1.4.8 (January 7 2025)
- Added support for Kerberos authentication with ActiveDirectory domains.
> Requires WebADM 2.3.25 with Kerberos support and Kerberos machine
integration at the Linux system level (Windows KDC client).
1.4.7 (November 25 2024)
- Added support for OpenOTP SimplePush commit code.
- Token enrollement now defaults to RCDevs mobile Token.
1.4.5 (July 23 2014)
- Removed SSO menu entry and related configurations (deprecated).
- Removed some OpenOTP display and configurations (reserved for admin).
1.4.4 (June 27 2024)
- Added support for WebADM bruteforce protection with IP blacklisting.
- Added support for per-user badging policies.
1.4.3 (March 6 2024)
- Added weak and pwned password checks based on PwReset configuration.
1.4.2 (November 9 2023)
- Fixed PKCS#12 download when creating the 5th user certificate.
- Fixed download of an already created public certificate file.
1.4.1 (June 26 2023)
- Domain list is hidden when only one domain is configured.
> Note that you can use the domain's allowed application setting
to limit the domain list per application and hide the domain input.
1.4.0 (March 20 2023)
- Added support for WebADM v2.3 (this version requires WebADM v2.3).
1.3.0 (January 19 2023)
- Added compatibility with WebADM 2.2.
- Removed FIDO U2F (deprecated in flavor of FIDO2).
- Updated the application icons.
1.2.13 (December 22 2022)
- Added OpenOTP Web badging via self-service when the users let their
mobile phones at home.
> Badging features need to be configured in the application settings.
- Added QRCode for mobile copy/paste with application passwords.
- Removed the logo from the login page.
1.2.12 (November 1 2022)
- Added automatic language switching based on LDAP user language.
1.2.11 (September 2 2022)
- Added SQL audit log event types (requires WebADM >= 2.1.15).
- Added Error SQL logs for all failed actions.
1.2.10 (April 22 2022)
- Fixed minor issues with voice biometrics registration.
- Prevent self-renewal of WebADM Admin certificates.
- Fixed a minor MFA-FIDO login issue.
1.2.9 (April 22 2022)
- Added a settings to configure new certificate expiration time.
- Added a settings to configure new certificate features (secure e-mail
and Microsoft SmartCard login support).
- Uniformed the login failure messages not to disclose the login failure
reason.
1.2.8 (December 5 2021)
- Prevent username, fullname, CN or domain to be used as password.
- Added support for PKI login with external certificates (ex. eIDAS).
> Requires WebADM version >= 2.1.0.
- Added support for FIDO2 Web login with U2F-registered FIDO devices.
- Fixed broken FIDO2 login with Apple Safari browser.
1.2.7 (September 13 2021)
- Fixed minor issues with the OpenOTP document signing features.
- Added support for CaDES qualified signatures to the PDF Sign feature.
1.2.6 (July 5 2021)
- Create a logfile event for every user operation.
- Added the PDF Sign menu allowing users to electronically sign a PDF file
in "Advanced" mode (sealed PDF with handwritten signature) or "Qualified"
mode (sign with an external ID card or an eIDAS signing smartcard).
Signing requires OpenOTP v2.0 and a license with the SIGN option enabled.
1.2.5 (June 2 2021)
- Fixed user information update failing when mobile number is empty.
- Fixed several translation mistakes.
- Password change does not allow using the username or domain as part of
the new password value.
1.2.4 (May 17 2021)
- Fixed 'Register Token' action being greyed when switching from SMS/Mail
to 'TOKEN' OTP method.
1.2.3 (April 4 2021)
- The 'Allowed OTP Methods' setting can now be nullable.
- OTP methods can be changed according to the 'Allowed OTP Methods' setting
whether OTP Management is enabled or not.
- OpenOTP 'View My' selector changes according to the OTP method selection.
- The 'View My' selector also proposes any registrable methods.
1.2.2 (March 9 2021)
- Added FIDO2 PIN / Biometric user verification policies.
- Mobile Token display name is now reduced to the user display name.
