Duplicate event notification with challenge_response 2fa

Hi,
I have setup two factor with htop as challenge response with checkpoint fw
on version 2.16 and I want to setup email user notification when someone
successfully authenticate to VPN.
Is it possible to configure event handler which will send email
notification only after successful second factor authentication? Currently
I am receiving two notification after each validate_check is performed so
two same emails per login.
Thanks a lot
Miro

Yes, this is possible with the conditions of the event handlers.Am Montag, 21. November 2016 08:27:49 UTC+1 schrieb Payne:

Hi,
I have setup two factor with htop as challenge response with checkpoint fw
on version 2.16 and I want to setup email user notification when someone
successfully authenticate to VPN.
Is it possible to configure event handler which will send email
notification only after successful second factor authentication? Currently
I am receiving two notification after each validate_check is performed so
two same emails per login.
Thanks a lot
Miro

Hi Cornelius,
Please help me which condition, i tested all options and always get two emails
Thanks a lot
Miro

Hello Cornelius,
sorry for my reply, I got wrong impression from your answer that you
understand my issue and already know which condition will configure
validate_check user event handler to send email only after successful
authentication. Please do not take my posts as I addressing some request or
demanding someone. I like very much privacyidea it is a great product and
you guys are doing great job.

I try to explain my issue again, hope now in much better way

I have 2.16 version installed on debian 8.6. I have only one authentication
policy with challenge_response set to hotp, and otppin set to user store.
Users are authenticating first against AD and after success they are
authenticate against hotp as challenge-response. For user notification, I
setup validate_check event to send email to user which is logged to VPN.
Unfortunately this event handler is sending email immediately when
validate_check is performed (before password is entered) and then again
when radius ask OTP challenge-response before I enter OTP, user will get
two same emails.
I would like to send email only if user is successfully authenticated. From
condition list, it seems to me only result_value should help, but if it set
to True or False it is not sending any email.
From debug log I don’t see reason why result_value=True/False failed to
sent email.

Here is Debug log where result_value=True no email sent:
[2016-11-29
18:26:07,562][11502][139850836195072][DEBUG][privacyidea.lib.event:64]
Handling event validate_check with {‘handlermodule’: u’UserNotification’,
‘ordering’: 0L, ‘event’: [u’validate_check’], ‘options’: {u’body’:
u’{username} sa prihlasil do VPN XXX’, u’emailconfig’: u’exchange’, u’To
email’: u’XXX’, u’To’: u’tokenowner’, u’subject’: u’Prihlasenie do VPN’},
‘action’: u’sendmail’, ‘conditions’: {u’tokenrealm’: u’defrealm’,
u’result_value’: u’True’}, ‘id’: 4L, ‘condition’: u’’}
[2016-11-29
18:26:07,562][11502][139850836195072][DEBUG][privacyidea.lib.event:64]
Handling event validate_check with {‘handlermodule’: u’UserNotification’,
‘ordering’: 0L, ‘event’: [u’validate_check’], ‘options’: {u’body’:
u’{username} sa prihlasil do VPN XXX’, u’emailconfig’: u’exchange’, u’To
email’: u’XXX’, u’To’: u’tokenowner’, u’subject’: u’Prihlasenie do VPN’},
‘action’: u’sendmail’, ‘conditions’: {u’tokenrealm’: u’defrealm’,
u’result_value’: u’True’}, ‘id’: 4L, ‘condition’: u’’}
[2016-11-29
18:26:07,563][11502][139850836195072][DEBUG][privacyidea.lib.token:179]
Entering get_tokens with arguments () and keywords {‘serial’: None}
[2016-11-29
18:26:07,566][11502][139850836195072][DEBUG][privacyidea.lib.token:179]
Entering create_tokenclass_object with arguments (<<class
’privacyidea.models.Token’> {"‘active’": ‘True’, “‘count_window’”: ‘10L’,
"‘key_enc’":
“u’7281da5b0307bb78d977f96ec81eb7fda36f8d2d5c1e3fa25491a9d9ba57c321298f9166457a5b5200e5cdc843a9a856f3df203abc31ce016aabc74a11af1bd4ec06ad093d6dbd08ec8149175cafafccd07e3afe4818695f6704cdde7f640c1f’”,
"‘pin_hash’": “u’’”, “‘so_pin’”: “u’’”, “‘user_id’”:
“u’ae52c2a9-03f2-4de0-99e7-25e810620001’”, “‘otplen’”: ‘6L’, “‘so_pin_iv’”:
“u’’”, “‘serial’”: “u’OATH000053A1’”, “‘revoked’”: ‘False’, “‘locked’”:
‘False’, “‘maxfail’”: ‘20L’, “‘count’”: ‘6L’, “‘pin_seed’”: “u’’”,
"‘sync_window’": ‘1000L’, “‘description’”: “u’’”, “‘resolver_type’”:
“u’ldapresolver’”, “‘user_pin_iv’”: “u’’”, “‘user_pin’”: “u’’”,
"‘rollout_state’": “u’’”, “‘failcount’”: ‘0L’, “’_sa_instance_state’”:
’<sqlalchemy.orm.state.InstanceState object at 0x7f317ad04890>’, “‘id’”:
‘5L’, “‘resolver’”: “u’AD’”, “‘key_iv’”:
“u’ea590ab17c3349934f4cb088b955cd61’”, “‘tokentype’”: “u’hotp’”}>,) and
keywords {}
[2016-11-29
18:26:07,568][11502][139850836195072][DEBUG][privacyidea.lib.config:179]
Entering get_token_module_list with arguments () and keywords {}
[2016-11-29
18:26:07,568][11502][139850836195072][DEBUG][privacyidea.lib.config:179]
Entering get_token_list with arguments () and keywords {}

