LinOTP 3.4.4 and SelfService 1.4.0

Date

netgo software GmbH is pleased to announce the availability of the following product release:

On June 18th we released LinOTP 3.4.4 and SelfService 1.4.0 to the Debian repositories and container registries.

LinOTP 3.4.4

LinOTP 3.4.4 brings several fixes and improvements. The following list contains the most important changes. Please also refer to the complete changelog at the end of this newsletter.

Highlights:

  • Preparation for upcoming LVA certificate handling feature
  • Small improvements to the Manage UI
  • Fixes for various policy combinations
  • Repaired mOTP selfservice enrollment (broken since 3.4.1)

LinOTP SelfService 1.4.0

SelfService 1.4.0 brings several fixes and improvements. The following list contains the most important changes. Please also refer to the complete changelog at the end of this newsletter.

Highlights:

  • Added OTP PIN enforcement during enrollment. The OTP PIN is now required if `setOTPPIN` and at least one `otp_pin_*` policy is set.
  • Implemented validation rules for `otp_pin_minlength`, `otp_pin_maxlength`, and `otp_pin_contents`.
  • Revamped the enrollment process for the following tokens: Password, Push, QR, SMS, Email, MOTP, YubiCloud.
  • Revamped the token assignment process.
  • During the verification step, the phone number is shown for SMS token and the email for email token.

Download

LinOTP 3.4.4 and SelfService 1.4.0 are available as Debian packages from www.linotp.org.

Users of the LinOTP Virtual Appliance will receive the release via the integrated update mechanism.

We are happy to assist our support customers in upgrading their environment to the latest release. Please contact us at support@linotp.de

The LinOTP team

--
netgo software GmbH
https://www.linotp.de
Strong MFA solution by netgo
Branch office Darmstadt, Pallaswiesenstr. 174a, 64293 Darmstadt
Main office, Sachsendamm 63-64, 10829 Berlin
Registered Office: Amtsgericht Berlin-Charlottenburg, HRB 243718 B
Board of Directors: Matthias Nietz, Constantin Wehmschulte
Germany

Sales Hotline: +49 30 264745 -404, Fax: -7299
Email: sales@linotp.de

Changelog LinOTP 3.4.4

Features:

  • Show success messages in manage UI for all token operations
  • For container entrypoint: allow mounting /etc/ssl/certs folder by adding a check to update CA certificates only if `.crt` files exist in `/usr/local/share/ca-certificates`.
  • Change default session timeout for /manage UI and /admin APIs from 15 minutes to 30 minutes

Fixes:

  • Revert the change that prevented setting the otppin for mOTP tokens and used it as token pin instead (was broken since 3.4.1)
  • User information was not included in ValidateController responses when
    • the `detail_on_success` policy was active
    • the user had no tokens assigned
    • authentication was successful through a passing policy (e.g., `passthru` or `passOnNoToken`)
    Previously, in this scenario the user object in the response was empty, which could impact integrations that rely on the detail_on_success policy, such as LinOTP IdP. Now, the user information is correctly included in the response.
  • Apply policy `setrealm` in ValidateController when the user is known
  • otp_pin_random was breaking admin/assign in manage due to multi-token operation mode not being compatible with otp_pin_random generation

Changelog LinOTP SelfService 1.4.0

Features:

  • Added OTP PIN enforcement during enrollment. The OTP PIN is now required if `setOTPPIN` and at least one `otp_pin_*` policy is set.
  • Implemented validation rules for `otp_pin_minlength`, `otp_pin_maxlength`, and `otp_pin_contents`.
  • Revamped the enrollment process for the following tokens: Password, Push, QR, SMS, Email, MOTP, YubiCloud.
  • Revamped the token assignment process.
  • During the verification step, the phone number is shown for SMS token and the email for email token.
  • Added appropriate autofocus to every step of the enrollment process.

Fixes:

  • Tokens don't show a token action menu if they don't have an available action.
  • In revamped enrollment processes, the token list now updates in the final step rather than after token creation, preventing the premature display of warnings above the token list.
  • Added the token description to the token overview in the final step of enrollment.
  • Removed redundant text and adjusted the layout of certain enrollment steps.
  • The new Self Service now correctly uses the intended parameter "pin" instead of "otppin", which was previously incorrectly defined as the default parameter for the token PIN.