Timezone for Challenge Expiration?

I have the timezone on my server set correctly. Is there somewhere that it needs to be set for privacyIDEA?

I ask because /token/challenges is marking both the timestamp and expiration as GMT eventhough the times there are actually local timezone times.

I appear to have worked around this by changing the timezone of the server itself to UTC. Is this a preferred method of installation that I missed?

I think we always try not to store timezones whenever we use times in privacyIDEA.
Storing timezones does not make any sense.
Imagine a redundant setup, where you have one privacyIDEA server on the east coast, one on the west coast and on in Hawaii. Which timezone should you use?
Or each node would write a different timezone to the database…

So storing GMT is intended. But it I think it should not store the local time “value” with the GMT timezone. This sounds, as if this could be a bug. If you have an account, it would be great if you would open an issue at github:

Opened issue.