Debug log without result_value, sent 2 emails:
[2016-11-29
18:02:50,887][11502][139850777446144][DEBUG][privacyidea.lib.event:64]
Handling event validate_check with {‘handlermodule’: u’UserNotification’,
‘ordering’: 0L, ‘event’: [u’validate_check’], ‘options’: {u’body’:
u’{username} sa prihlasil do VPN XXX’, u’emailconfig’: u’exchange’, u’To
email’: u’XXX@XXX.sk’, u’To’: u’tokenowner’, u’subject’: u’Prihlasenie do
VPN’}, ‘action’: u’sendmail’, ‘conditions’: {u’tokenrealm’: u’defrealm’},
‘id’: 4L, ‘condition’: u’’}
[2016-11-29
18:02:50,887][11502][139850777446144][DEBUG][privacyidea.lib.event:64]
Handling event validate_check with {‘handlermodule’: u’UserNotification’,
‘ordering’: 0L, ‘event’: [u’validate_check’], ‘options’: {u’body’:
u’{username} sa prihlasil do VPN XXX’, u’emailconfig’: u’exchange’, u’To
email’: u’XXX@XXX.sk’, u’To’: u’tokenowner’, u’subject’: u’Prihlasenie do
VPN’}, ‘action’: u’sendmail’, ‘conditions’: {u’tokenrealm’: u’defrealm’},
‘id’: 4L, ‘condition’: u’’}
[2016-11-29
18:02:50,971][11502][139850777446144][DEBUG][privacyidea.lib.event:76]
Handling event validate_check with options{‘handler_def’: {‘handlermodule’:
u’UserNotification’, ‘ordering’: 0L, ‘event’: [u’validate_check’],
‘options’: {u’body’: u’{username} sa prihlasil do VPN XXX’,
u’emailconfig’: u’exchange’, u’To email’: u’XXX@XXX.sk’, u’To’:
u’tokenowner’, u’subject’: u’Prihlasenie do VPN’}, ‘action’: u’sendmail’,
‘conditions’: {u’tokenrealm’: u’defrealm’}, ‘id’: 4L, ‘condition’: u’’},
‘request’: <Request ‘https://localhost/validate/check’ [POST]>, ‘response’:
<Response 349 bytes [200 OK]>, ‘g’: <flask.g of ‘privacyidea.app’>}
[2016-11-29
18:02:50,971][11502][139850777446144][DEBUG][privacyidea.lib.event:76]
Handling event validate_check with options{‘handler_def’: {‘handlermodule’:
u’UserNotification’, ‘ordering’: 0L, ‘event’: [u’validate_check’],
‘options’: {u’body’: u’{username} sa prihlasil do VPN XXX’,
u’emailconfig’: u’exchange’, u’To email’: u’XXX@XXX.sk’, u’To’:
u’tokenowner’, u’subject’: u’Prihlasenie do VPN’}, ‘action’: u’sendmail’,
‘conditions’: {u’tokenrealm’: u’defrealm’}, ‘id’: 4L, ‘condition’: u’’},
‘request’: <Request ‘https://localhost/validate/check’ [POST]>, ‘response’:
<Response 349 bytes [200 OK]>, ‘g’: <flask.g of ‘privacyidea.app’>}
[2016-11-29
18:02:50,972][11502][139850777446144][DEBUG][privacyidea.lib.eventhandler.usernotification:343]
Executing event for action sendmail, user XXX.AD@defrealm,logged_in_user
{}
[2016-11-29
18:02:50,972][11502][139850777446144][DEBUG][privacyidea.lib.eventhandler.usernotification:343]
Executing event for action sendmail, user XXX.AD@defrealm,logged_in_user
{}
[2016-11-29
18:02:51,370][11502][139850777446144][INFO][privacyidea.lib.eventhandler.usernotification:453]
Sent a notification email to user {‘username’: u’XXX’, ‘userrealm’:
u’defrealm’, ‘surname’: u’XXX’, ‘mobile’: [u’XXX’], ‘givenname’: u’XXX’,
‘email’: u’XXX.XXX@XXX.sk’}
[2016-11-29
18:02:51,370][11502][139850777446144][INFO][privacyidea.lib.eventhandler.usernotification:453]
Sent a notification email to user {‘username’: u’XXX’, ‘userrealm’:
u’defrealm’, ‘surname’: u’XXX’, ‘mobile’: [u’XXX’], ‘givenname’: u’XXX’,
‘email’: u’XXX.XXX@XXX.sk’}
[2016-11-29
18:02:54,701][11502][139850869765888][DEBUG][privacyidea.lib.event:64]
Handling event validate_check with {‘handlermodule’: u’UserNotification’,
‘ordering’: 0L, ‘event’: [u’validate_check’], ‘options’: {u’body’:
u’{username} sa prihlasil do VPN XXX’, u’emailconfig’: u’exchange’, u’To
email’: u’XXX@XXX.sk’, u’To’: u’tokenowner’, u’subject’: u’Prihlasenie do
VPN’}, ‘action’: u’sendmail’, ‘conditions’: {u’tokenrealm’: u’defrealm’},
‘id’: 4L, ‘condition’: u’’}
[2016-11-29
18:02:54,701][11502][139850869765888][DEBUG][privacyidea.lib.event:64]
Handling event validate_check with {‘handlermodule’: u’UserNotification’,
‘ordering’: 0L, ‘event’: [u’validate_check’], ‘options’: {u’body’:
u’{username} sa prihlasil do VPN XXX’, u’emailconfig’: u’exchange’, u’To
email’: u’XXX@XXX.sk’, u’To’: u’tokenowner’, u’subject’: u’Prihlasenie do
VPN’}, ‘action’: u’sendmail’, ‘conditions’: {u’tokenrealm’: u’defrealm’},
‘id’: 4L, ‘condition’: u’’}
[2016-11-29
18:02:54,721][11502][139850869765888][DEBUG][privacyidea.lib.event:76]
Handling event validate_check with options{‘handler_def’: {‘handlermodule’:
u’UserNotification’, ‘ordering’: 0L, ‘event’: [u’validate_check’],
‘options’: {u’body’: u’{username} sa prihlasil do VPN XXX’, u’emailconfig’:
u’exchange’, u’To email’: u’XXX@XXX.sk’, u’To’: u’tokenowner’, u’subject’:
u’Prihlasenie do VPN’}, ‘action’: u’sendmail’, ‘conditions’:
{u’tokenrealm’: u’defrealm’}, ‘id’: 4L, ‘condition’: u’’}, ‘request’:
<Request ‘https://localhost/validate/check’ [POST]>, ‘response’: <Response
313 bytes [200 OK]>, ‘g’: <flask.g of ‘privacyidea.app’>}
[2016-11-29
18:02:54,721][11502][139850869765888][DEBUG][privacyidea.lib.event:76]
Handling event validate_check with options{‘handler_def’: {‘handlermodule’:
u’UserNotification’, ‘ordering’: 0L, ‘event’: [u’validate_check’],
‘options’: {u’body’: u’{username} sa prihlasil do VPN XXX’, u’emailconfig’:
u’exchange’, u’To email’: u’XXX@XXX.sk’, u’To’: u’tokenowner’, u’subject’:
u’Prihlasenie do VPN’}, ‘action’: u’sendmail’, ‘conditions’:
{u’tokenrealm’: u’defrealm’}, ‘id’: 4L, ‘condition’: u’’}, ‘request’:
<Request ‘https://localhost/validate/check’ [POST]>, ‘response’: <Response
313 bytes [200 OK]>, ‘g’: <flask.g of ‘privacyidea.app’>}
[2016-11-29
18:02:54,722][11502][139850869765888][DEBUG][privacyidea.lib.eventhandler.usernotification:343]
Executing event for action sendmail, user XXX.AD@defrealm,logged_in_user
{}
[2016-11-29
18:02:54,722][11502][139850869765888][DEBUG][privacyidea.lib.eventhandler.usernotification:343]
Executing event for action sendmail, user XXX.AD@defrealm,logged_in_user
{}
[2016-11-29
18:02:55,103][11502][139850869765888][INFO][privacyidea.lib.eventhandler.usernotification:453]
Sent a notification email to user {‘username’: u’XXX’, ‘userrealm’:
u’defrealm’, ‘surname’: u’XXX’, ‘mobile’: [u’XXX’], ‘givenname’: u’XXX’,
‘email’: u’XXX.XXX@XXX.sk’}
[2016-11-29
18:02:55,103][11502][139850869765888][INFO][privacyidea.lib.eventhandler.usernotification:453]
Sent a notification email to user {‘username’: u’XXX’, ‘userrealm’:
u’defrealm’, ‘surname’: u’XXX’, ‘mobile’: [u’XXX’], ‘givenname’: u’XXX’,
‘email’: u’XXX.XXX@XXX.sk’}