- Added OpenOTP mobile enrolment with Token duplicate checks.
- Removed all TiQR functionalities.
> Your application configuration may be incorrect after upgrade if you
enabled any TiQR setting. In this case, just edit and re-apply the
configuration under the 'Application' menu in WebADM.
1.2.1
- Added compatibility with WebADM 2.0.11.
- Disable Application Password configs when OTP Management is disabled.
1.2.0
- Added support for OpenOTP Voice Biometrics.
- Added compatibility with WebADM v2.0.0.
- Added support for SpanKey with FIDO/U2F devices' registration.
- Added support for OpenOTP Max Idle Time blocking settings.
1.1.12
- Added HTTP Basic Authentication support via the page login_http.php.
- Added support for user ActiveDirectory principal names (UPN).
> The 'Show Domains List' setting must be disabled to use UPNs.
> Warning: When 'Show Domains List' is disabled, the domain input is now
removed! Users must login with domain\username to force a domain name.
- Fixed an issue when registering OTP lists.
- Hardware Token registration requires the current OTP for validation.
- Simplified the OTP method selector (one dropdown instead of two).
1.1.11
- This update is required for WebADM version >= 1.7.6.
- Prevent key import not matching the configured key size for SpanKey.
- Added support for SpanKey DSA with 2048 and 4096 bit keys.
- Fixed several wrong file permissions.
1.1.10
- Added support for Client policy -based access restrictions.
- Added support for SpanKey count-limited keys.
- Added SSH Public Key import with copy/paste for SpanKey registration.
- Users cannot self-configure SSH key expiration or max use.
1.1.9
- Added support for WebADM v1.7 (it does not work with previous versions).
- Added more expiration time values for Emergency OTP management.
- Added support for Emergency OTPs with limited usage count.
- Fixed AD account unlock not working (requires WebADM v1.6.9-2).
- Fixed support email failing with a sendmail error.
- Hide the OTP PIN prefix input.
- Added German translations.
1.1.8
- Added support for FIDO2 with TPM chips (ex. Apple MacBooks).
> This option requires OpenOTP v1.4.2.
- U2F / FIDO2 registration choice is now automatic (based on client policies).
- Fixed Token registration when Soft Token expiration time is set to '0'.
- Removed password policy configurations.
> Password change is available only when PwReset is enabled and uses PwReset
password policy settings.
> You must edit the SelfDesk configuration and re-apply it in WebADM.
- OTP prefix change is now available when OTP prefix is enabled in client policies.
- Added Emergency OTP registration with configurable automatic expiration.
1.1.7
- Added support for FIDO2 (CTAP and WebAuthn enrollments).
> You need OpenOTP v1.5 with this version of the Self-Service.
- Removed OpenOTP and TiQR custom address settings.
- Fixed incomplete token name with QRCode enrollments.
- Fixed Trusted U2F Devices feature not working on Chrome version >= 66.
- Setting Allowed Self-Registration 'U2F' is replaced by 'FIDO'.
> You may need to adjust and re-apply your configuration in WebADM!
- Added the 'FIDO Device Management' setting section.
1.1.6
- Added support for WebADM v1.6 (this version does not run on previous WebADM).
- Added support for access restrictions based on a client policies.
- Added SpanKey enrolment setting 'Allowed SSH Key Types' to limit the type of
SSH keys to be self-enrolled.
- Removed OpenOTP Application Passwords without expiration (OpenOTP v1.3.7).
- Fixed non working per-user and group policies for AllowOTPTypes, AllowRegister,
AllowTokenTypes and DefaultTokenType.
1.1.5
- Added support for OpenOTP MSS login method.
- Fixed an issue with Yubikey registration with YubiCloud.
- Added support for newer RCDevs software Token.
- New RCDevs Token logo image.
1.1.4
- Added multilingual support (French translation for now and more to come).
- Added password expiration notification on the home page.
- Added support for OpenOTP contextual authentication when two-factor is enabled.
- Device Id context uses HTTP Cookie instead of Browser fingerprint.
