Caution
- Make a backup of your existing installation! This backup should include the config files, the encryption keys and the database.
- Ensure that you use the latest supported privacyIDEA version 3.9.2 and then upgrade to eduMFA
These migration steps are applicable for all versions released up to now
- Uninstall privacyIDEA and stop your
Apache2
ornginx
service - Move/Copy all configurations from
/etc/privacyidea/
to/etc/edumfa/
- The config file needs to be renamed from
pi.cfg
toedumfa.cfg
- Rename/Replace
PI_
in the configuration file withEDUMFA_
(e.g.PI_ENCFILE
changes toEDUMFA_ENCFILE
) - Update the paths in the configuration file to
/etc/edumfa/
- Update the log file path to
/var/log/edumfa/edumfa.log
- The config file needs to be renamed from
- Install eduMFA (e.g. using Container, PIP or the
.deb
Package)- When using the
.deb
package, make sure not to overwrite the existing configuration file when prompted - When using the server
.deb
package (edumfa-apache2
,edumfa-nginx
), the database migration will be executed automatically. Additionally the web server configuration and a cron entry will be installed.
- When using the
- Check your
crontab
,systemd
services for the usage ofpi-manage
or any other privacyIDEA script and replace it withedumfa-manage
- Check your
Apache2
ornginx
configurations for usage of theprivacyideaapp.wsgi
and replace it withedumfaapp.wsgi
and fix all required paths - Execute the database migration using
edumfa-schema-upgrade
located in the/opt/edumfa/bin
. You also need to provide the migration dir/opt/edumfa/lib/edumfa/migrations
. The latest migration will rename several columns and tables from privacyIDEA related names to eduMFA- In case of an error executing this migration you also can perform the required migrations using SQL
- Rename the table
pidea_audit
tomfa_audit
- Rename the table
privacyideaserver
toedumfaserver
- In case of Postgres: Rename the sequence
privacyideaserver_id_seq
toedumfaserver_id_seq
- In case of MariaDB: Rename the sequence
privacyideaserver_seq
toedumfaserver_seq
- Rename the column
mfa_audit.privacyidea_server
tomfa_audit.edumfa_server
- Rename the column
policy.pinode
topolicy.edumfanode
- Replace all occurrences of
login_mode=privacyIDEA
inpolicy.action
withlogin_mode=eduMFA
- Replace all occurrences of
privacyideaserver_read
inpolicy.action
withedumfaserver_read
- Replace all occurrences of
privacyideaserver_write
inpolicy.action
withedumfaserver_write
- Replace all occurrences of
privacyidea.
insmsgateway.providermodule
withedumfa.
- Rename the table
- In case of an error executing this migration you also can perform the required migrations using SQL
- Add documentation for Docker images + optimize Dockerfile by @Luc1412 in eduMFA#328
- Add support for Ubuntu 24.04LTS images by @Luc1412 in eduMFA#290
- chore(deps): update dependency alembic to v1.13.3 by @renovate in eduMFA#326
- chore(deps): update dependency attrs to v24.2.0 by @renovate in eduMFA#268
- chore(deps): update dependency babel to v2.16.0 by @renovate in eduMFA#273
- chore(deps): update dependency bcrypt to v4.2.0 by @renovate in eduMFA#228
- chore(deps): update dependency cachetools to v5.5.0 by @renovate in eduMFA#282
- chore(deps): update dependency certifi to v2024.8.30 by @renovate in eduMFA#298
- chore(deps): update dependency cffi to v1.17.1 by @renovate in eduMFA#306
- chore(deps): update dependency configobj to v5.0.9 by @renovate in eduMFA#325
- chore(deps): update dependency croniter to v3.0.3 by @renovate in eduMFA#237
- chore(deps): update dependency docs/sphinx to v8 by @renovate in eduMFA#253
- chore(deps): update dependency docs/sphinxcontrib-applehelp to v2 by @renovate in eduMFA#254
- chore(deps): update dependency docs/sphinxcontrib-devhelp to v2 by @renovate in eduMFA#255
- chore(deps): update dependency docs/sphinxcontrib-htmlhelp to v2.1.0 by @renovate in eduMFA#247
- chore(deps): update dependency docs/sphinxcontrib-qthelp to v2 by @renovate in eduMFA#256
- chore(deps): update dependency docs/sphinxcontrib-serializinghtml to v2 by @renovate in eduMFA#259
