1.4.11 (April 4 2025)
- Added support for the a 'password' User Lockout option in the OptionSets.
When enabled, user passwords are auto-renewed at every badge-in and the
new password is displayed on the RCDevs Mobile Token App.
When the badge-in session expires or user badge-out, the password is set
to a random value in order to prevent re-use.
> This feature provides temporary passwords per-badging session (daily
passwords) and can be used as replacement for OTP and does not require
any specific client integration as it relies on the native LDAP or
Cloud IAM passwords.
1.4.10 (February 19 2025)
- Added support for 'APPKEY' login policy in OpenOTP v2.2.25.
- Added a configuration to choose the domain input field display mode:
> Dropdown: Select the login domain in a drop-down list.
> Manual: Manually enter the domain name in a text input.
> Hidden: Do not show the domain input (preferred when using UPNs only).
This new setting replaces the previous 'List Domains' setting.
1.4.9 (January 25 2025)
- Added compatibility with WebADM 2.4.x.
1.4.8 (January 7 2025)
- Added support for Kerberos authentication with ActiveDirectory domains.
> Requires WebADM 2.3.25 with Kerberos support and Kerberos machine
integration at the Linux system level (Windows KDC client).
1.4.7 (November 25 2024)
- Added support for OpenOTP SimplePush commit code.
- Token enrollement now defaults to RCDevs mobile Token.
1.4.5 (July 23 2014)
- Removed SSO menu entry and related configurations (deprecated).
- Removed some OpenOTP display and configurations (reserved for admin).
1.4.4 (June 27 2024)
- Added support for WebADM bruteforce protection with IP blacklisting.
- Added support for per-user badging policies.
1.4.3 (March 6 2024)
- Added weak and pwned password checks based on PwReset configuration.
1.4.2 (November 9 2023)
- Fixed PKCS#12 download when creating the 5th user certificate.
- Fixed download of an already created public certificate file.
1.4.1 (June 26 2023)
- Domain list is hidden when only one domain is configured.
> Note that you can use the domain's allowed application setting
to limit the domain list per application and hide the domain input.
1.4.0 (March 20 2023)
- Added support for WebADM v2.3 (this version requires WebADM v2.3).
1.3.0 (January 19 2023)
- Added compatibility with WebADM 2.2.
- Removed FIDO U2F (deprecated in flavor of FIDO2).
- Updated the application icons.
1.2.13 (December 22 2022)
- Added OpenOTP Web badging via self-service when the users let their
mobile phones at home.
> Badging features need to be configured in the application settings.
- Added QRCode for mobile copy/paste with application passwords.
- Removed the logo from the login page.
1.2.12 (November 1 2022)
- Added automatic language switching based on LDAP user language.
1.2.11 (September 2 2022)
- Added SQL audit log event types (requires WebADM >= 2.1.15).
- Added Error SQL logs for all failed actions.
1.2.10 (April 22 2022)
- Fixed minor issues with voice biometrics registration.
- Prevent self-renewal of WebADM Admin certificates.
- Fixed a minor MFA-FIDO login issue.
1.2.9 (April 22 2022)
- Added a settings to configure new certificate expiration time.
- Added a settings to configure new certificate features (secure e-mail
and Microsoft SmartCard login support).
- Uniformed the login failure messages not to disclose the login failure
reason.
1.2.8 (December 5 2021)
- Prevent username, fullname, CN or domain to be used as password.
- Added support for PKI login with external certificates (ex. eIDAS).
> Requires WebADM version >= 2.1.0.
- Added support for FIDO2 Web login with U2F-registered FIDO devices.
- Fixed broken FIDO2 login with Apple Safari browser.
1.2.7 (September 13 2021)
- Fixed minor issues with the OpenOTP document signing features.
- Added support for CaDES qualified signatures to the PDF Sign feature.
1.2.6 (July 5 2021)
- Create a logfile event for every user operation.
- Added the PDF Sign menu allowing users to electronically sign a PDF file
in "Advanced" mode (sealed PDF with handwritten signature) or "Qualified"
mode (sign with an external ID card or an eIDAS signing smartcard).
Signing requires OpenOTP v2.0 and a license with the SIGN option enabled.
1.2.5 (June 2 2021)
- Fixed user information update failing when mobile number is empty.