all suggestions are welcome
Thanks a lot
Miro

Dňa utorok, 29. novembra 2016 11:23:46 UTC+1 Cornelius Kölbel napísal(-a):>

Hello Miro,

since you, Miro, are addressing me directly, I respond also quite
frankly.

You did not provide any of your settings. How should I help you?
You really must improve your way of asking questions. Analyze your
problem yourself. Try to explain it. Try to provide all information.
Your way of asking questions in a community forum really sucks. Ask
Alan DeKok this way and see which answer you will get :wink:

You know I also ask questions in community forums and I try to explain
everything in detail. Provide all information. Debug logs.
And guess what! When I am ready with writing my questions THIS WAY, I
usually see the answer myself because I have worked with the problem!

If jumping into a community I expect nothing less from you!

If you are reluctant to do so or have no knowledge or time to do basic
analysis on your own and ask questions this way, you really need to get
professional help.
You may be so tired of hearing me saying this. And I might drive a lot
of oh-opensource-is-for-free-guys away. But this is totally fine for
me.

And yes. I am making money with open source. This is the concept here.
Like it or leave.

You might want to get professional help and look here and get a
consulting or support contingent.
https://netknights.it/en/leistungen/one-time-services/
If you can not afford this - which I do not believe since you are
connecting it to a CHECKPOINT firewall - you need to put more of your
own time into this!

Kind regards
Cornelius

Am Dienstag, den 29.11.2016, 01:08 -0800 schrieb Payne:

Hi Cornelius,
Please help me which condition, i tested all options and always get
two emails
Thanks a lot
Miro


Cornelius Kölbel
corneliu...@netknights.it <javascript:>
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

Hello Miro,

since you, Miro, are addressing me directly, I respond also quite
frankly.

You did not provide any of your settings. How should I help you?
You really must improve your way of asking questions. Analyze your
problem yourself. Try to explain it. Try to provide all information.
Your way of asking questions in a community forum really sucks. Ask
Alan DeKok this way and see which answer you will get :wink:

You know I also ask questions in community forums and I try to explain
everything in detail. Provide all information. Debug logs.
And guess what! When I am ready with writing my questions THIS WAY, I
usually see the answer myself because I have worked with the problem!

If jumping into a community I expect nothing less from you!

If you are reluctant to do so or have no knowledge or time to do basic
analysis on your own and ask questions this way, you really need to get
professional help.
You may be so tired of hearing me saying this. And I might drive a lot
of oh-opensource-is-for-free-guys away. But this is totally fine for
me.

And yes. I am making money with open source. This is the concept here.
Like it or leave.

You might want to get professional help and look here and get a
consulting or support contingent.
https://netknights.it/en/leistungen/one-time-services/
If you can not afford this - which I do not believe since you are
connecting it to a CHECKPOINT firewall - you need to put more of your
own time into this!

Kind regards
CorneliusAm Dienstag, den 29.11.2016, 01:08 -0800 schrieb Payne:

Hi Cornelius,
Please help me which condition, i tested all options and always get
two emails
Thanks a lot
Miro


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (819 Bytes)

Thanks a lot Cornelius

Dňa streda, 30. novembra 2016 8:38:22 UTC+1 Cornelius Kölbel napísal(-a):>

Hello Miro,

thanks a lot for your more detailed description. The information about
challenge response was important.
The notification handler has not been tested with challenge response
and this is why we indeed run into a problem here.

I opened an issue at github for this
https://github.com/privacyidea/privacyidea/issues/559

You are welcome to monitor/subscribe to this issue.
It would be helpful if you tested this before the next release.

Kind regards
Cornelius

Am Dienstag, den 29.11.2016, 10:56 -0800 schrieb Payne:

Hello Cornelius,
sorry for my reply, I got wrong impression from your answer that you
understand my issue and already know which condition will configure
validate_check user event handler to send email only after successful
authentication. Please do not take my posts as I addressing some
request or demanding someone. I like very much privacyidea it is a
great product and you guys are doing great job.

I try to explain my issue again, hope now in much better way

I have 2.16 version installed on debian 8.6. I have only one
authentication policy with challenge_response set to hotp, and otppin
set to user store. Users are authenticating first against AD and
after success they are authenticate against hotp as challenge-
response. For user notification, I setup validate_check event to send
email to user which is logged to VPN. Unfortunately this event
handler is sending email immediately when validate_check is performed
(before password is entered) and then again when radius ask OTP
challenge-response before I enter OTP, user will get two same
emails.
I would like to send email only if user is successfully
authenticated. From condition list, it seems to me only result_value
should help, but if it set to True or False it is not sending any
email.
From debug log I don’t see reason why result_value=True/False failed
to sent email.