- chore(deps): update dependency furo to v2024.8.6 by @renovate in eduMFA#267
- chore(deps): update dependency google-auth to v2.35.0 by @renovate in eduMFA#323
- chore(deps): update dependency grpcio to v1.66.2 by @renovate in eduMFA#336
- chore(deps): update dependency huey to v2.5.2 by @renovate in eduMFA#329
- chore(deps): update dependency idna to v3.8 by @renovate in eduMFA#291
- chore(deps): update dependency importlib_metadata to v8.2.0 by @renovate in eduMFA#233
- chore(deps): update dependency lxml to v5.3.0 by @renovate in eduMFA#274
- chore(deps): update dependency pyasn1 to v0.6.1 by @renovate in eduMFA#308
- chore(deps): update dependency pyasn1-modules to v0.4.1 by @renovate in eduMFA#309
- chore(deps): update dependency pydash to v8.0.3 by @renovate in eduMFA#227
- chore(deps): update dependency pyjwt to v2.9.0 by @renovate in eduMFA#260
- chore(deps): update dependency pyopenssl to v24.2.1 by @renovate in eduMFA#224
- chore(deps): update dependency pyparsing to v3.1.4 by @renovate in eduMFA#292
- chore(deps): update dependency pytest to v8.3.3 by @renovate in eduMFA#307
- chore(deps): update dependency python-gnupg to v0.5.3 by @renovate in eduMFA#324
- chore(deps): update dependency pytz to v2024.2 by @renovate in eduMFA#310
- chore(deps): update dependency pyyaml to v6.0.2 by @renovate in eduMFA#270
- chore(deps): update dependency redis to v5.1.0 by @renovate in eduMFA#335
- chore(deps): update dependency setuptools to v75 by @renovate in eduMFA#319
- chore(deps): update dependency soupsieve to v2.6 by @renovate in eduMFA#280
- chore(deps): update dependency sphinx to v7.4.7 by @renovate in eduMFA#222
- chore(deps): update dependency sphinxcontrib-htmlhelp to v2.0.6 by @renovate in eduMFA#220
- chore(deps): update dependency sphinxcontrib-qthelp to v1.0.8 by @renovate in eduMFA#221
- chore(deps): update dependency sqlalchemy to v2.0.35 by @renovate in eduMFA#302
- chore(deps): update dependency test/attrs to v24 by @renovate in eduMFA#263
- chore(deps): update dependency test/coverage to v7.6.1 by @renovate in eduMFA#264
- chore(deps): update dependency test/exceptiongroup to v1.2.2 by @renovate in eduMFA#250
- chore(deps): update dependency test/packaging to v24.1 by @renovate in eduMFA#251
- chore(deps): update dependency test/pytest to v8.3.2 by @renovate in eduMFA#252
- chore(deps): update dependency test/responses to v0.25.3 by @renovate in eduMFA#245
- chore(deps): update dependency test/types-pyyaml to v6.0.12.20240724 by @renovate in eduMFA#246
- chore(deps): update dependency types-pyyaml to v6.0.12.20240917 by @renovate in eduMFA#316
- chore(deps): update dependency urllib3 to v2.2.3 by @renovate in eduMFA#313
- chore(deps): update dependency werkzeug to v3.0.4 by @renovate in eduMFA#286
- chore(deps): update dependency zipp to v3.20.2 by @renovate in eduMFA#317
- chore: migrate static metadata to
pyproject.toml
by @Luc1412 in eduMFA#218 - docs: correct syslog documentation by @fritterhoff in eduMFA#341
- docs: document eduPUSH type and deprecate Push Token Type by @Luc1412 in eduMFA#294
- feat: change import filename arguments to type click.File by @Johnnynator in eduMFA#289
- feat: permit handling ecdsa for pushtokens by @fritterhoff in eduMFA#340
- fix: TOTP and HOTP help strings by @Johnnynator in eduMFA#288
- fix: add missing MULTIVALUEATTRIBUTES parameter to LDAPIdResolver by @QcFe in eduMFA#315
- fix: append webauthn policy information to
type=webauthn
triggerchallenges by @Johnnynator in eduMFA#314 - fix: handle to long description input by @fritterhoff in eduMFA#337
- fix: make webauthn token description a translatable string by @Johnnynator in eduMFA#305
- fix: only push docker images on default branch or releases by @fritterhoff in eduMFA#299
- fix: output totp algorithm uppercase by @siggdev in eduMFA#235
- fix: store declined sessions correctly and prevent polling of declined requests by @fritterhoff in eduMFA#339
- fix: regenerate translations.js by @Johnnynator in eduMFA#321
Caution
This release fixes a possible security vulnerability.