- Fixed several translation mistakes.
- Password change does not allow using the username or domain as part of
the new password value.
1.2.4 (May 17 2021)
- Fixed 'Register Token' action being greyed when switching from SMS/Mail
to 'TOKEN' OTP method.
1.2.3 (April 4 2021)
- The 'Allowed OTP Methods' setting can now be nullable.
- OTP methods can be changed according to the 'Allowed OTP Methods' setting
whether OTP Management is enabled or not.
- OpenOTP 'View My' selector changes according to the OTP method selection.
- The 'View My' selector also proposes any registrable methods.
1.2.2 (March 9 2021)
- Added FIDO2 PIN / Biometric user verification policies.
- Mobile Token display name is now reduced to the user display name.
- Added OpenOTP mobile enrolment with Token duplicate checks.
- Removed all TiQR functionalities.
> Your application configuration may be incorrect after upgrade if you
enabled any TiQR setting. In this case, just edit and re-apply the
configuration under the 'Application' menu in WebADM.
1.2.1
- Added compatibility with WebADM 2.0.11.
- Disable Application Password configs when OTP Management is disabled.
1.2.0
- Added support for OpenOTP Voice Biometrics.
- Added compatibility with WebADM v2.0.0.
- Added support for SpanKey with FIDO/U2F devices' registration.
- Added support for OpenOTP Max Idle Time blocking settings.
1.1.12
- Added HTTP Basic Authentication support via the page login_http.php.
- Added support for user ActiveDirectory principal names (UPN).
> The 'Show Domains List' setting must be disabled to use UPNs.
> Warning: When 'Show Domains List' is disabled, the domain input is now
removed! Users must login with domain\username to force a domain name.
- Fixed an issue when registering OTP lists.
- Hardware Token registration requires the current OTP for validation.
- Simplified the OTP method selector (one dropdown instead of two).
1.1.11
- This update is required for WebADM version >= 1.7.6.
- Prevent key import not matching the configured key size for SpanKey.
- Added support for SpanKey DSA with 2048 and 4096 bit keys.
- Fixed several wrong file permissions.
1.1.10
- Added support for Client policy -based access restrictions.
- Added support for SpanKey count-limited keys.
- Added SSH Public Key import with copy/paste for SpanKey registration.
- Users cannot self-configure SSH key expiration or max use.
1.1.9
- Added support for WebADM v1.7 (it does not work with previous versions).
- Added more expiration time values for Emergency OTP management.
- Added support for Emergency OTPs with limited usage count.
- Fixed AD account unlock not working (requires WebADM v1.6.9-2).
- Fixed support email failing with a sendmail error.
- Hide the OTP PIN prefix input.
- Added German translations.
1.1.8
- Added support for FIDO2 with TPM chips (ex. Apple MacBooks).
> This option requires OpenOTP v1.4.2.
- U2F / FIDO2 registration choice is now automatic (based on client policies).
- Fixed Token registration when Soft Token expiration time is set to '0'.
- Removed password policy configurations.
> Password change is available only when PwReset is enabled and uses PwReset
password policy settings.
> You must edit the SelfDesk configuration and re-apply it in WebADM.
- OTP prefix change is now available when OTP prefix is enabled in client policies.
- Added Emergency OTP registration with configurable automatic expiration.
1.1.7
- Added support for FIDO2 (CTAP and WebAuthn enrollments).
> You need OpenOTP v1.5 with this version of the Self-Service.
- Removed OpenOTP and TiQR custom address settings.
- Fixed incomplete token name with QRCode enrollments.
- Fixed Trusted U2F Devices feature not working on Chrome version >= 66.
- Setting Allowed Self-Registration 'U2F' is replaced by 'FIDO'.
> You may need to adjust and re-apply your configuration in WebADM!
- Added the 'FIDO Device Management' setting section.
1.1.6
- Added support for WebADM v1.6 (this version does not run on previous WebADM).
- Added support for access restrictions based on a client policies.
- Added SpanKey enrolment setting 'Allowed SSH Key Types' to limit the type of
SSH keys to be self-enrolled.
- Removed OpenOTP Application Passwords without expiration (OpenOTP v1.3.7).
- Fixed non working per-user and group policies for AllowOTPTypes, AllowRegister,
AllowTokenTypes and DefaultTokenType.