Here is Debug log where result_value=True no email sent:
[2016-11-29
18:26:07,562][11502][139850836195072][DEBUG][privacyidea.lib.event:64
] Handling event validate_check with {‘handlermodule’:
u’UserNotification’, ‘ordering’: 0L, ‘event’: [u’validate_check’],
‘options’: {u’body’: u’{username} sa prihlasil do VPN XXX’,
u’emailconfig’: u’exchange’, u’To email’: u’XXX’, u’To’:
u’tokenowner’, u’subject’: u’Prihlasenie do VPN’}, ‘action’:
u’sendmail’, ‘conditions’: {u’tokenrealm’: u’defrealm’,
u’result_value’: u’True’}, ‘id’: 4L, ‘condition’: u’’}
[2016-11-29
18:26:07,562][11502][139850836195072][DEBUG][privacyidea.lib.event:64
] Handling event validate_check with {‘handlermodule’:
u’UserNotification’, ‘ordering’: 0L, ‘event’: [u’validate_check’],
‘options’: {u’body’: u’{username} sa prihlasil do VPN XXX’,
u’emailconfig’: u’exchange’, u’To email’: u’XXX’, u’To’:
u’tokenowner’, u’subject’: u’Prihlasenie do VPN’}, ‘action’:
u’sendmail’, ‘conditions’: {u’tokenrealm’: u’defrealm’,
u’result_value’: u’True’}, ‘id’: 4L, ‘condition’: u’’}
[2016-11-29
18:26:07,563][11502][139850836195072][DEBUG][privacyidea.lib.token:17
9] Entering get_tokens with arguments () and keywords {‘serial’:
None}
[2016-11-29
18:26:07,566][11502][139850836195072][DEBUG][privacyidea.lib.token:17
9] Entering create_tokenclass_object with arguments (<<class
’privacyidea.models.Token’> {"‘active’": ‘True’, “‘count_window’”:
‘10L’, “‘key_enc’”:
“u’7281da5b0307bb78d977f96ec81eb7fda36f8d2d5c1e3fa25491a9d9ba57c32129
8f9166457a5b5200e5cdc843a9a856f3df203abc31ce016aabc74a11af1bd4ec06ad0
93d6dbd08ec8149175cafafccd07e3afe4818695f6704cdde7f640c1f’”,
"‘pin_hash’": “u’’”, “‘so_pin’”: “u’’”, “‘user_id’”: “u’ae52c2a9-
03f2-4de0-99e7-25e810620001’”, “‘otplen’”: ‘6L’, “‘so_pin_iv’”:
“u’’”, “‘serial’”: “u’OATH000053A1’”, “‘revoked’”: ‘False’,
"‘locked’": ‘False’, “‘maxfail’”: ‘20L’, “‘count’”: ‘6L’,
"‘pin_seed’": “u’’”, “‘sync_window’”: ‘1000L’, “‘description’”:
“u’’”, “‘resolver_type’”: “u’ldapresolver’”, “‘user_pin_iv’”: “u’’”,
"‘user_pin’": “u’’”, “‘rollout_state’”: “u’’”, “‘failcount’”: ‘0L’,
"’_sa_instance_state’": ‘<sqlalchemy.orm.state.InstanceState object
at 0x7f317ad04890>’, “‘id’”: ‘5L’, “‘resolver’”: “u’AD’”, “‘key_iv’”:
“u’ea590ab17c3349934f4cb088b955cd61’”, “‘tokentype’”: “u’hotp’”}>,)
and keywords {}
[2016-11-29
18:26:07,568][11502][139850836195072][DEBUG][privacyidea.lib.config:1
79] Entering get_token_module_list with arguments () and keywords {}
[2016-11-29
18:26:07,568][11502][139850836195072][DEBUG][privacyidea.lib.config:1
79] Entering get_token_list with arguments () and keywords {}