- Added an option to configured the list of allowed OTP methods to be selected.
- Allowed OTP Tokens and methods can be defined per LDAP user or group.
- Better support for PKI user authentication via WAProxies.
- Removed SMSCount and MailCount user statistics (for OpenOTP v1.3.3-2).
1.1.3
- Added support for upcoming U2F on Firefox and Orpera browsers.
> You need OpenOTP v1.3.2 with this version of SelfDesk.
- Added support for the new OpenOTP Push Login methods.
1.1.2
- Added a new enrolment workflow with RCDevs Software Authenticator.
- Google Authenticator Token icon is replaced by RCDevs Authenticator.
- Removed the possibility to configure the OTP length setting.
- Added an option to download both the PEM and PPK SpanKey private
keys bundled in a ZIP file.
1.1.1
- Added support for RCDevs SSO v1.2.x with OpenID Connect.
> This version of SelfDesk is not compatible with the previous versions of
RCDevs OpenID/SAML IdP.
1.1.0
- Added support for RCDevs SpanKey Server.
- Fixed wrong display of registered OTP list size.
- Removed the ability to configure the OTP list algorithm.
- Removed the ability to configure application passwords's expiration.
- Removed 'Allow OpenID' settings (uses the 'Allow Config' setting on OpenID).
1.0.20
- Uses the new WAPI framework from WebADM v1.5.0.
- Added product categorization for WebADM v1.4.5.
- Complete facelift with new design and login workflows.
- Added an OTP validation with HOTP and TOTP QRCode registration.
- Added brute-force attack protection with source IP address blacklisting.
1.0.19
- Remove resynchronization for Yubikeys which is not necessary.
- Added an option to require a second login factor (OTP or U2F).
- Many general user experience enhancements.
1.0.18
- Users can optionally set friendly names or short descriptions for U2F devices.
- U2F uses embedded javascript and does not require the Google Chrome extension.
- When PKI management is disabled, the PKI menu is now hidden.
- Added support for WebADM user_level configurations in webadm.conf.
- The OpenID & SAML SSO page has been simplified.
- OATH TOTP Token choice is prioritized over HOTP.
- Changed default minimum password length to 6 characters.
- Changed the Yubikey registration image to include Yubikey Nano.
1.0.17
- This version is designed for WebADM v1.4 and is not compatible with v1.3.
- The 'Allow Unused Tokens Only' setting is removed and enabled by default.
- Added dynamic password change complexity based of new password length.
- Added support for OATH tokens supporting MD5 algorithm (ex. RedHat FreeOTP).
- Support form and Token download URLs are hidden if not configured.
1.0.16
- Added support for OpenOTP v1.2 and FIDO U2F device management.
- Changed Allowed Token Types and Default Token Type settings to be more specific.
> You need to re-configure these settings if they were enabled.
- Simplified the OTP authentication test.
1.0.15
- OTP inputs do not display the OTP password (required for protecting OTP PIN).
- With password change, user cannot set a new password equal to the previous password.
- SMS and Mail choices are removed from the 'Allow Self-Registration' setting.
- List choice in the 'Allow Self-Registration' setting is renamed to OTPList.
- Added support for OpenOTP Software Token Expiration and auto re-enrollment process.
- Added support for OpenOTP/TiQR LoginEnabled configuration.
- Added support for TiQR 1.0.7-2 with re-designed TiQR+LDAP workflow.
- Added support for TiQR v1.1 and RSA cryptography.
- Added support for OpenOTP 1.1.5 and Application Passwords.
- Passwords change respects the AD password history policy.
- With OTP PROXY mode, OTP Type is changed to TOKEN after Token enrolment.
1.0.14
- Added configurations to allow or not SMS and Mail OTP registration.
- Added support for several Tokens enrolment with Google Authenticator.
- Added issue URI parameter for Google Authenticator.
- Added compatibility with OpenID/SAML WebApp v1.1.x.
- Added compatibility with WebADM per-application session timeouts.
- Enhanced password update forms.