1.1.5
- Added support for OpenOTP MSS login method.
- Fixed an issue with Yubikey registration with YubiCloud.
- Added support for newer RCDevs software Token.
- New RCDevs Token logo image.
1.1.4
- Added multilingual support (French translation for now and more to come).
- Added password expiration notification on the home page.
- Added support for OpenOTP contextual authentication when two-factor is enabled.
- Device Id context uses HTTP Cookie instead of Browser fingerprint.
- Added an option to configured the list of allowed OTP methods to be selected.
- Allowed OTP Tokens and methods can be defined per LDAP user or group.
- Better support for PKI user authentication via WAProxies.
- Removed SMSCount and MailCount user statistics (for OpenOTP v1.3.3-2).
1.1.3
- Added support for upcoming U2F on Firefox and Orpera browsers.
> You need OpenOTP v1.3.2 with this version of SelfDesk.
- Added support for the new OpenOTP Push Login methods.
1.1.2
- Added a new enrolment workflow with RCDevs Software Authenticator.
- Google Authenticator Token icon is replaced by RCDevs Authenticator.
- Removed the possibility to configure the OTP length setting.
- Added an option to download both the PEM and PPK SpanKey private
keys bundled in a ZIP file.
1.1.1
- Added support for RCDevs SSO v1.2.x with OpenID Connect.
> This version of SelfDesk is not compatible with the previous versions of
RCDevs OpenID/SAML IdP.
1.1.0
- Added support for RCDevs SpanKey Server.
- Fixed wrong display of registered OTP list size.
- Removed the ability to configure the OTP list algorithm.
- Removed the ability to configure application passwords's expiration.
- Removed 'Allow OpenID' settings (uses the 'Allow Config' setting on OpenID).
1.0.20
- Uses the new WAPI framework from WebADM v1.5.0.
- Added product categorization for WebADM v1.4.5.
- Complete facelift with new design and login workflows.
- Added an OTP validation with HOTP and TOTP QRCode registration.
- Added brute-force attack protection with source IP address blacklisting.
1.0.19
- Remove resynchronization for Yubikeys which is not necessary.
- Added an option to require a second login factor (OTP or U2F).
- Many general user experience enhancements.
1.0.18
- Users can optionally set friendly names or short descriptions for U2F devices.
- U2F uses embedded javascript and does not require the Google Chrome extension.
- When PKI management is disabled, the PKI menu is now hidden.
- Added support for WebADM user_level configurations in webadm.conf.
- The OpenID & SAML SSO page has been simplified.
- OATH TOTP Token choice is prioritized over HOTP.
- Changed default minimum password length to 6 characters.
- Changed the Yubikey registration image to include Yubikey Nano.
1.0.17
- This version is designed for WebADM v1.4 and is not compatible with v1.3.
- The 'Allow Unused Tokens Only' setting is removed and enabled by default.
- Added dynamic password change complexity based of new password length.
- Added support for OATH tokens supporting MD5 algorithm (ex. RedHat FreeOTP).
- Support form and Token download URLs are hidden if not configured.
1.0.16
- Added support for OpenOTP v1.2 and FIDO U2F device management.
- Changed Allowed Token Types and Default Token Type settings to be more specific.
> You need to re-configure these settings if they were enabled.
- Simplified the OTP authentication test.
1.0.15
- OTP inputs do not display the OTP password (required for protecting OTP PIN).
- With password change, user cannot set a new password equal to the previous password.
- SMS and Mail choices are removed from the 'Allow Self-Registration' setting.
- List choice in the 'Allow Self-Registration' setting is renamed to OTPList.
- Added support for OpenOTP Software Token Expiration and auto re-enrollment process.
- Added support for OpenOTP/TiQR LoginEnabled configuration.
- Added support for TiQR 1.0.7-2 with re-designed TiQR+LDAP workflow.
- Added support for TiQR v1.1 and RSA cryptography.
- Added support for OpenOTP 1.1.5 and Application Passwords.
- Passwords change respects the AD password history policy.
- With OTP PROXY mode, OTP Type is changed to TOKEN after Token enrolment.
1.0.14
- Added configurations to allow or not SMS and Mail OTP registration.
- Added support for several Tokens enrolment with Google Authenticator.
