Cornelius Kölbel

Maybe in the future this could be done via policies.

I see. Your reverse proxy does something like otp.example.com --> example.com/otp Yes, this is currently not supported. Running privacyidea and addressing it via example.com/otp should fully work. This is due...

Is this the intended behaviour? Does it currently work differently? Please describe. In which situation would an admin do a rollover?

I think this two does not need to work togeather, since a 2-step-enrollment is an implicit verified enrollment. So we should rather ensure, that, if 2-step-enrollment is active it overrules...

For starters I added a note in the docs. https://github.com/privacyidea/privacyidea/pull/3184

Do I understand you correctly, that you are logging in at the privacyIDEA with privacyIDEA as a SAML SP? ...and you expect the privacyIDEA Logout button to issue a SAML...

I think we should put this into a webui policy.

In the event handler context we need the user object and the token serial number. If we had a generic replacement function, that takes the token owner and a serial...

I am rethinking about this and I am wonderung if we should keep the existing FireBaseProvider intact and add another one, a NetKnightsFirebaseProvider, inherited from the Generic Firebase Provider. This...

We should add a config/policy option for the used keysize and algorithm. This way RSA4096 can remain std and we can smoothly change to ecdsa or anything else over time....