- Added Yubikey registration with WebADM Inventory (simply by pressing the Yubikey).
- Added support for YubiCloud-based Yubikey enrolment.
- Added a setting to prevent a user from enrolling Tokens already used by another user.
- The Default Token Type HARDWARE is replaced by HARDWARE-OATH and HARDWARE-YUBIKEY.
If you had configured HARDWARE, please change to one of the options after upgrade.
- Added actions to de-activate and re-activate registered Tokens.
- Added a new setting to allow or not user password change.
> In previous versions, password change used the Allow User Infos Management policy.
- Self application settings' management (OTP, TiQR, SSO, PKI) are disabled by default.
- OpenOTP/TiQR Login Mode and OTP Prefix policies cannot be edited by users anymore.
1.0.13
- New application architecture designed for WebADM v1.2.6.
- OpenOTP, TiQR and OpenID settings are disabled when application is not present.
- Added support for expired LDAP passwords.
- Adapted HTML for WebADM 1.2.5-1 rendering.
- Completely re-designed login form.
- Changed OTP and TiQR texts to be more user-friendly.
- Added support for WebApp authentication requiring user certificates.
- Multiple minor other enhancements.
1.0.12
- Added simple Hardware Token registration with serial numbers. This registration
mode is highly recommended when dealing with large amounts of Hardware Tokens.
- PIN change is now allowed without having to enable "Allow OpenOTP Management" feature.
- Added support for OTP Prefix (PIN) management with OpenOTP v1.1.1.
- All PIN code values are displayed as bullets.
- Input length validations for new password, OTP prefix and PIN code.
1.0.11
- Added support for OpenOTP v1.1 with multi Token and new Fallback methods.
- Added the possibility to un-register a Token.
- The Allow Register setting can restrict self-registration to specific Tokens.
- Added support for users with multiple mobile numbers or email addresses.
- Added a 'Default Token Type' setting to set the default token type in the token
registration form.
- Added PDF OTP list export.
1.0.10
- Updated for WebADM 1.2.
- TOKEN, LIST, LASTOTP fallback modes are allowed with any OTPType (OpenOTP 1.0.14).
- Added SMSMode MailMode configuration (for Ondemand / Prefetch OTP).
- Users can review all their OTP type settings without changing OTP type.
- Added "Allowed Token Types" setting allowing to restrict the types of
Tokens which can be registered.
- Simplified user interface.
- Compliance with TiQR Server 1.0.1.
- Fixed certificate a creation problem when user has no email address.
1.0.9
- Added support for TiQR Service.
- Many enhancements.
1.0.8
- Update required with WebADM-1.1.1.
- Added RADIUS Proxy OTP Type support.
- Added SHA256 and SHA512 key registration support for TOTP/OCRA Tokens.
- Added support for OpenOTP 1.0.11-1.
- Added a setting to allow Token download, registration, resync, test.
- Added a setting to set OpenOTP logintest URL if not local.
- Added LDAP password policy settings.
- Added OpenOTP password list support.
- Added TOTP resync utility.
> OpenOTP computes the Token time offset and keeps the offset for OTP calculations.
- Added OATH OCRA support.
1.0.7
- Added RCDevs OpenID Provider management features.
- Added Google Authenticator support with QRCode registration.
- OpenOTP Token register enhancements.
- Added QR Barcode-based Token key registration.
- Added OpenOTP login test page.
1.0.6
- Uses the new WebADM UI framework.
1.0.5
- Added OTPFallback configuration.
- Fixed certificate download problems.
1.0.4
- Requires WebADM >= 1.0.5.
- Minor corrections and code enhancements.
- Text corrections.
1.0.3
- Added YubiKey Tokens support.
1.0.2
- Support for Mobile-OTP Software Tokens (motp.sourceforge.net).
- PIN Code editor for MOTP.
- Minor code enhancements.
1.0.1
- Added account unblocking feature and block counter display.
- Added PKI functionalities (user certificate management).
- Added OpenOTP Secure Mail functionality.
1.0.0
Initial SelfDesk release.