- Added issue URI parameter for Google Authenticator.
- Added compatibility with OpenID/SAML WebApp v1.1.x.
- Added compatibility with WebADM per-application session timeouts.
- Enhanced password update forms.
- Added Yubikey registration with WebADM Inventory (simply by pressing the Yubikey).
- Added support for YubiCloud-based Yubikey enrolment.
- Added a setting to prevent a user from enrolling Tokens already used by another user.
- The Default Token Type HARDWARE is replaced by HARDWARE-OATH and HARDWARE-YUBIKEY.
If you had configured HARDWARE, please change to one of the options after upgrade.
- Added actions to de-activate and re-activate registered Tokens.
- Added a new setting to allow or not user password change.
> In previous versions, password change used the Allow User Infos Management policy.
- Self application settings' management (OTP, TiQR, SSO, PKI) are disabled by default.
- OpenOTP/TiQR Login Mode and OTP Prefix policies cannot be edited by users anymore.
1.0.13
- New application architecture designed for WebADM v1.2.6.
- OpenOTP, TiQR and OpenID settings are disabled when application is not present.
- Added support for expired LDAP passwords.
- Adapted HTML for WebADM 1.2.5-1 rendering.
- Completely re-designed login form.
- Changed OTP and TiQR texts to be more user-friendly.
- Added support for WebApp authentication requiring user certificates.
- Multiple minor other enhancements.
1.0.12
- Added simple Hardware Token registration with serial numbers. This registration
mode is highly recommended when dealing with large amounts of Hardware Tokens.
- PIN change is now allowed without having to enable "Allow OpenOTP Management" feature.
- Added support for OTP Prefix (PIN) management with OpenOTP v1.1.1.
- All PIN code values are displayed as bullets.
- Input length validations for new password, OTP prefix and PIN code.
1.0.11
- Added support for OpenOTP v1.1 with multi Token and new Fallback methods.
- Added the possibility to un-register a Token.
- The Allow Register setting can restrict self-registration to specific Tokens.
- Added support for users with multiple mobile numbers or email addresses.
- Added a 'Default Token Type' setting to set the default token type in the token
registration form.
- Added PDF OTP list export.
1.0.10
- Updated for WebADM 1.2.
- TOKEN, LIST, LASTOTP fallback modes are allowed with any OTPType (OpenOTP 1.0.14).
- Added SMSMode MailMode configuration (for Ondemand / Prefetch OTP).
- Users can review all their OTP type settings without changing OTP type.
- Added "Allowed Token Types" setting allowing to restrict the types of
Tokens which can be registered.
- Simplified user interface.
- Compliance with TiQR Server 1.0.1.
- Fixed certificate a creation problem when user has no email address.
1.0.9
- Added support for TiQR Service.
- Many enhancements.
1.0.8
- Update required with WebADM-1.1.1.
- Added RADIUS Proxy OTP Type support.
- Added SHA256 and SHA512 key registration support for TOTP/OCRA Tokens.
- Added support for OpenOTP 1.0.11-1.
- Added a setting to allow Token download, registration, resync, test.
- Added a setting to set OpenOTP logintest URL if not local.
- Added LDAP password policy settings.
- Added OpenOTP password list support.
- Added TOTP resync utility.
> OpenOTP computes the Token time offset and keeps the offset for OTP calculations.
- Added OATH OCRA support.
1.0.7
- Added RCDevs OpenID Provider management features.
- Added Google Authenticator support with QRCode registration.
- OpenOTP Token register enhancements.
- Added QR Barcode-based Token key registration.
- Added OpenOTP login test page.
1.0.6
- Uses the new WebADM UI framework.
1.0.5
- Added OTPFallback configuration.
- Fixed certificate download problems.
1.0.4
- Requires WebADM >= 1.0.5.
- Minor corrections and code enhancements.
- Text corrections.
1.0.3
- Added YubiKey Tokens support.
1.0.2
- Support for Mobile-OTP Software Tokens (motp.sourceforge.net).
- PIN Code editor for MOTP.
- Minor code enhancements.
1.0.1
- Added account unblocking feature and block counter display.
- Added PKI functionalities (user certificate management).
- Added OpenOTP Secure Mail functionality.
1.0.0
Initial SelfDesk release.