eduMFA prior version 2.2.0 was also affected by blastRADIUS (CVE-2024-3596). In case you are using the RADIUS Token we strongly recommend you to upgrade to version 2.2.0.
Please note that this upgrade requires a database migration and you must replace the radius dictionary used by eduMFA! Beside these changes you should enable the Message Authenticator
option introduced in the UI in case your RADIUS server supports this option.
Thanks a lot to @Janfred for the hint and @sklemer1 for the fix!
- chore(deps): update dependency google-auth to v2.32.0 by @renovate in eduMFA#203
- chore(deps): update dependency sphinx to v7.4.0 by @renovate in eduMFA#206
- chore(deps): update dependency setuptools to v70 [security] by @renovate in eduMFA#209
- chore(deps): update dependency setuptools to v70.3.0 by @renovate in eduMFA#192
- chore(deps): update dependency croniter to v2.0.7 by @renovate in eduMFA#213
- chore(deps): update dependency cachetools to v5.4.0 by @renovate in eduMFA#210
- chore(deps): update dependency sphinx to v7.4.5 by @renovate in eduMFA#207
- fix: corrected typo in e-mail address by @st-hofmann in eduMFA#171
- feat: handle passkey AuthenticatorDataFlags by @ekupris in eduMFA#161
- feat: ignore event handler in case of passkey auth by @fritterhoff in eduMFA#199
- feat: add edumfa-push token type by @johannwagner in eduMFA#104
- chore(deps): update dependency pytest to v8 by @renovate in eduMFA#148
- chore(deps): update dependency redis to v5 by @renovate in eduMFA#149
- chore(deps): update dependency zipp to v3.19.0 by @renovate in eduMFA#169
- chore(deps): update dependency mako to v1.3.5 by @renovate in eduMFA#166
- chore(deps): update dependency lxml to v5.2.2 by @renovate in eduMFA#165
- chore(deps): update dependency pykcs11 to v1.5.16 by @renovate in eduMFA#167
- chore(deps): update dependency flask-sqlalchemy to v3.1.1 by @renovate in eduMFA#110
- chore(deps): update dependency cryptography to v42.0.8 by @renovate in eduMFA#173
- chore(deps): update dependency cbor2 to v5.6.4 by @renovate in eduMFA#172
- chore(deps): update dependency pytest to v8.2.2 by @renovate in eduMFA#175
- chore(deps): update dependency redis to v5.0.5 by @renovate in eduMFA#176
- chore(deps): update dependency grpcio to v1.64.1 by @renovate in eduMFA#170
- chore(deps): update dependency huey to v2.5.1 by @renovate in eduMFA#174
- chore(deps): update dependency requests to v2.32.3 by @renovate in eduMFA#168
- chore: test dependencies by @fritterhoff in eduMFA#182
- chore(deps): update dependency urllib3 to v2.2.2 [security] by @renovate in eduMFA#186
- chore(deps): update docker/build-push-action action to v6 by @renovate in eduMFA#188
- chore(deps): update dependency zipp to v3.19.2 by @renovate in eduMFA#178
- chore(deps): update dependency certifi to v2024.6.2 by @renovate in eduMFA#179
- chore(deps): update dependency packaging to v24.1 by @renovate in eduMFA#183
- chore(deps): update dependency netaddr to v1 by @renovate in eduMFA#147
- chore(deps): update dependency pyasn1 to v0.6.0 by @renovate in eduMFA#112
- chore(deps): update dependency alembic to v1.13.2 by @renovate in eduMFA#195
- chore(deps): update dependency sqlalchemy to v2.0.31 by @renovate in eduMFA#190
