKCS12 file. #383
  * Add and edit users in LDAP resolvers #372
  * Time dependent policies #358

  Enhancements
  * Policy for web UI enrollment wizard #402
  * Realm dropdown box at login screen #400
  * Apply user policy settings #390
  * Improve QR Code for TOTP token enrollment #384
  * Add documentation for enrollment wizard #381
  * Improve pi-manage backup to use pymysql #375
  * Use X-Forwarded-For HTTP header as client IP #356
  * Add meta-package privacyidea-mysql #376

  Fixes
  * Adduser honors resolver setting in policy #403
  * Add documentation for SPASS token #399
  * Hide enrollment link (WebUI) is user can not enroll #398
  * Fix getSerial for TOTP tokens #393
  * Fix system config checkboxes #378
  * Allow a realm to be remove from a token #363
  * Improve the date handling in emails #352
  * Sending test emails #350
  * Authentication with active token not possible if
    the user has a disabled token #339

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Tue, 24 May 2016 16:00:00 +0200

python-privacyidea (2.11-1trusty) trusty; urgency=low

  Features
  * RADIUS Servers: Allow central definition of RADIUS servers
  * RADIUS passthru policy: Authentication requests for users
    with no tokens can be forwarded to a specified RADIUS server

  Enhancements
  * Allow objectGUID in LDAP-Resolver of Active Directory
  * Use paged searches in LDAP. LDAP resolver will find all
    users in the LDAP directory.
  * Allow privacyIDEA instance name to be configured for
    the AUDIT log
  * Allow special characters in LDAP loginnames and passwords
  * Add arbitrary attributes to SAML Authentication response
  * Enhance the handling of YUBICO mode yubikeys with the
    YUBICO API. The prefix is handled correctly.
  * Allow in get_tokens to be filtered for tokeninfo.
  * Add paged search in LDAP resolver. This allows responses
    with more than 1000 objects.

  Fixes
  * Fix SMTP authentication
  * Fix Enrollment Wizard for non-default realm users
  * Registration process: If an email can not be delivered,
    the token is deleted, since it can not be used.

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Tue, 29 Mar 2016 08:30:00 +0200

python-privacyidea (2.10-1trusty) trusty; urgency=low

  Features
  * User Registration: A user may register himself and thus create
    his new user account.
  * Password Reset: Using a recovery token a user may issue a
    password reset without bothering the administrator or the
    help desk.
  * Enrollment Wizard for easy user token enrollment
  * SMTP Servers: Define several system wide SMTP settings and use
    these for
    * Email token,
    * SMTP SMS Provider, 
    * registration process,
    * or password reset.

  Enhancements
  * Ease the Smartphone App (Google Authenticator) rollout.
    Hide otplen, hash, timestep in the UI if a policy is defined.
  * Add import of Aladdin/SafeNet XML file.
  * Add import of password encrypted PSKC files.
  * Add import of key encrypted PSKC files.

  Fixes
  * Support LDAP passwords with special non-ascii characters.
  * Support LDAP BIND with special non-ascii characters.
  * Fix problem with encrypted encryption key.
  * Fix upgrading DB Schema for postgresql+psycopg2.
  * Fix UI displaying of saved SMS Provider.
  * Do not start challenge response with a locked/disabled token.

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Thu, 11 Feb 2016 00:01:00 +0200

python-privacyidea (2.9-1trusty) trusty; urgency=low


  Features
  * New token type: Security questions or questionnaire token.
  * New token type: Paper token. OTP values printed on a piece of paper.
  * Yubico Validation API: The yubikey tokens can authenticate via
    /ttype/yubikey which follows the Yubico Validation Protocol.

  Enhancements
  * Add Web UI view to display the active challenges.
  * The issuer for the Google Authenticator app can be configured.
  * The LDAP machine resolver uses an LDAP server pool.
  * The LDAP user resolver returns a list of mobile numbers.

  Fixes
  * The test email for the email token now has a sent date.
  * Fix problem when using encrypted encryption key.
  * Fix upper case problem when logging in to web UI
    with REMOTE_USER.
  * Fix allow set an empty PIN in the web UI.
  * Fix import of token file in Web UI.