Debug log without result_value, sent 2 emails:
[2016-11-29
18:02:50,887][11502][139850777446144][DEBUG][privacyidea.lib.event:64
] Handling event validate_check with {‘handlermodule’:
u’UserNotification’, ‘ordering’: 0L, ‘event’: [u’validate_check’],
‘options’: {u’body’: u’{username} sa prihlasil do VPN XXX’,
u’emailconfig’: u’exchange’, u’To email’: u’XXX@XXX.sk’, u’To’:
u’tokenowner’, u’subject’: u’Prihlasenie do VPN’}, ‘action’:
u’sendmail’, ‘conditions’: {u’tokenrealm’: u’defrealm’}, ‘id’: 4L,
‘condition’: u’’}
[2016-11-29
18:02:50,887][11502][139850777446144][DEBUG][privacyidea.lib.event:64
] Handling event validate_check with {‘handlermodule’:
u’UserNotification’, ‘ordering’: 0L, ‘event’: [u’validate_check’],
‘options’: {u’body’: u’{username} sa prihlasil do VPN XXX’,
u’emailconfig’: u’exchange’, u’To email’: u’XXX@XXX.sk’, u’To’:
u’tokenowner’, u’subject’: u’Prihlasenie do VPN’}, ‘action’:
u’sendmail’, ‘conditions’: {u’tokenrealm’: u’defrealm’}, ‘id’: 4L,
‘condition’: u’’}
[2016-11-29
18:02:50,971][11502][139850777446144][DEBUG][privacyidea.lib.event:76
] Handling event validate_check with options{‘handler_def’:
{‘handlermodule’: u’UserNotification’, ‘ordering’: 0L, ‘event’:
[u’validate_check’], ‘options’: {u’body’: u’{username} sa prihlasil
do VPN XXX’, u’emailconfig’: u’exchange’, u’To email’:
u’XXX@XXX.sk’, u’To’: u’tokenowner’, u’subject’: u’Prihlasenie do
VPN’}, ‘action’: u’sendmail’, ‘conditions’: {u’tokenrealm’:
u’defrealm’}, ‘id’: 4L, ‘condition’: u’’}, ‘request’: <Request ‘https
://localhost/validate/check’ [POST]>, ‘response’: <Response 349 bytes
[200 OK]>, ‘g’: <flask.g of ‘privacyidea.app’>}
[2016-11-29
18:02:50,971][11502][139850777446144][DEBUG][privacyidea.lib.event:76
] Handling event validate_check with options{‘handler_def’:
{‘handlermodule’: u’UserNotification’, ‘ordering’: 0L, ‘event’:
[u’validate_check’], ‘options’: {u’body’: u’{username} sa prihlasil
do VPN XXX’, u’emailconfig’: u’exchange’, u’To email’:
u’XXX@XXX.sk’, u’To’: u’tokenowner’, u’subject’: u’Prihlasenie do
VPN’}, ‘action’: u’sendmail’, ‘conditions’: {u’tokenrealm’:
u’defrealm’}, ‘id’: 4L, ‘condition’: u’’}, ‘request’: <Request ‘https
://localhost/validate/check’ [POST]>, ‘response’: <Response 349 bytes
[200 OK]>, ‘g’: <flask.g of ‘privacyidea.app’>}
[2016-11-29
18:02:50,972][11502][139850777446144][DEBUG][privacyidea.lib.eventhan
dler.usernotification:343] Executing event for action sendmail, user
XXX.AD@defrealm,logged_in_user {}
[2016-11-29
18:02:50,972][11502][139850777446144][DEBUG][privacyidea.lib.eventhan
dler.usernotification:343] Executing event for action sendmail, user
XXX.AD@defrealm,logged_in_user {}
[2016-11-29
18:02:51,370][11502][139850777446144][INFO][privacyidea.lib.eventhand
ler.usernotification:453] Sent a notification email to user
{‘username’: u’XXX’, ‘userrealm’: u’defrealm’, ‘surname’: u’XXX’,
‘mobile’: [u’XXX’], ‘givenname’: u’XXX’, ‘email’: u’XXX.XXX@XXX.sk’}
[2016-11-29
18:02:51,370][11502][139850777446144][INFO][privacyidea.lib.eventhand
ler.usernotification:453] Sent a notification email to user
{‘username’: u’XXX’, ‘userrealm’: u’defrealm’, ‘surname’: u’XXX’,
‘mobile’: [u’XXX’], ‘givenname’: u’XXX’, ‘email’: u’XXX.XXX@XXX.sk’}