- chore(deps): update dependency redis to v5.0.7 by @renovate in eduMFA#189
- chore(deps): update dependency google-auth to v2.30.0 by @renovate in eduMFA#181
- chore(deps): update dependency typing-extensions to v4.12.2 by @renovate in eduMFA#191
- chore(deps): update dependency importlib-metadata to v8 by @renovate in eduMFA#194
- chore(deps): update dependency gssapi to v1.8.3 by @renovate in eduMFA#70
- chore(deps): pin dependencies by @renovate in eduMFA#196
- chore(deps): update dependency google-auth to v2.31.0 by @renovate in eduMFA#198
- chore(deps): update dependency certifi to v2024.7.4 by @renovate in eduMFA#200
- fix: redirect filename arg for policy creation by @fritterhoff in eduMFA#158
- chore(deps): update dependency werkzeug to v3.0.3 [security] by @renovate in eduMFA#117
- chore(deps): update dependency jinja2 to v3.1.4 [security] by @renovate in eduMFA#116
- chore(deps): update dependency pymysql to v1.1.0 by @renovate in eduMFA#97
- chore(deps): update dependency pyasn1-modules to v0.4.0 by @renovate in eduMFA#113
- chore(deps): update dependency certifi to v2023.11.17 by @renovate in eduMFA#83
- chore(deps): update dependency python-gnupg to v0.5.2 by @renovate in eduMFA#72
- chore(deps): update dependency mako to v1.3.3 by @renovate in eduMFA#95
- chore(deps): update dependency grpcio to v1.63.0 by @renovate in eduMFA#92
- chore(deps): update dependency certifi to v2024 by @renovate in eduMFA#122
- chore(deps): update dependency importlib-metadata to v6.11.0 by @renovate in eduMFA#121
- chore(deps): update dependency babel to v2.15.0 by @renovate in eduMFA#120
- chore(deps): update dependency bcrypt to v4.1.3 by @renovate in eduMFA#118
- chore(deps): update dependency cryptography to v42.0.7 by @renovate in eduMFA#119
- chore(deps): update dependency setuptools to v69.5.1 by @renovate in eduMFA#126
- chore(deps): update dependency blinker to v1.8.2 by @renovate in eduMFA#125
- chore(deps): update dependency pydash to v8.0.1 by @renovate in eduMFA#124
- chore(deps): update dependency docutils to v0.21.2 by @renovate in eduMFA#127
- chore(deps): update dependency furo to v2024.5.6 by @renovate in eduMFA#128
- chore(deps): update dependency itsdangerous to v2.2.0 by @renovate in eduMFA#133
- chore(deps): update dependency huey to v2.5.0 by @renovate in eduMFA#132
- chore(deps): update dependency croniter to v2 by @renovate in eduMFA#131
- chore(deps): update dependency argon2-cffi to v23 by @renovate in eduMFA#130
- chore(deps): update dependency pycparser to v2.22 by @renovate in eduMFA#135
- chore(deps): update dependency mock to v5.1.0 by @renovate in eduMFA#134
- chore(deps): update dependency pygments to v2.18.0 by @renovate in eduMFA#136
- chore(deps): update dependency segno to v1.6.1 by @renovate in eduMFA#139
- chore(deps): update dependency soupsieve to v2.5 by @renovate in eduMFA#140
- chore(deps): update dependency testfixtures to v7.2.2 by @renovate in eduMFA#142
- chore(deps): update dependency python-dateutil to v2.9.0.post0 by @renovate in eduMFA#138
- chore(deps): update dependency google-auth to v2.29.0 by @renovate in eduMFA#129
- chore(deps): update dependency pytest to v7.4.4 by @renovate in eduMFA#137
- chore(deps): update dependency zipp to v3.18.1 by @renovate in eduMFA#144
