2 step enrollment + Event handler

Hello all
I use privacyIDEA 3.6
I configured 2 step enrollment token via privacyIDEA authentication app.

Now I want to create Event handler (or other rule/policy) which will delete tokens with the “rollout_state”:“clientwait” for more than 10 minutes old. Please tell me how to configure it? (what other solutions can be?)

P.S. Users can start enrollment token process and not activate the token until the end, but a token will already be assigned to the user. This will result in many tokens assigned to user.

I already limited the number of “max_active_token_per_user”: “1”, “max_token_per_user”: “1”

I want to implement something similar to this:

  • Authenticate user and retrieve authorization token.
  • Display token QR code and ask for OTP as verification.
  • Validate Phone part.
  • If validation succeeded, enable the token.
  • Otherwise, delete the token.

You need an additional timestamp.
and you can not use an event handler in your case to delete a token!

  • Use a token event handler to set an arbitrary timestamp during enrollment
  • use the token-janitor to search tokens with the client_wait state and the corresponding timestampt to delete these tokens.

Thanks for the reply!
I will give feedback when I tune according to your recommendations.

I configured event handler (set timestamp {current_time}).
However in token-janitor missing function to find rollout_state.
Tell me please how to set it up?

This is currently worked on:

It will be available in v3.7

Great news,
Thanks for the reply!