[2016-11-29
18:02:54,701][11502][139850869765888][DEBUG][privacyidea.lib.event:64
] Handling event validate_check with {‘handlermodule’:
u’UserNotification’, ‘ordering’: 0L, ‘event’: [u’validate_check’],
‘options’: {u’body’: u’{username} sa prihlasil do VPN XXX’,
u’emailconfig’: u’exchange’, u’To email’: u’XXX@XXX.sk’, u’To’:
u’tokenowner’, u’subject’: u’Prihlasenie do VPN’}, ‘action’:
u’sendmail’, ‘conditions’: {u’tokenrealm’: u’defrealm’}, ‘id’: 4L,
‘condition’: u’’}
[2016-11-29
18:02:54,701][11502][139850869765888][DEBUG][privacyidea.lib.event:64
] Handling event validate_check with {‘handlermodule’:
u’UserNotification’, ‘ordering’: 0L, ‘event’: [u’validate_check’],
‘options’: {u’body’: u’{username} sa prihlasil do VPN XXX’,
u’emailconfig’: u’exchange’, u’To email’: u’XXX@XXX.sk’, u’To’:
u’tokenowner’, u’subject’: u’Prihlasenie do VPN’}, ‘action’:
u’sendmail’, ‘conditions’: {u’tokenrealm’: u’defrealm’}, ‘id’: 4L,
‘condition’: u’’}
[2016-11-29
18:02:54,721][11502][139850869765888][DEBUG][privacyidea.lib.event:76
] Handling event validate_check with options{‘handler_def’:
{‘handlermodule’: u’UserNotification’, ‘ordering’: 0L, ‘event’:
[u’validate_check’], ‘options’: {u’body’: u’{username} sa prihlasil
do VPN XXX’, u’emailconfig’: u’exchange’, u’To email’: u’XXX@XXX.sk’,
u’To’: u’tokenowner’, u’subject’: u’Prihlasenie do VPN’}, ‘action’:
u’sendmail’, ‘conditions’: {u’tokenrealm’: u’defrealm’}, ‘id’: 4L,
‘condition’: u’’}, ‘request’: <Request ‘https://localhost/validate/ch
eck’ [POST]>, ‘response’: <Response 313 bytes [200 OK]>, ‘g’:
<flask.g of ‘privacyidea.app’>}
[2016-11-29
18:02:54,721][11502][139850869765888][DEBUG][privacyidea.lib.event:76
] Handling event validate_check with options{‘handler_def’:
{‘handlermodule’: u’UserNotification’, ‘ordering’: 0L, ‘event’:
[u’validate_check’], ‘options’: {u’body’: u’{username} sa prihlasil
do VPN XXX’, u’emailconfig’: u’exchange’, u’To email’: u’XXX@XXX.sk’,
u’To’: u’tokenowner’, u’subject’: u’Prihlasenie do VPN’}, ‘action’:
u’sendmail’, ‘conditions’: {u’tokenrealm’: u’defrealm’}, ‘id’: 4L,
‘condition’: u’’}, ‘request’: <Request ‘https://localhost/validate/ch
eck’ [POST]>, ‘response’: <Response 313 bytes [200 OK]>, ‘g’:
<flask.g of ‘privacyidea.app’>}
[2016-11-29
18:02:54,722][11502][139850869765888][DEBUG][privacyidea.lib.eventhan
dler.usernotification:343] Executing event for action sendmail, user
XXX.AD@defrealm,logged_in_user {}
[2016-11-29
18:02:54,722][11502][139850869765888][DEBUG][privacyidea.lib.eventhan
dler.usernotification:343] Executing event for action sendmail, user
XXX.AD@defrealm,logged_in_user {}
[2016-11-29
18:02:55,103][11502][139850869765888][INFO][privacyidea.lib.eventhand
ler.usernotification:453] Sent a notification email to user
{‘username’: u’XXX’, ‘userrealm’: u’defrealm’, ‘surname’: u’XXX’,
‘mobile’: [u’XXX’], ‘givenname’: u’XXX’, ‘email’: u’XXX.XXX@XXX.sk’}
[2016-11-29
18:02:55,103][11502][139850869765888][INFO][privacyidea.lib.eventhand
ler.usernotification:453] Sent a notification email to user
{‘username’: u’XXX’, ‘userrealm’: u’defrealm’, ‘surname’: u’XXX’,
‘mobile’: [u’XXX’], ‘givenname’: u’XXX’, ‘email’: u’XXX.XXX@XXX.sk’}