- Added support for the a 'password' User Lockout option in the OptionSets.
When enabled, user passwords are auto-renewed at every badge-in and the
new password is displayed on the RCDevs Mobile Token App.
When the badge-in session expires or user badge-out, the password is set
to a random value in order to prevent re-use.
> This feature provides temporary passwords per-badging session (daily
passwords) and can be used as replacement for OTP and does not require
any specific client integration as it relies on the native LDAP or
Cloud IAM passwords.
1.4.10 (February 19 2025)
- Added support for 'APPKEY' login policy in OpenOTP v2.2.25.
- Added a configuration to choose the domain input field display mode:
> Dropdown: Select the login domain in a drop-down list.
> Manual: Manually enter the domain name in a text input.
> Hidden: Do not show the domain input (preferred when using UPNs only).
This new setting replaces the previous 'List Domains' setting.
1.4.9 (January 25 2025)
- Added compatibility with WebADM 2.4.x.
1.4.8 (January 7 2025)
- Added support for Kerberos authentication with ActiveDirectory domains.
> Requires WebADM 2.3.25 with Kerberos support and Kerberos machine
integration at the Linux system level (Windows KDC client).
1.4.7 (November 25 2024)
- Added support for OpenOTP SimplePush commit code.
- Token enrollement now defaults to RCDevs mobile Token.
1.4.5 (July 23 2014)
- Removed SSO menu entry and related configurations (deprecated).
- Removed some OpenOTP display and configurations (reserved for admin).
1.4.4 (June 27 2024)
- Added support for WebADM bruteforce protection with IP blacklisting.
- Added support for per-user badging policies.
1.4.3 (March 6 2024)
- Added weak and pwned password checks based on PwReset configuration.
1.4.2 (November 9 2023)
- Fixed PKCS#12 download when creating the 5th user certificate.
- Fixed download of an already created public certificate file.
1.4.1 (June 26 2023)
- Domain list is hidden when only one domain is configured.
> Note that you can use the domain's allowed application setting
to limit the domain list per application and hide the domain input.
1.4.0 (March 20 2023)
- Added support for WebADM v2.3 (this version requires WebADM v2.3).
1.3.0 (January 19 2023)
- Added compatibility with WebADM 2.2.
- Removed FIDO U2F (deprecated in flavor of FIDO2).
- Updated the application icons.
1.2.13 (December 22 2022)
- Added OpenOTP Web badging via self-service when the users let their
mobile phones at home.
> Badging features need to be configured in the application settings.
- Added QRCode for mobile copy/paste with application passwords.
- Removed the logo from the login page.
1.2.12 (November 1 2022)
- Added automatic language switching based on LDAP user language.
1.2.11 (September 2 2022)
- Added SQL audit log event types (requires WebADM >= 2.1.15).
- Added Error SQL logs for all failed actions.
1.2.10 (April 22 2022)
- Fixed minor issues with voice biometrics registration.
- Prevent self-renewal of WebADM Admin certificates.
- Fixed a minor MFA-FIDO login issue.
1.2.9 (April 22 2022)
- Added a settings to configure new certificate expiration time.
- Added a settings to configure new certificate features (secure e-mail
and Microsoft SmartCard login support).
- Uniformed the login failure messages not to disclose the login failure
reason.
1.2.8 (December 5 2021)
- Prevent username, fullname, CN or domain to be used as password.
- Added support for PKI login with external certificates (ex. eIDAS).
> Requires WebADM version >= 2.1.0.
- Added support for FIDO2 Web login with U2F-registered FIDO devices.
- Fixed broken FIDO2 login with Apple Safari browser.
1.2.7 (September 13 2021)
- Fixed minor issues with the OpenOTP document signing features.
- Added support for CaDES qualified signatures to the PDF Sign feature.
1.2.6 (July 5 2021)
- Create a logfile event for every user operation.
- Added the PDF Sign menu allowing users to electronically sign a PDF file
in "Advanced" mode (sealed PDF with handwritten signature) or "Qualified"
mode (sign with an external ID card or an eIDAS signing smartcard).
Signing requires OpenOTP v2.0 and a license with the SIGN option enabled.
1.2.5 (June 2 2021)
- Fixed user information update failing when mobile number is empty.