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Mon, 21 Dec 2015 18:00:00 +0200

python-privacyidea (2.8-1trusty) trusty; urgency=low

  Features
  * Improve U2F support with trusted facets
  * Add Challenge Response and U2F support to SAML
  * Add Web UI theming
  * Add possibility to use REMOTE_USER for authentication at Web UI
  * Fuzzy Authentication: restrict time since last authentication

  Enhancements
  * Allow mangle policy when fetching ssh keys
  * Add realm support to ownCloud plugin
  * Support Drupal passwords in SQL resolver
  * Add validity period to token enrollment
  * Set default enrollment token type in Web UI
  * Add scope to LDAP resolver

  Fixes
  * Fix failcounter reset for challenge response tokens
  * Fix confusing DB errors (column exist) during installation
  * Fix email token TLS checkbox saving
  * Fix TOTP testing in Web UI
  * Fix SMS config loading in Web UI
  * start new version
  * Add Challenge Response support to SAML
  * Add U2F support to SAML

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Thu, 26 Nov 2015 23:30:00 +0200

python-privacyidea (2.7-1trusty) trusty; urgency=low

  Features
  * Add support for U2F tokens
  * Add signature to the API JSON response. Thus
    the client can verify the response.

  Enhancements
  * When importing tokens, a realm can be chosen, so that all imported
    tokens are immediately inserted into this realm.
  * The user is able to change his password in the WebUI.
  * The user can assign a token in the WebUI.
  * Avoid the requiring of a PIN for some tokentypes like SSH
  * Migrate to pymysql, the pure python mysql implementation
  * The Audit Log tells if a previous OTP value was used again.

  Fixes
  * Enable login to WebUI with a loginname containing an @ sign.
  * Fix the writing of logfile privacyidea.log

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Wed, 07 Oct 2015 08:00:00 +0200

python-privacyidea (2.6-1trusty) trusty; urgency=low

  Features
  * Add OCRA base TiQR token to authenticate by scanning
    a QR code.
  * Add Challenge Response authentication to Web UI
  * Add 4-Eyes token, to enable two man policy. Two tokens
    of two users are needed to authenticate.
  * "Revoke Token" lets you perform special action on token types.
    Tokens can be revoke, meaning they are blocked an can not
    be unblocked anymore.

  Enhancements
  * Add HA information in the documentation.
  * Add OpenVPN documentation.
  * Add challenge response policy, to define if e.g. HOTP or TOTP are 
    allowed to be used in challenge response mode.
  * Add hotkeys for easier use of Web Ui.
  * Remove wrong system wide PassOnNoUser and PassOnNoToken.
  * Set default language to "en" in Web UI.

  Fixes
  * Fix LDAP bug #179, which allows authentication with
    wrong password under certain conditions
  * Small fixes in coverage tests
  * Fix username in web UI during enrollment
  * Fix link to privacyIDEA logo in Web UI
  * Fixed bug, that user was not able to resync his own tokens.

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Wed, 09 Sep 2015 09:30:00 +0200


python-privacyidea (2.5-1trusty) trusty; urgency=low

  Features
  * Add statistics
  * Add German translation
  * Add PinHandler in case of random PIN used
  * Add automatic documentation of system setup
  * Add ownCloud plugin
  
  Enhancements
  * Preset Email and SMS of a user when enrolling token
  * Enable LDAP anonymous bind
  * Add Hashalgorithms and digits to QR Code
  * Add support for CentOS 6 and 7
  
  Fixes
  * Fix registration token
  * Fix mOTP reuse problem

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Wed, 22 Jul 2015 17:00:00 +0200

python-privacyidea (2.4-1trusty) trusty; urgency=low

  * Add User Management
  * Add Admin Realms to policies, to allow better policies in bigger setups
  * Add API key, that can be used for accessing /validate/check
  * Load PSKC Token seed files.
  * Add more sophisticated logging.
  * WebUI: Registrtion token can be enrolled in WebUI
  * WebUI: The token seed can be displayed in WebUI after generation
  * WebUI: Only the token types that are allowed to be enrolled are displayed
  * WebUI: Login_Mode Policy: Disable access to WebUI for certain users
  * WebUI: Add reload button in Audit view
  * SQLResolver: The Where statement is used in all cases
  * SSH-Token Application: Only fetch keys of the requested user
  * Apache client can work with several hosts on one machine
  * Documentation: Tokentypes and Supported Hardware Tokens
  * Improve RADIUS module
  * WebUI: Fix download of audit log
  * Fix missing access right of user to GET /caconnector
  * Fix SMS token