- Added support for Kerberos authentication with ActiveDirectory domains.
> Requires WebADM 2.3.25 with Kerberos support and Kerberos machine
integration at the Linux system level (Windows KDC client).
1.4.7 (November 25 2024)
- Added support for OpenOTP SimplePush commit code.
- Token enrollement now defaults to RCDevs mobile Token.
1.4.5 (July 23 2014)
- Removed SSO menu entry and related configurations (deprecated).
- Removed some OpenOTP display and configurations (reserved for admin).
1.4.4 (June 27 2024)
- Added support for WebADM bruteforce protection with IP blacklisting.
- Added support for per-user badging policies.
1.4.3 (March 6 2024)
- Added weak and pwned password checks based on PwReset configuration.
1.4.2 (November 9 2023)
- Fixed PKCS#12 download when creating the 5th user certificate.
- Fixed download of an already created public certificate file.
1.4.1 (June 26 2023)
- Domain list is hidden when only one domain is configured.
> Note that you can use the domain's allowed application setting
to limit the domain list per application and hide the domain input.
1.4.0 (March 20 2023)
- Added support for WebADM v2.3 (this version requires WebADM v2.3).
1.3.0 (January 19 2023)
- Added compatibility with WebADM 2.2.
- Removed FIDO U2F (deprecated in flavor of FIDO2).
- Updated the application icons.
1.2.13 (December 22 2022)
- Added OpenOTP Web badging via self-service when the users let their
mobile phones at home.
> Badging features need to be configured in the application settings.
- Added QRCode for mobile copy/paste with application passwords.
- Removed the logo from the login page.
1.2.12 (November 1 2022)
- Added automatic language switching based on LDAP user language.
1.2.11 (September 2 2022)
- Added SQL audit log event types (requires WebADM >= 2.1.15).
- Added Error SQL logs for all failed actions.
1.2.10 (April 22 2022)
- Fixed minor issues with voice biometrics registration.
- Prevent self-renewal of WebADM Admin certificates.
- Fixed a minor MFA-FIDO login issue.
1.2.9 (April 22 2022)
- Added a settings to configure new certificate expiration time.
- Added a settings to configure new certificate features (secure e-mail
and Microsoft SmartCard login support).
- Uniformed the login failure messages not to disclose the login failure
reason.
1.2.8 (December 5 2021)
- Prevent username, fullname, CN or domain to be used as password.
- Added support for PKI login with external certificates (ex. eIDAS).
> Requires WebADM version >= 2.1.0.
- Added support for FIDO2 Web login with U2F-registered FIDO devices.
- Fixed broken FIDO2 login with Apple Safari browser.
1.2.7 (September 13 2021)
- Fixed minor issues with the OpenOTP document signing features.
- Added support for CaDES qualified signatures to the PDF Sign feature.
1.2.6 (July 5 2021)
- Create a logfile event for every user operation.
- Added the PDF Sign menu allowing users to electronically sign a PDF file
in "Advanced" mode (sealed PDF with handwritten signature) or "Qualified"
mode (sign with an external ID card or an eIDAS signing smartcard).
Signing requires OpenOTP v2.0 and a license with the SIGN option enabled.
1.2.5 (June 2 2021)
- Fixed user information update failing when mobile number is empty.
- Fixed several translation mistakes.
- Password change does not allow using the username or domain as part of
the new password value.
1.2.4 (May 17 2021)
- Fixed 'Register Token' action being greyed when switching from SMS/Mail
to 'TOKEN' OTP method.
1.2.3 (April 4 2021)
- The 'Allowed OTP Methods' setting can now be nullable.
- OTP methods can be changed according to the 'Allowed OTP Methods' setting
whether OTP Management is enabled or not.
- OpenOTP 'View My' selector changes according to the OTP method selection.
- The 'View My' selector also proposes any registrable methods.
1.2.2 (March 9 2021)
- Added FIDO2 PIN / Biometric user verification policies.
- Mobile Token display name is now reduced to the user display name.