- Fixed several translation mistakes.
- Password change does not allow using the username or domain as part of
the new password value.
1.2.4 (May 17 2021)
- Fixed 'Register Token' action being greyed when switching from SMS/Mail
to 'TOKEN' OTP method.
1.2.3 (April 4 2021)
- The 'Allowed OTP Methods' setting can now be nullable.
- OTP methods can be changed according to the 'Allowed OTP Methods' setting
whether OTP Management is enabled or not.
- OpenOTP 'View My' selector changes according to the OTP method selection.
- The 'View My' selector also proposes any registrable methods.
1.2.2 (March 9 2021)
- Added FIDO2 PIN / Biometric user verification policies.
- Mobile Token display name is now reduced to the user display name.
- Added OpenOTP mobile enrolment with Token duplicate checks.
- Removed all TiQR functionalities.
> Your application configuration may be incorrect after upgrade if you
enabled any TiQR setting. In this case, just edit and re-apply the
configuration under the 'Application' menu in WebADM.
1.2.1
- Added compatibility with WebADM 2.0.11.
- Disable Application Password configs when OTP Management is disabled.
1.2.0
- Added support for OpenOTP Voice Biometrics.
- Added compatibility with WebADM v2.0.0.
- Added support for SpanKey with FIDO/U2F devices' registration.
- Added support for OpenOTP Max Idle Time blocking settings.
1.1.12
- Added HTTP Basic Authentication support via the page login_http.php.
- Added support for user ActiveDirectory principal names (UPN).
> The 'Show Domains List' setting must be disabled to use UPNs.
> Warning: When 'Show Domains List' is disabled, the domain input is now
removed! Users must login with domain\username to force a domain name.
- Fixed an issue when registering OTP lists.
- Hardware Token registration requires the current OTP for validation.
- Simplified the OTP method selector (one dropdown instead of two).
1.1.11
- This update is required for WebADM version >= 1.7.6.
- Prevent key import not matching the configured key size for SpanKey.
- Added support for SpanKey DSA with 2048 and 4096 bit keys.
- Fixed several wrong file permissions.
1.1.10
- Added support for Client policy -based access restrictions.
- Added support for SpanKey count-limited keys.
- Added SSH Public Key import with copy/paste for SpanKey registration.
- Users cannot self-configure SSH key expiration or max use.
1.1.9
- Added support for WebADM v1.7 (it does not work with previous versions).
- Added more expiration time values for Emergency OTP management.
- Added support for Emergency OTPs with limited usage count.
- Fixed AD account unlock not working (requires WebADM v1.6.9-2).
- Fixed support email failing with a sendmail error.
- Hide the OTP PIN prefix input.
- Added German translations.
1.1.8
- Added support for FIDO2 with TPM chips (ex. Apple MacBooks).
> This option requires OpenOTP v1.4.2.
- U2F / FIDO2 registration choice is now automatic (based on client policies).
- Fixed Token registration when Soft Token expiration time is set to '0'.
- Removed password policy configurations.
> Password change is available only when PwReset is enabled and uses PwReset
password policy settings.
> You must edit the SelfDesk configuration and re-apply it in WebADM.
- OTP prefix change is now available when OTP prefix is enabled in client policies.
- Added Emergency OTP registration with configurable automatic expiration.
1.1.7
- Added support for FIDO2 (CTAP and WebAuthn enrollments).
> You need OpenOTP v1.5 with this version of the Self-Service.
- Removed OpenOTP and TiQR custom address settings.
- Fixed incomplete token name with QRCode enrollments.
- Fixed Trusted U2F Devices feature not working on Chrome version >= 66.
- Setting Allowed Self-Registration 'U2F' is replaced by 'FIDO'.
> You may need to adjust and re-apply your configuration in WebADM!
- Added the 'FIDO Device Management' setting section.
1.1.6
- Added support for WebADM v1.6 (this version does not run on previous WebADM).
- Added support for access restrictions based on a client policies.
- Added SpanKey enrolment setting 'Allowed SSH Key Types' to limit the type of
SSH keys to be self-enrolled.
- Removed OpenOTP Application Passwords without expiration (OpenOTP v1.3.7).
- Fixed non working per-user and group policies for AllowOTPTypes, AllowRegister,
AllowTokenTypes and DefaultTokenType.