- chore(deps): update dependency typing-extensions to v4.11.0 by @renovate in eduMFA#143
- chore(deps): update dependency sphinxcontrib-plantuml to v0.29 by @renovate in eduMFA#141
- feat: add email headers to prevent auto-replies by @j-hoff in eduMFA#152
- chore(deps): update dependency pymysql to v1.1.1 [security] by @renovate in eduMFA#155
- chore(deps): bump requests from 2.31.0 to 2.32.2 in the pip group across 1 directory by @dependabot in eduMFA#156
- chore: upgrade dependencies by @fritterhoff in eduMFA#157
- docs: get rid of plantuml dep by replacing uml with prerendered png by @j-hoff in eduMFA#160
- chore: Configure Renovate by @renovate in eduMFA#7
- chore: do not inherit from
object
by @aburch in eduMFA#61 - chore: fix doc dependencies by @fritterhoff in eduMFA#80
- docs: update documentation (no corresponding issue) by @Thaoden in eduMFA#87
- fix: migration for apache and nginx packages by @Luc1412 in eduMFA#88
- fix: print logo to stderr by @Johnnynator in eduMFA#89
- fix: correct audit log rotation example in crontab by @Johnnynator in eduMFA#103
- fix: correct cronjob by @Johnnynator in eduMFA#102
- test: add missing sms provider tests by @j-hoff in eduMFA#109
- feat: add support for PostgreSQL in backup script by @Johnnynator in eduMFA#10
- docs: change docs theme to furo + upgrade docs dependencies by @Luc1412 in https://github.com/eduMFA/eduMFA/pull/908
- chore(deps): update dependency pytz to v2024 by @renovate in eduMFA#107
- chore(deps): update dependency pydash to v8 by @renovate in eduMFA#106
- chore(deps): update dependency netaddr to v0.10.1 by @renovate in eduMFA#111
- chore(deps): update dependency babel to v2.14.0 by @renovate in eduMFA#67
- chore(deps): update dependency alembic to v1.13.1 by @renovate in eduMFA#66
- chore(deps): update dependency werkzeug to v3.0.2 by @renovate in eduMFA#65
- chore(deps): update dependency sqlalchemy to v1.4.52 by @renovate in eduMFA#64
- chore(deps): update dependency flask-migrate to v4.0.7 by @renovate in eduMFA#63
- chore(deps): update softprops/action-gh-release action to v2 by @renovate in eduMFA#60
- chore(deps): update dependency idna to v3.7 [security] by @renovate in eduMFA#55
- chore(deps): update actions/checkout action to v4 by @renovate in eduMFA#58
- chore(deps): update dependency flask to v3.0.3 by @renovate in eduMFA#62
- chore(deps): update dependency async-timeout to v4.0.3 by @renovate in eduMFA#68
- chore(deps): update dependency smpplib to v2.2.3 by @renovate in eduMFA#73
- chore(deps): update dependency cachetools to v5.3.3 by @renovate in eduMFA#69
- chore(deps): update dependency sphinxcontrib-qthelp to v1.0.7 by @renovate in eduMFA#77
- chore(deps): update dependency sphinxcontrib-htmlhelp to v2.0.5 by @renovate in eduMFA#76
- chore(deps): update dependency sphinxcontrib-applehelp to v1.0.8 by @renovate in eduMFA#74
- chore(deps): update dependency sphinxcontrib-devhelp to v1.0.6 by @renovate in eduMFA#75
- chore(deps): update dependency croniter to v1.4.1 by @renovate in eduMFA#86
- chore(deps): update dependency charset-normalizer to v3.3.2 by @renovate in eduMFA#85
- chore(deps): update dependency cffi to v1.16.0 by @renovate in eduMFA#84