- Added OpenOTP mobile enrolment with Token duplicate checks.
- Removed all TiQR functionalities.
> Your application configuration may be incorrect after upgrade if you
enabled any TiQR setting. In this case, just edit and re-apply the
configuration under the 'Application' menu in WebADM.
1.2.1
- Added compatibility with WebADM 2.0.11.
- Disable Application Password configs when OTP Management is disabled.
1.2.0
- Added support for OpenOTP Voice Biometrics.
- Added compatibility with WebADM v2.0.0.
- Added support for SpanKey with FIDO/U2F devices' registration.
- Added support for OpenOTP Max Idle Time blocking settings.
1.1.12
- Added HTTP Basic Authentication support via the page login_http.php.
- Added support for user ActiveDirectory principal names (UPN).
> The 'Show Domains List' setting must be disabled to use UPNs.
> Warning: When 'Show Domains List' is disabled, the domain input is now
removed! Users must login with domain\username to force a domain name.
- Fixed an issue when registering OTP lists.
- Hardware Token registration requires the current OTP for validation.
- Simplified the OTP method selector (one dropdown instead of two).
1.1.11
- This update is required for WebADM version >= 1.7.6.
- Prevent key import not matching the configured key size for SpanKey.
- Added support for SpanKey DSA with 2048 and 4096 bit keys.
- Fixed several wrong file permissions.
1.1.10
- Added support for Client policy -based access restrictions.
- Added support for SpanKey count-limited keys.
- Added SSH Public Key import with copy/paste for SpanKey registration.
- Users cannot self-configure SSH key expiration or max use.
1.1.9
- Added support for WebADM v1.7 (it does not work with previous versions).
- Added more expiration time values for Emergency OTP management.
- Added support for Emergency OTPs with limited usage count.
- Fixed AD account unlock not working (requires WebADM v1.6.9-2).
- Fixed support email failing with a sendmail error.
- Hide the OTP PIN prefix input.
- Added German translations.
1.1.8
- Added support for FIDO2 with TPM chips (ex. Apple MacBooks).
> This option requires OpenOTP v1.4.2.
- U2F / FIDO2 registration choice is now automatic (based on client policies).
- Fixed Token registration when Soft Token expiration time is set to '0'.
- Removed password policy configurations.
> Password change is available only when PwReset is enabled and uses PwReset
password policy settings.
> You must edit the SelfDesk configuration and re-apply it in WebADM.
- OTP prefix change is now available when OTP prefix is enabled in client policies.
- Added Emergency OTP registration with configurable automatic expiration.
1.1.7
- Added support for FIDO2 (CTAP and WebAuthn enrollments).
> You need OpenOTP v1.5 with this version of the Self-Service.
- Removed OpenOTP and TiQR custom address settings.
- Fixed incomplete token name with QRCode enrollments.
- Fixed Trusted U2F Devices feature not working on Chrome version >= 66.
- Setting Allowed Self-Registration 'U2F' is replaced by 'FIDO'.
> You may need to adjust and re-apply your configuration in WebADM!
- Added the 'FIDO Device Management' setting section.
1.1.6
- Added support for WebADM v1.6 (this version does not run on previous WebADM).
- Added support for access restrictions based on a client policies.
- Added SpanKey enrolment setting 'Allowed SSH Key Types' to limit the type of
SSH keys to be self-enrolled.
- Removed OpenOTP Application Passwords without expiration (OpenOTP v1.3.7).
- Fixed non working per-user and group policies for AllowOTPTypes, AllowRegister,
AllowTokenTypes and DefaultTokenType.
1.1.5
- Added support for OpenOTP MSS login method.
- Fixed an issue with Yubikey registration with YubiCloud.
- Added support for newer RCDevs software Token.
- New RCDevs Token logo image.
1.1.4
- Added multilingual support (French translation for now and more to come).
- Added password expiration notification on the home page.
- Added support for OpenOTP contextual authentication when two-factor is enabled.
- Device Id context uses HTTP Cookie instead of Browser fingerprint.