1.1.5
- Added support for OpenOTP MSS login method.
- Fixed an issue with Yubikey registration with YubiCloud.
- Added support for newer RCDevs software Token.
- New RCDevs Token logo image.
1.1.4
- Added multilingual support (French translation for now and more to come).
- Added password expiration notification on the home page.
- Added support for OpenOTP contextual authentication when two-factor is enabled.
- Device Id context uses HTTP Cookie instead of Browser fingerprint.
- Added an option to configured the list of allowed OTP methods to be selected.
- Allowed OTP Tokens and methods can be defined per LDAP user or group.
- Better support for PKI user authentication via WAProxies.
- Removed SMSCount and MailCount user statistics (for OpenOTP v1.3.3-2).
1.1.3
- Added support for upcoming U2F on Firefox and Orpera browsers.
> You need OpenOTP v1.3.2 with this version of SelfDesk.
- Added support for the new OpenOTP Push Login methods.
1.1.2
- Added a new enrolment workflow with RCDevs Software Authenticator.
- Google Authenticator Token icon is replaced by RCDevs Authenticator.
- Removed the possibility to configure the OTP length setting.
- Added an option to download both the PEM and PPK SpanKey private
keys bundled in a ZIP file.
1.1.1
- Added support for RCDevs SSO v1.2.x with OpenID Connect.
> This version of SelfDesk is not compatible with the previous versions of
RCDevs OpenID/SAML IdP.
1.1.0
- Added support for RCDevs SpanKey Server.
- Fixed wrong display of registered OTP list size.
- Removed the ability to configure the OTP list algorithm.
- Removed the ability to configure application passwords's expiration.
- Removed 'Allow OpenID' settings (uses the 'Allow Config' setting on OpenID).
1.0.20
- Uses the new WAPI framework from WebADM v1.5.0.
- Added product categorization for WebADM v1.4.5.
- Complete facelift with new design and login workflows.
- Added an OTP validation with HOTP and TOTP QRCode registration.
- Added brute-force attack protection with source IP address blacklisting.
1.0.19
- Remove resynchronization for Yubikeys which is not necessary.
- Added an option to require a second login factor (OTP or U2F).
- Many general user experience enhancements.
1.0.18
- Users can optionally set friendly names or short descriptions for U2F devices.
- U2F uses embedded javascript and does not require the Google Chrome extension.
- When PKI management is disabled, the PKI menu is now hidden.
- Added support for WebADM user_level configurations in webadm.conf.
- The OpenID & SAML SSO page has been simplified.
- OATH TOTP Token choice is prioritized over HOTP.
- Changed default minimum password length to 6 characters.
- Changed the Yubikey registration image to include Yubikey Nano.
1.0.17
- This version is designed for WebADM v1.4 and is not compatible with v1.3.
- The 'Allow Unused Tokens Only' setting is removed and enabled by default.
- Added dynamic password change complexity based of new password length.
- Added support for OATH tokens supporting MD5 algorithm (ex. RedHat FreeOTP).
- Support form and Token download URLs are hidden if not configured.
1.0.16
- Added support for OpenOTP v1.2 and FIDO U2F device management.
- Changed Allowed Token Types and Default Token Type settings to be more specific.
> You need to re-configure these settings if they were enabled.
- Simplified the OTP authentication test.
1.0.15
- OTP inputs do not display the OTP password (required for protecting OTP PIN).
- With password change, user cannot set a new password equal to the previous password.
- SMS and Mail choices are removed from the 'Allow Self-Registration' setting.
- List choice in the 'Allow Self-Registration' setting is renamed to OTPList.
- Added support for OpenOTP Software Token Expiration and auto re-enrollment process.
- Added support for OpenOTP/TiQR LoginEnabled configuration.
- Added support for TiQR 1.0.7-2 with re-designed TiQR+LDAP workflow.
- Added support for TiQR v1.1 and RSA cryptography.
- Added support for OpenOTP 1.1.5 and Application Passwords.
- Passwords change respects the AD password history policy.
- With OTP PROXY mode, OTP Type is changed to TOKEN after Token enrolment.
1.0.14
- Added configurations to allow or not SMS and Mail OTP registration.
- Added support for several Tokens enrolment with Google Authenticator.
