On February 15th we released LinOTP 2.9.1 to the repositories.

LinOTP 2.9.1

KeyIdentity GmbH is pleased to announce the availability of the following product release:

LinOTP 2.9.1 introduces many improvements, small features, cleanups and bug fixes. The highlights are the implementation of the KeyIdentity Push Token, a new caching functionality to significantly speed up performance for UserIdResolvers and the switch to StartTLS by default to improve the connection security to LDAP UserIdResolvers.

The list below provides details of the most important changes. Please also refer to the complete changelog at the end of this newsletter


  • New Feature: KeyIdentity Push Token

LinOTP 2.9.1 is the first release to include support for the KeyIdentity Push Token to secure logins and transactions while providing a high level of usability on Android and iOS.
Based on the established cryptographic principles of the QRToken we improved the workflows of the authentication process while conserving a high level of security. It utilizes the native push mechanisms of Android and iOS for the highest level of compatibility based on the KeyIdentity Authenticator.

Please contact us for more information and about details on how to integrate the KeyIdentity Push Token in your setup.

  • New Feature: Caching for LDAP UserIdResolvers

The new caching feature is designed to improve the performance of LinOTP significantly in environments with a large number of users, complex realm setups and slow UserIdResolvers. Details about the configuration can be found at Caching-Feature.

  • New Feature: StartTLS by default

LinOTP 2.9.1 switches to StartTLS by default in order to secure the communication with LDAP UserIdResolvers in environments without a LDAPS infrastructure. Please have a look at StartTLS for details.


LinOTP 2.9.1 is available as Debian and RPM packages from Ubuntu packages are available from our PPA on Launchpad. Users of the KeyIdentity LinOTP Smart Virtual Appliance will receive LinOTP 2.9.1 via the integrated auto-update mechanism after February 20th 2017.


With LinOTP 2.9.1 large parts of the LDAP UserIdResolver code was rewritten and the default for StartTLS have changed. Although LinOTP 2.9.1 has been tested thoroughly by KeyIdentity we recommend to setup LinOTP 2.9.1 in a staging environment before putting it into production.

We are happy to assist our support customers in upgrading their environment to the latest release. Please contact us at

The KeyIdentity LinOTP team

KeyIdentity GmbH
Robert-Koch-Stra├če 9, 64331 Weiterstadt

Sales Hotline: +49 6151 86086-277, Fax: -299
Registered Office: Weiterstadt, Amtsgericht Darmstadt: HRB8649
Board of Directors: Nils Manegold, Dr. Amir Alsbih

Changelog LinOTP 2.9.1

  • Server: New token type: KeyIdentity PushToken
  • Server: Add optional caching of resolver lookups
  • Server: Show welcome and update screens
  • WebUI: Add dialog for duplicating resolvers
  • WebUI: Better password handling in resolver dialogs
  • Reporting: Add paging and CSV output for reporting/show
  • API: Use semicolon as CSV column separator by default
  • UserIdResolver: Add StartTLS support
Bug Fixes
  • Server: Fix remote token
  • Server: Fix evaluating policies for non-existent realms
  • API: Don't localize monitoring json output
  • SMPPSMSProvider: Fix encoding issues for non-ascii characters
  • WebUI: Alert in realm dialog if no resolvers are selected