- Added an option to configured the list of allowed OTP methods to be selected.
- Allowed OTP Tokens and methods can be defined per LDAP user or group.
- Better support for PKI user authentication via WAProxies.
- Removed SMSCount and MailCount user statistics (for OpenOTP v1.3.3-2).
1.1.3
- Added support for upcoming U2F on Firefox and Orpera browsers.
> You need OpenOTP v1.3.2 with this version of SelfDesk.
- Added support for the new OpenOTP Push Login methods.
1.1.2
- Added a new enrolment workflow with RCDevs Software Authenticator.
- Google Authenticator Token icon is replaced by RCDevs Authenticator.
- Removed the possibility to configure the OTP length setting.
- Added an option to download both the PEM and PPK SpanKey private
keys bundled in a ZIP file.
1.1.1
- Added support for RCDevs SSO v1.2.x with OpenID Connect.
> This version of SelfDesk is not compatible with the previous versions of
RCDevs OpenID/SAML IdP.
1.1.0
- Added support for RCDevs SpanKey Server.
- Fixed wrong display of registered OTP list size.
- Removed the ability to configure the OTP list algorithm.
- Removed the ability to configure application passwords's expiration.
- Removed 'Allow OpenID' settings (uses the 'Allow Config' setting on OpenID).
1.0.20
- Uses the new WAPI framework from WebADM v1.5.0.
- Added product categorization for WebADM v1.4.5.
- Complete facelift with new design and login workflows.
- Added an OTP validation with HOTP and TOTP QRCode registration.
- Added brute-force attack protection with source IP address blacklisting.
1.0.19
- Remove resynchronization for Yubikeys which is not necessary.
- Added an option to require a second login factor (OTP or U2F).
- Many general user experience enhancements.
1.0.18
- Users can optionally set friendly names or short descriptions for U2F devices.
- U2F uses embedded javascript and does not require the Google Chrome extension.
- When PKI management is disabled, the PKI menu is now hidden.
- Added support for WebADM user_level configurations in webadm.conf.
- The OpenID & SAML SSO page has been simplified.
- OATH TOTP Token choice is prioritized over HOTP.
- Changed default minimum password length to 6 characters.
- Changed the Yubikey registration image to include Yubikey Nano.
1.0.17
- This version is designed for WebADM v1.4 and is not compatible with v1.3.
- The 'Allow Unused Tokens Only' setting is removed and enabled by default.
- Added dynamic password change complexity based of new password length.
- Added support for OATH tokens supporting MD5 algorithm (ex. RedHat FreeOTP).
- Support form and Token download URLs are hidden if not configured.
1.0.16
- Added support for OpenOTP v1.2 and FIDO U2F device management.
- Changed Allowed Token Types and Default Token Type settings to be more specific.
> You need to re-configure these settings if they were enabled.
- Simplified the OTP authentication test.
1.0.15
- OTP inputs do not display the OTP password (required for protecting OTP PIN).
- With password change, user cannot set a new password equal to the previous password.
- SMS and Mail choices are removed from the 'Allow Self-Registration' setting.
- List choice in the 'Allow Self-Registration' setting is renamed to OTPList.
- Added support for OpenOTP Software Token Expiration and auto re-enrollment process.
- Added support for OpenOTP/TiQR LoginEnabled configuration.
- Added support for TiQR 1.0.7-2 with re-designed TiQR+LDAP workflow.
- Added support for TiQR v1.1 and RSA cryptography.
- Added support for OpenOTP 1.1.5 and Application Passwords.
- Passwords change respects the AD password history policy.
- With OTP PROXY mode, OTP Type is changed to TOKEN after Token enrolment.
1.0.14
- Added configurations to allow or not SMS and Mail OTP registration.
- Added support for several Tokens enrolment with Google Authenticator.
- Added issue URI parameter for Google Authenticator.
- Added compatibility with OpenID/SAML WebApp v1.1.x.
- Added compatibility with WebADM per-application session timeouts.
- Enhanced password update forms.
