- If 'send_upn' is enabled and the username input contains an '@' and no '', it will be send as is to privacyidea. This feature does not yet check with AD if the UPN is correct.
- Fixed a bug where a password reset for an expired password was not recogized.
- Fixed a bug where the '%' was not properly encoded when communicating with privacyidea.
- Token enrollment via challenge-response (introduced in privacyIDEA 3.8) can be used in the CP.
- Added whitelist for the filter to spare other credential providers from being filtered.
- If sending password or emtpy password was enabled and machine was offline, it was impossible to get to the second step for an offline authentication, because of the error caused by the attempt to send something. This is now fixed and offline is possible even if an error occured in the first step.
- If the excluded_account included a '.', it was not resolved to the local machine name before comparing with the input. Now both input and registry setting will have the '.' resolved before comparing values.
- Remember the serial of the token that was used to authenticate to add the refill values to the right token, fixes #123
- If prefill_username is enabled, set the focus to the password field, fixes #122
- Update the offline info after wrong password or other errors. The number displayed will now represent the comsumed offline OTPs if they had not been refilled directly (e.g. machine is offline)
- Fixed the count field in the offline file to correctly display the count of OTPs
- Fixed a bug where an offline user would not be found if the username was capitalized differently (missing case insensitivity)
- When entering the wrong OTP in RDP scenarios, the credential provider will now reset to the first step with username and password prefilled. This way, the user just has to press enter and can trigger challenges again. *Fixed a bug where the installer wrote the wrong values for scenario specific configuration
- Multiple offline token for multiple users are possible now
- Added "offline_threshold" configuration entry. OfflineRefill is only attempted when the remaining offline OTPs drop below the threshold. This will prevent having to wait for a connection timeout every time a authentication is performed where the computer is really offline.
- Added "offline_show_info" configuration entry. This will display available offline token for the user that is currently logging.
- Added "enable_filter" configuration entry. This will enable the filter (which removes all other Credential Providers).
- Updated the installer with more configuration possibilities. Moreover, the filter is now always installed and has to be activated via the configuration of this Credential Provider.
- When using RDP, the incoming password is now properly decrypted so that "2step_send_password" works correctly in this scenario.
- Fixed a bug that could cause an infinite loop in the CredUI scenario.
- Improved the "show_domain_hint" feature to directly show the domain that will be used when entering a backslash.
- Entering '.' will now be properly resolved to the local computer name.
- Entering '@' will now be handled correctly to indicate a domain.
- Failing the 2nd factor check in RDP scenarios will now only reset the 2nd step. In RDP scenarios, the username and password are already checked before connecting, therefore it is not required to check those on the target again.
- Added "enable_reset" configuration setting to show a clickable text at the bottom that resets the login.
- Added "debug_log" configuration setting to create a detailed log file. This setting replaces "release_log", real errors are always written to the log file. This setting also removes the need to install the debug version to create a detailed log.
- Added status callback to WinHttp to get more detailed information about certain failures.
- Fixed crash when deselecting the Credential Provider tile.
- Fixed missing lookup of "no_default" setting.
- The installer now writes all possible configuration keys to the registry. The configurable parts in the installer are unchanged.
- Added "prefill_username" configuration setting to prefill the username field with the last user that logged on
- Fix loading custom bitmaps as custom tile picture.
- Fix WinHttp default timeouts
- The behavior of the CP and Filter can be modified for each scenario separately (see docs).
- Fix missing Submit button upon failure when 2step is enabled.
- Support realms by configuring a realm mapping in the registry
- Support of Push Token
- Support offline authentication
- Support exclusion of a single account
- Fix for clients experiencing a freeze when using only hide_otp configuration.
- URL encoding of parameters which are sent to the server.
- Fix buffer overflow in certain RDP scenarios, that crashes the terminal server client.
- Make default tile configurable via NO_DEFAULT='1' registry key.
- Support SMS/Email tokens, which require a transaction id to be appended to the request. This only works when the CP is configured to ask for the OTP in a second step. The message of the challenge is displayed to the user.
- Logging of sensitive data can be activiated by a registry key
- Fix missing lookup of the domain when using over-the-shoulder-prompting (UAC). Note: The UAC scenario with the credential provider does currently not work on Windows 8/ Server 2012.
- Password change on a locked workstation is not possible. If this occurs, block our tile and guide the user to sign out and in again to complete the password change in the LOGON scenario. (Similar to what Windows does)
- Optionally send an empty password or the domain password to the privacyIDEA server. (As intended in version 2.0) This is only possible if the request for the OTP is made in a second step.
- Added icon to display in installed software list
- Improved debug message format
- More debug messages
- Changed version number format to end with buildnumber
- Displaying the correct version number in the MSI as well as in the installed software list
- Removed unnecessary communication with the privacyIDEA server
- Support changing the password on logon if the password expired or is requested to change by the admin
- Optional registry key for custom ports
- Adjusted Installer
- Fixed a bug with parsing the path from the URL
- Bugfix for URLs with scheme and paths specified
- Username and domain hideable on locked machines (custom login text will still be displayed)
- Custom OTP field text
- Adjusted Installer
- When connecting to a machine with privacyIDEA CP, allow to use the credentials which were already passed in NLA. We only ask for OTP.
- Replaced libcurl and OpenSSL with Winhttp
- SSL errors can be ignored optionally
- Second dialog to enter OTP separately
- Optionally send the domain password to the privacyIDEA server
- Adjusted Installer
- Add new logos
- Cleanup license and README
- Add correct user-agent