- Added issue URI parameter for Google Authenticator.
- Added compatibility with OpenID/SAML WebApp v1.1.x.
- Added compatibility with WebADM per-application session timeouts.
- Enhanced password update forms.
- Added Yubikey registration with WebADM Inventory (simply by pressing the Yubikey).
- Added support for YubiCloud-based Yubikey enrolment.
- Added a setting to prevent a user from enrolling Tokens already used by another user.
- The Default Token Type HARDWARE is replaced by HARDWARE-OATH and HARDWARE-YUBIKEY.
If you had configured HARDWARE, please change to one of the options after upgrade.
- Added actions to de-activate and re-activate registered Tokens.
- Added a new setting to allow or not user password change.
> In previous versions, password change used the Allow User Infos Management policy.
- Self application settings' management (OTP, TiQR, SSO, PKI) are disabled by default.
- OpenOTP/TiQR Login Mode and OTP Prefix policies cannot be edited by users anymore.
1.0.13
- New application architecture designed for WebADM v1.2.6.
- OpenOTP, TiQR and OpenID settings are disabled when application is not present.
- Added support for expired LDAP passwords.
- Adapted HTML for WebADM 1.2.5-1 rendering.
- Completely re-designed login form.
- Changed OTP and TiQR texts to be more user-friendly.
- Added support for WebApp authentication requiring user certificates.
- Multiple minor other enhancements.
1.0.12
- Added simple Hardware Token registration with serial numbers. This registration
mode is highly recommended when dealing with large amounts of Hardware Tokens.
- PIN change is now allowed without having to enable "Allow OpenOTP Management" feature.
- Added support for OTP Prefix (PIN) management with OpenOTP v1.1.1.
- All PIN code values are displayed as bullets.
- Input length validations for new password, OTP prefix and PIN code.
1.0.11
- Added support for OpenOTP v1.1 with multi Token and new Fallback methods.
- Added the possibility to un-register a Token.
- The Allow Register setting can restrict self-registration to specific Tokens.
- Added support for users with multiple mobile numbers or email addresses.
- Added a 'Default Token Type' setting to set the default token type in the token
registration form.
- Added PDF OTP list export.
1.0.10
- Updated for WebADM 1.2.
- TOKEN, LIST, LASTOTP fallback modes are allowed with any OTPType (OpenOTP 1.0.14).
- Added SMSMode MailMode configuration (for Ondemand / Prefetch OTP).
- Users can review all their OTP type settings without changing OTP type.
- Added "Allowed Token Types" setting allowing to restrict the types of
Tokens which can be registered.
- Simplified user interface.
- Compliance with TiQR Server 1.0.1.
- Fixed certificate a creation problem when user has no email address.
1.0.9
- Added support for TiQR Service.
- Many enhancements.
1.0.8
- Update required with WebADM-1.1.1.
- Added RADIUS Proxy OTP Type support.
- Added SHA256 and SHA512 key registration support for TOTP/OCRA Tokens.
- Added support for OpenOTP 1.0.11-1.
- Added a setting to allow Token download, registration, resync, test.
- Added a setting to set OpenOTP logintest URL if not local.
- Added LDAP password policy settings.
- Added OpenOTP password list support.
- Added TOTP resync utility.
> OpenOTP computes the Token time offset and keeps the offset for OTP calculations.
- Added OATH OCRA support.
1.0.7
- Added RCDevs OpenID Provider management features.
- Added Google Authenticator support with QRCode registration.
- OpenOTP Token register enhancements.
- Added QR Barcode-based Token key registration.
- Added OpenOTP login test page.
1.0.6
- Uses the new WebADM UI framework.
1.0.5
- Added OTPFallback configuration.
- Fixed certificate download problems.
1.0.4
- Requires WebADM >= 1.0.5.
- Minor corrections and code enhancements.
- Text corrections.
1.0.3
- Added YubiKey Tokens support.
1.0.2
- Support for Mobile-OTP Software Tokens (motp.sourceforge.net).
- PIN Code editor for MOTP.
- Minor code enhancements.
1.0.1
- Added account unblocking feature and block counter display.
- Added PKI functionalities (user certificate management).
- Added OpenOTP Secure Mail functionality.
1.0.0
Initial SelfDesk release.