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Wed, 24 Jun 2015 09:30:00 +0200

python-privacyidea (2.3-1trusty) trusty; urgency=low

  * Add connector to remote Certificate Authority
  * Add Tokentype "certificate" to manage certificates for users
    Certificates or Certificate Requests can be uploaded.
    Certificate Requests (Keypair) can be generated in the browser.
  * Add Tokentype "registration" for easier enrollment scenarios.
  * Add TokenType "Email" to send OTP via Email.
  * Add "First Steps" to online documentation
  * Add handling of validity period of token
  * Enable download of Audit log as CSV
  * Add Resolver Priority, to handle a duplicate user in a realm
  * Add TYPO3 Plugin to enable OTP with TYPO3
  * Add SCIM Resolver to fetch users from SCIM services
  * Fix Failcounter issue
  * Fix NTLM password check
  * Fix timestep during enrollment

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Fri, 22 May 2015 15:30:00 +0200

python-privacyidea (2.2-1trusty) trusty; urgency=low

  * pi-manage: create resolvers and realms
  * pi-manage: manage policies
  * Add LostToken UI
  * Add Offline Application
  * Add PAM authentication module with offline support
  * Add getSerialByOTP. You can determine the Token by providing an OTP value.
  * Add auth_count_max and auth_success_max for each token.
  * Add PIN encryption policy
  * Add API for SAML
  * Add bash script for ssh key fetching
  * Make WebUI logout time configurable via webui policy.

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Thu, 09 Apr 2015 12:10:00 +0200

python-privacyidea (2.1-1trusty) trusty; urgency=low

  * Add Machine-Application framework to support LUKS and SSH
    to manage SSH keys and provide Yubikeys to boot LUKS 
    encrypted machines. #100, #10
  * Add Machine Resolvers for hosts and LDAP/AD #96
  * Migrate more policies like SMS policies. #95 
  * Restructure WebUI code to ease development #97
  * Fix logout problem of user #92
  * Fix user list for AD (referrals) #99
  * Fix max_token_per_user policy #101
  
 -- Cornelius Kölbel <cornelius@privacyidea.org>  Tue, 10 Mar 2015 10:30:00 +0200

python-privacyidea (2.1~dev1) trusty; urgency=low

  * Fix logout problem of user

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Sat, 21 Feb 2015 16:00:00 +0200

python-privacyidea (2.0-1) trusty; urgency=low

  * Migrate to flask
  * change the name of the debian package as the package only
    contains the python module.

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Sat, 21 Feb 2015 14:00:00 +0200


privacyidea (1.5.1-1trusty) trusty; urgency=low

  * Fix splitting the @-sign to allow users like user@email.com

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Mon, 02 Feb 2015 09:08:00 +0200


privacyidea (1.5-1trusty) trusty; urgency=low

  * Fix the postinstall script for not broken repoze.who
  * adapt the dependency for python webob
  * add fix for users in policies.
  * Working on #61
  * Closing #63, allow upper and lower case DN in LDAP resolver
  * Fix the empty result audit search problem
  * Fix the port problem with SQL resolver

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Thu, 25 Dec 2014 16:30:00 +0200

privacyidea (1.4-1) trusty; urgency=low

  * Add "wrong password" message on login screen
  * Speed up tests
  * Add help on logon screen.
  * Add helper dialog to setup first realm
  * Add simplesamlphp module and deb package
  * Fixed the session timeout bug in the management UI

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Mon, 06 Oct 2014 16:50:00 +0200

privacyidea (1.4~dev5-1) trusty; urgency=low

  * Add wrong password message on login screen
  * Speed up tests

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Mon, 06 Oct 2014 09:10:00 +0200

privacyidea (1.4~dev4-1) trusty; urgency=low

  * Add help on logon screen.

