privacyIDEA 2.18 is about to be released

Dear all,

I just uploaded privacyIDEA 2.18dev3.

This is the feature complete release candidate for the 2.18 release.
So if you would like to test it, you can download it from pypi like

pip install privacyidea==2.18dev3

otherwise you will install the latest stable version 2.17.

You can also install it from the launchpad devel repositories for
Ubuntu 16.04 and 14.04.
Add the devel repository like this:

add-apt-repository ppa:privacyidea/privacyidea-dev

Kind regards



  • Allow to disable the WebUI (#605)
  • The WebUI will lock the screen after a timeout instead of
    logging out the user. This allows to easily continue
    configuration work. (#621)
  • Improve the creation and handling of local CAs (#630, #632, #633)
    Allow certificate template for certificates with different runtime
    and x509v3 extensions.

Enhancements in Policies:

  • Allow regular expressions in usernames in policies. (#581)
  • Improve Policy creation with pi-manage from JSON formatted file.
  • WebUI: Add action grouping in policies.
  • WebUI: Add action filter in policy view.
  • Allow token specific PIN policies: The SPASS token can now
    have dedicated PIN policies.
  • Add PIN policies for administrators during enrollment and
    during assignment.
  • Add WebUI policy: only search on enter being pressed (#617)

Enhancements in Event Handlers:

  • Add token_validity_period condition to event handlers. (#618)
  • Add additional options in token handler when creating
    SMS, Email or mOTP tokens.
  • Allow tokenhandler to set tokeninfo field.
  • Allow tokenhandler to set syncwindow.
  • Add event handler condition for count_auth_success and
  • Add event handler condition for last_auth.
  • Improve Audit Log for Event Handler. Each triggered action
    will now also create an audit entry. (#609)
  • Allow the use of {current_time} in tokenevent handler. (#628)

Enhancements in LDAP Resolver:

  • Upgrade dependency to ldap3 version >=2.1.1 to improve LDAP
    performance in regards to redundancy and security
  • LDAP Resolver: Use get_info in bind requests to avoid querying
    of subschema. (#585)
  • LDAP Resolver: Support StartTLS over Port 389.
  • Simplify LDAP Resolver: Remove username from Attribute Mapping.
  • Simplefy LDAP Resolver: Remove reverse filter.

Misc Enhancements:

  • Automatically add user’s mobile number if tokentype is SMS.
  • Add example configuration for GTX messaging SMS gateway.
  • Add a script “privacyidea-get-unused-tokens” to find
    unused tokens
  • WebUI: Add a busy indicator spinner.
  • Improve the pi-manage script in regards to backup and restore.
    Let you choose whether to backup encryption key or not.
    Better handling for individual pathes. (#626, #623)


  • LDAP Resolver: Verify SSL Certificate (Security)
  • LDAP Resolver: Allow special characters in NTLM password
  • LDAP Resolver: Allow searching for users with German umlaut
  • Remove the “unsafe” notation in the QR-Code link, so that
    a smartphone may import the key during HOTP/TOTP token enrollment
    by clicking the link. (#620)
  • Use defusexml to avoid XML bombs on token import (Security)
  • Replace eval with ast.literal_evel (Security)
  • Add missing attributes for U2F tokens in
    validate/triggerchallenge API
  • Let /validate/triggerchallenge write to audit log.
  • Fix mangle policy for users and realms
  • Avoid logging of password in check_user_pass in debug level
  • Set encrypted PIN on enrollment for certificate tokens (#625)
  • Remove unused policy action “motp_webprovision”

Cornelius Kölbel
+49 151 2960 1417

NetKnights GmbH
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel


I’ve just upgraded my test env and I’m totally in love with the circle
showing the progress. :slight_smile:
Now diving into the CA changes.

Thank you!


Indeed. Thanks for the feedback.
This is a pull request from Quoc!

…and thanks for the PR!Am Donnerstag, 2. März 2017 11:58:52 UTC+1 schrieb Michael Muenz:


I’ve just upgraded my test env and I’m totally in love with the circle
showing the progress. :slight_smile:
Now diving into the CA changes.

Thank you!