Cornelius Kölbel

It is not quite clear, what you want to achieve. So you are looking for a new tokentype that provides a static password for authenticating at certain applications? To implement...

Not from within privacyIDEA. The webserver cert could be accessed by an external script. But we have access to the cert of the LDAP server and to the CA cert,...

We could have a service or tool that checks several end points (like LDAP, SMTP Server, SMS Gateways...) if there are certificates, that are about to expire. These results could...

This would mean making the `key_enc` DB column longer.

I would try to keep the credential_id at one place (e.g. the key_enc). I think also for support it is a bad idea to sometimes store the credential_id in one...

Increase the column width. Please check, if e.g. 2048 -> 4096 would be sufficient.

# Idea of separated UI The idea of separating the UI is to improve security. The privacyIDEA server with the database can be located in a secured network segement. The...

You may want to take a look at #711. http://privacyidea.readthedocs.io/en/latest/eventhandler/federationhandler.html This could also be a start for this, we would only have to forward the authorization header for other calls...

First simple step is to be able to provide a different [index.html](https://github.com/privacyidea/privacyidea/blob/master/privacyidea/webui/login.py#L186). This could pull up complete different templates and javascript framework. The index.html could be configured in ``pi.cfg``.

If you want a user to enroll a certificate if he can present an OTP value you may be considering this approach: * The user needs to authenticate against privacyIDEA...