On February 15th we released LinOTP 2.9.1 to the repositories.
KeyIdentity GmbH is pleased to announce the availability of the following product release:
LinOTP 2.9.1 introduces many improvements, small features,
cleanups and bug fixes. The highlights are the implementation of
the KeyIdentity Push Token, a new caching functionality to
significantly speed up performance for UserIdResolvers and the
switch to StartTLS by default to improve the connection security to
The list below provides details of the most important changes. Please also refer to the complete changelog at the end of this newsletter
- New Feature: KeyIdentity Push Token
LinOTP 2.9.1 is the first release to include support for the
KeyIdentity Push Token to secure logins and transactions while
providing a high level of usability on Android and iOS.
Based on the established cryptographic principles of the QRToken we improved the workflows of the authentication process while conserving a high level of security. It utilizes the native push mechanisms of Android and iOS for the highest level of compatibility based on the KeyIdentity Authenticator.
Please contact us for more information and about details on how to integrate the KeyIdentity Push Token in your setup.
- New Feature: Caching for LDAP UserIdResolvers
The new caching feature is designed to improve the performance of LinOTP significantly in environments with a large number of users, complex realm setups and slow UserIdResolvers. Details about the configuration can be found at Caching-Feature.
- New Feature: StartTLS by default
LinOTP 2.9.1 switches to StartTLS by default in order to secure the communication with LDAP UserIdResolvers in environments without a LDAPS infrastructure. Please have a look at StartTLS for details.
LinOTP 2.9.1 is available as Debian and RPM packages from www.linotp.org. Ubuntu packages are available from our PPA on Launchpad. Users of the KeyIdentity LinOTP Smart Virtual Appliance will receive LinOTP 2.9.1 via the integrated auto-update mechanism after February 20th 2017.
With LinOTP 2.9.1 large parts of the LDAP UserIdResolver code was rewritten and the default for StartTLS have changed. Although LinOTP 2.9.1 has been tested thoroughly by KeyIdentity we recommend to setup LinOTP 2.9.1 in a staging environment before putting it into production.
We are happy to assist our support customers in upgrading their environment to the latest release. Please contact us at email@example.com
The KeyIdentity LinOTP team
Changelog LinOTP 2.9.1
- Server: New token type: KeyIdentity PushToken
- Server: Add optional caching of resolver lookups
- Server: Show welcome and update screens
- WebUI: Add dialog for duplicating resolvers
- WebUI: Better password handling in resolver dialogs
- Reporting: Add paging and CSV output for reporting/show
- API: Use semicolon as CSV column separator by default
- UserIdResolver: Add StartTLS support
- Server: Fix remote token
- Server: Fix evaluating policies for non-existent realms
- API: Don't localize monitoring json output
- SMPPSMSProvider: Fix encoding issues for non-ascii characters
- WebUI: Alert in realm dialog if no resolvers are selected