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Thu, 02 Oct 2014 11:20:00 +0200

privacyidea (1.4~dev3-1) trusty; urgency=low

  * Add helper dialog to setup first realm

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Tue, 30 Sep 2014 11:10:00 +0200

privacyidea (1.4~dev2-1) trusty; urgency=low

  * Add simplesamlphp module and deb package

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Mon, 29 Sep 2014 11:40:00 +0200

privacyidea (1.4~dev1-1) trusty; urgency=low

  * Fixed the session timeout bug in the management UI

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Wed, 24 Sep 2014 19:10:00 +0200

privacyidea (1.3.2-1) trusty; urgency=low

  * Add uwsgi and nginx configuration
  * Add nginx package
  * Add meta packages to easily install radius dependencies. (#33)
  * Add package for appliance
  * Add appliance style: privacyidea-setup-tui
  * Add privacyidea-otrs and remove the authmodules from the
    core package
  * Add first implementation of Token2 token type
  * Change depend in builddepend
  * Add missing SSL certificate
  * Add missing python-dialog dependency
  * Remove pylons download link, that caused timeout problems.

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Mon, 22 Sep 2014 10:00:00 +0200

privacyidea (1.3.1-1) trusty; urgency=low

  * Fixed bug, that avoided to delete MachineTokens with options (#27)

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Wed, 20 Aug 2014 18:30:00 +0200

privacyidea (1.3-1) trusty; urgency=low

  * add support for Daplug dongle in keyboard mode
  * Allow login with admin@realm, even with RealmBox.  (#26)
  * inactive tokens will not work with the machine-app
  * Added MachineUser database moduel
  * PEP8 beautify
  * Add about dialog
  * added recommends for mysql and salt

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Mon, 18 Aug 2014 17:00:00 +0200

privacyidea (1.3~dev5-1) trusty; urgency=low

  * Allow login with admin@realm, even with RealmBox.  (#26)

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Fri, 15 Aug 2014 15:37:00 +0200

privacyidea (1.3~dev4-1) trusty; urgency=low

  * fix minor bugs in selfservice portal

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Tue, 13 Aug 2014 17:40:00 +0200

privacyidea (1.3~dev3-1) trusty; urgency=low

  * add support for Daplug dongle in keyboard mode

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Tue, 12 Aug 2014 18:32:00 +0200

privacyidea (1.3~dev2-1) trusty; urgency=low

  * machine requires IP address
  * the machine-app listing also returns the information, if the token
    is active

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Mon, 11 Aug 2014 10:40:00 +0200


privacyidea (1.3~dev1-1) trusty; urgency=low

  * Added MachineUser database moduel
  * PEP8 beautify
  * Add about dialog
  * added recommends for mysql and salt
 
 -- Cornelius Kölbel <cornelius@privacyidea.org>  Wed, 06 Aug 2014 14:14:00 +0200

privacyidea (1.3~dev0-2) trusty; urgency=low

  * Fixed the missing run directory (#23)

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Thu, 31 Jul 2014 09:28:00 +0200
 
privacyidea (1.3~dev0-1) trusty; urgency=low

  * Fix resolver error #22

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Wed, 30 Jul 2014 16:24:00 +0200

privacyidea (1.2.2-1) trusty; urgency=low

  * Fixed the sqlsoup dependency

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Wed, 23 Jul 2014 17:57:00 +0200


privacyidea (1.2.1-1) trusty; urgency=low

  * machine controller: make the challenge usable also in normal mode

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Fri, 18 Jul 2014 16:51:00 +0200


privacyidea (1.2-1) trusty; urgency=low

  * Added 

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Tue, 15 Jul 2014 15:15:55 +0200

privacyidea (1.2~dev2-1) trusty; urgency=low

  * initial ubuntu release

 -- Cornelius Kölbel <cornelius@privacyidea.org>  Mon, 14 Jul 2014 18:56:55 +0200