- Added Yubikey registration with WebADM Inventory (simply by pressing the Yubikey).
- Added support for YubiCloud-based Yubikey enrolment.
- Added a setting to prevent a user from enrolling Tokens already used by another user.
- The Default Token Type HARDWARE is replaced by HARDWARE-OATH and HARDWARE-YUBIKEY.
If you had configured HARDWARE, please change to one of the options after upgrade.
- Added actions to de-activate and re-activate registered Tokens.
- Added a new setting to allow or not user password change.
> In previous versions, password change used the Allow User Infos Management policy.
- Self application settings' management (OTP, TiQR, SSO, PKI) are disabled by default.
- OpenOTP/TiQR Login Mode and OTP Prefix policies cannot be edited by users anymore.
1.0.13
- New application architecture designed for WebADM v1.2.6.
- OpenOTP, TiQR and OpenID settings are disabled when application is not present.
- Added support for expired LDAP passwords.
- Adapted HTML for WebADM 1.2.5-1 rendering.
- Completely re-designed login form.
- Changed OTP and TiQR texts to be more user-friendly.
- Added support for WebApp authentication requiring user certificates.
- Multiple minor other enhancements.
1.0.12
- Added simple Hardware Token registration with serial numbers. This registration
mode is highly recommended when dealing with large amounts of Hardware Tokens.
- PIN change is now allowed without having to enable "Allow OpenOTP Management" feature.
- Added support for OTP Prefix (PIN) management with OpenOTP v1.1.1.
- All PIN code values are displayed as bullets.
- Input length validations for new password, OTP prefix and PIN code.
1.0.11
- Added support for OpenOTP v1.1 with multi Token and new Fallback methods.
- Added the possibility to un-register a Token.
- The Allow Register setting can restrict self-registration to specific Tokens.
- Added support for users with multiple mobile numbers or email addresses.
- Added a 'Default Token Type' setting to set the default token type in the token
registration form.
- Added PDF OTP list export.
1.0.10
- Updated for WebADM 1.2.
- TOKEN, LIST, LASTOTP fallback modes are allowed with any OTPType (OpenOTP 1.0.14).
- Added SMSMode MailMode configuration (for Ondemand / Prefetch OTP).
- Users can review all their OTP type settings without changing OTP type.
- Added "Allowed Token Types" setting allowing to restrict the types of
Tokens which can be registered.
- Simplified user interface.
- Compliance with TiQR Server 1.0.1.
- Fixed certificate a creation problem when user has no email address.
1.0.9
- Added support for TiQR Service.
- Many enhancements.
1.0.8
- Update required with WebADM-1.1.1.
- Added RADIUS Proxy OTP Type support.
- Added SHA256 and SHA512 key registration support for TOTP/OCRA Tokens.
- Added support for OpenOTP 1.0.11-1.
- Added a setting to allow Token download, registration, resync, test.
- Added a setting to set OpenOTP logintest URL if not local.
- Added LDAP password policy settings.
- Added OpenOTP password list support.
- Added TOTP resync utility.
> OpenOTP computes the Token time offset and keeps the offset for OTP calculations.
- Added OATH OCRA support.
1.0.7
- Added RCDevs OpenID Provider management features.
- Added Google Authenticator support with QRCode registration.
- OpenOTP Token register enhancements.
- Added QR Barcode-based Token key registration.
- Added OpenOTP login test page.
1.0.6
- Uses the new WebADM UI framework.
1.0.5
- Added OTPFallback configuration.
- Fixed certificate download problems.
1.0.4
- Requires WebADM >= 1.0.5.
- Minor corrections and code enhancements.
- Text corrections.
1.0.3
- Added YubiKey Tokens support.
1.0.2
- Support for Mobile-OTP Software Tokens (motp.sourceforge.net).
- PIN Code editor for MOTP.
- Minor code enhancements.
1.0.1
- Added account unblocking feature and block counter display.
- Added PKI functionalities (user certificate management).
- Added OpenOTP Secure Mail functionality.
1.0.0
Initial SelfDesk release.