all suggestions are welcome
Thanks a lot
Miro

Hello Miro,

since you, Miro, are addressing me directly, I respond also quite
frankly.

You did not provide any of your settings. How should I help you?
You really must improve your way of asking questions. Analyze your
problem yourself. Try to explain it. Try to provide all
information.
Your way of asking questions in a community forum really sucks.
Ask
Alan DeKok this way and see which answer you will get :wink:

You know I also ask questions in community forums and I try to
explain
everything in detail. Provide all information. Debug logs.
And guess what! When I am ready with writing my questions THIS WAY,
I
usually see the answer myself because I have worked with the
problem!

If jumping into a community I expect nothing less from you!

If you are reluctant to do so or have no knowledge or time to do
basic
analysis on your own and ask questions this way, you really need to
get
professional help.
You may be so tired of hearing me saying this. And I might drive a
lot
of oh-opensource-is-for-free-guys away. But this is totally fine
for
me.

And yes. I am making money with open source. This is the concept
here.
Like it or leave.

You might want to get professional help and look here and get a
consulting or support contingent.
https://netknights.it/en/leistungen/one-time-services/
If you can not afford this - which I do not believe since you are
connecting it to a CHECKPOINT firewall - you need to put more of
your
own time into this!

Kind regards
Cornelius

Am Dienstag, den 29.11.2016, 01:08 -0800 schrieb Payne:

Hi Cornelius,
Please help me which condition, i tested all options and always
get
two emails
Thanks a lot
Miro


Cornelius Kölbel
corneliu...@netknights.it <javascript:>
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

Hello Miro,

thanks a lot for your more detailed description. The information about
challenge response was important.
The notification handler has not been tested with challenge response
and this is why we indeed run into a problem here.

I opened an issue at github for this

You are welcome to monitor/subscribe to this issue.
It would be helpful if you tested this before the next release.

Kind regards
CorneliusAm Dienstag, den 29.11.2016, 10:56 -0800 schrieb Payne:

Hello Cornelius,
sorry for my reply, I got wrong impression from your answer that you
understand my issue and already know which condition will configure
validate_check user event handler to send email only after successful
authentication. Please do not take my posts as I addressing some
request or demanding someone. I like very much privacyidea it is a
great product and you guys are doing great job.

I try to explain my issue again, hope now in much better way

I have 2.16 version installed on debian 8.6. I have only one
authentication policy with challenge_response set to hotp, and otppin
set to user store. Users are authenticating first against AD and
after success they are authenticate against hotp as challenge-
response. For user notification, I setup validate_check event to send
email to user which is logged to VPN. Unfortunately this event
handler is sending email immediately when validate_check is performed
(before password is entered) and then again when radius ask OTP
challenge-response before I enter OTP, user will get two same
emails.
I would like to send email only if user is successfully
authenticated. From condition list, it seems to me only result_value
should help, but if it set to True or False it is not sending any
email.
From debug log I don’t see reason why result_value=True/False failed
to sent email.