- chore(deps): update dependency cbor2 to v5.6.3 by @renovate in eduMFA#82
- chore(deps): update dependency bcrypt to v4.1.2 by @renovate in eduMFA#79
- chore(deps): update dependency responses to v0.25.0 by @renovate in eduMFA#101
- chore(deps): update dependency redis to v4.6.0 by @renovate in eduMFA#100
- chore(deps): update dependency pykcs11 to v1.5.15 by @renovate in eduMFA#71
- chore(deps): update dependency lxml to v5.2.1 by @renovate in eduMFA#94
- chore(deps): update dependency pyjwt to v2.8.0 by @renovate in eduMFA#96
- chore: switch to psycopg2 instead of psycopg2-binary
- fix: correct sequence creation for galera
- ci: build ubuntu packages always (only upload on release)
Caution
This release drops support for Python 3.6 and Python 3.7.
Both versions are deprecated and no longer supported by eduMFA. In favor of major dependency upgrades and supporting Python 3.11 and 3.12 the outdated versions are removed!
- chore: Several (major) dependency upgrades
- chore: Rework CLI tools and drop
Flask-Script
- fix: correct location of venv for ubuntu packages by @Luc1412 in eduMFA#47
- fix: ignore revoked, disabled webauthn tokens for passkey auth by @fritterhoff in eduMFA#50
- fix: correct handling of login mode by @fritterhoff in eduMFA#48
- feat: api: set tokeninfo on init by @j-hoff in eduMFA#36
- feat: add ubuntu packages by @Luc1412 in eduMFA#13
- feat: log passkey usage by @fritterhoff in eduMFA#30
- feat: allow customization of passkey label by @fritterhoff in eduMFA#42
- feat: more detailed logging for eduMFA migration script by @fritterhoff in eduMFA#44
- fix: add missing flask-migrate logging by @fritterhoff in eduMFA#41
- fixed typo: Attributes -> Attributes by @linuxrrze in eduMFA#43
- ci: fix branch names by @fritterhoff in eduMFA#22
- docs: start fixing incorrect camel case by @fritterhoff in eduMFA#25
- docs: cleanup old refs and fix path names by @j-hoff in eduMFA#28
- docs: use fu repo by @fritterhoff in eduMFA#33
- docs: add docu for new sms provider "Http Message To Uid Provider" by @j-hoff in eduMFA#21
- feat: smstoken: add configurable URL which is called after check, extend test by @j-hoff in eduMFA#18
- feat: make result value available in logginghandler, verbosely log set tokeninfo by @j-hoff in eduMFA#19
- feat: new API endpoint POST /info/ to bulk modify tokeninfo by @j-hoff in eduMFA#20
- feat: token janitor find by user by @pmainz in eduMFA#32
- fix: make ldap connections persistent and restartable by @j-hoff in eduMFA#16
- fix: wrong indentation caused false "Action .. requires serial number" line by @j-hoff in eduMFA#17
- fix: improve handling of resident keys by @fritterhoff in eduMFA#26
- fix: rename provider module names in DB on migration by @j-hoff in eduMFA#29
- Fixed handling Windows Hello passkeys
- Include curl in container to enable health checks
- Bugfixes for CI and docs
- Only bugfix release for CI actions no functional changes
- Only bugfix release for CI actions no functional changes
- Add option to enroll passkeys
- Add option to include description in user notifications
- Add containers as release artifacts
- Add option to filter the user_token_number on a given range instead of constant
- Add option to use the
Remote-User
header behind a reverse proxy