Here is Debug log where result_value=True no email sent:
[2016-11-29
18:26:07,562][11502][139850836195072][DEBUG][privacyidea.lib.event:64
] Handling event validate_check with {‘handlermodule’:
u’UserNotification’, ‘ordering’: 0L, ‘event’: [u’validate_check’],
‘options’: {u’body’: u’{username} sa prihlasil do VPN XXX’,
u’emailconfig’: u’exchange’, u’To email’: u’XXX’, u’To’:
u’tokenowner’, u’subject’: u’Prihlasenie do VPN’}, ‘action’:
u’sendmail’, ‘conditions’: {u’tokenrealm’: u’defrealm’,
u’result_value’: u’True’}, ‘id’: 4L, ‘condition’: u’’}
[2016-11-29
18:26:07,562][11502][139850836195072][DEBUG][privacyidea.lib.event:64
] Handling event validate_check with {‘handlermodule’:
u’UserNotification’, ‘ordering’: 0L, ‘event’: [u’validate_check’],
‘options’: {u’body’: u’{username} sa prihlasil do VPN XXX’,
u’emailconfig’: u’exchange’, u’To email’: u’XXX’, u’To’:
u’tokenowner’, u’subject’: u’Prihlasenie do VPN’}, ‘action’:
u’sendmail’, ‘conditions’: {u’tokenrealm’: u’defrealm’,
u’result_value’: u’True’}, ‘id’: 4L, ‘condition’: u’’}
[2016-11-29
18:26:07,563][11502][139850836195072][DEBUG][privacyidea.lib.token:17
9] Entering get_tokens with arguments () and keywords {‘serial’:
None}
[2016-11-29
18:26:07,566][11502][139850836195072][DEBUG][privacyidea.lib.token:17
9] Entering create_tokenclass_object with arguments (<<class
‘privacyidea.models.Token’> {"‘active’": ‘True’, “‘count_window’”:
‘10L’, “‘key_enc’”:
“u’7281da5b0307bb78d977f96ec81eb7fda36f8d2d5c1e3fa25491a9d9ba57c32129
8f9166457a5b5200e5cdc843a9a856f3df203abc31ce016aabc74a11af1bd4ec06ad0
93d6dbd08ec8149175cafafccd07e3afe4818695f6704cdde7f640c1f’”,
“‘pin_hash’”: “u’’”, “‘so_pin’”: “u’’”, “‘user_id’”: “u’ae52c2a9-
03f2-4de0-99e7-25e810620001’”, “‘otplen’”: ‘6L’, “‘so_pin_iv’”:
“u’’”, “‘serial’”: “u’OATH000053A1’”, “‘revoked’”: ‘False’,
“‘locked’”: ‘False’, “‘maxfail’”: ‘20L’, “‘count’”: ‘6L’,
“‘pin_seed’”: “u’’”, “‘sync_window’”: ‘1000L’, “‘description’”:
“u’’”, “‘resolver_type’”: “u’ldapresolver’”, “‘user_pin_iv’”: “u’’”,
“‘user_pin’”: “u’’”, “‘rollout_state’”: “u’’”, “‘failcount’”: ‘0L’,
“’_sa_instance_state’”: ‘<sqlalchemy.orm.state.InstanceState object
at 0x7f317ad04890>’, “‘id’”: ‘5L’, “‘resolver’”: “u’AD’”, “‘key_iv’”:
“u’ea590ab17c3349934f4cb088b955cd61’”, “‘tokentype’”: “u’hotp’”}>,)
and keywords {}
[2016-11-29
18:26:07,568][11502][139850836195072][DEBUG][privacyidea.lib.config:1
79] Entering get_token_module_list with arguments () and keywords {}
[2016-11-29
18:26:07,568][11502][139850836195072][DEBUG][privacyidea.lib.config:1
79] Entering get_token_list with arguments () and keywords {}

Debug log without result_value, sent 2 emails:
[2016-11-29
18:02:50,887][11502][139850777446144][DEBUG][privacyidea.lib.event:64
] Handling event validate_check with {‘handlermodule’:
u’UserNotification’, ‘ordering’: 0L, ‘event’: [u’validate_check’],
‘options’: {u’body’: u’{username} sa prihlasil do VPN XXX’,
u’emailconfig’: u’exchange’, u’To email’: u’XXX@XXX.sk’, u’To’:
u’tokenowner’, u’subject’: u’Prihlasenie do VPN’}, ‘action’:
u’sendmail’, ‘conditions’: {u’tokenrealm’: u’defrealm’}, ‘id’: 4L,
‘condition’: u’’}
[2016-11-29
18:02:50,887][11502][139850777446144][DEBUG][privacyidea.lib.event:64
] Handling event validate_check with {‘handlermodule’:
u’UserNotification’, ‘ordering’: 0L, ‘event’: [u’validate_check’],
‘options’: {u’body’: u’{username} sa prihlasil do VPN XXX’,
u’emailconfig’: u’exchange’, u’To email’: u’XXX@XXX.sk’, u’To’:
u’tokenowner’, u’subject’: u’Prihlasenie do VPN’}, ‘action’:
u’sendmail’, ‘conditions’: {u’tokenrealm’: u’defrealm’}, ‘id’: 4L,
‘condition’: u’’}
[2016-11-29
18:02:50,971][11502][139850777446144][DEBUG][privacyidea.lib.event:76
] Handling event validate_check with options{‘handler_def’:
{‘handlermodule’: u’UserNotification’, ‘ordering’: 0L, ‘event’:
[u’validate_check’], ‘options’: {u’body’: u’{username} sa prihlasil
do VPN XXX’, u’emailconfig’: u’exchange’, u’To email’:
u’XXX@XXX.sk’, u’To’: u’tokenowner’, u’subject’: u’Prihlasenie do
VPN’}, ‘action’: u’sendmail’, ‘conditions’: {u’tokenrealm’:
u’defrealm’}, ‘id’: 4L, ‘condition’: u’’}, ‘request’: <Request ‘https
://localhost/validate/check’ [POST]>, ‘response’: <Response 349 bytes
[200 OK]>, ‘g’: <flask.g of ‘privacyidea.app’>}
[2016-11-29
18:02:50,971][11502][139850777446144][DEBUG][privacyidea.lib.event:76
] Handling event validate_check with options{‘handler_def’:
{‘handlermodule’: u’UserNotification’, ‘ordering’: 0L, ‘event’:
[u’validate_check’], ‘options’: {u’body’: u’{username} sa prihlasil
do VPN XXX’, u’emailconfig’: u’exchange’, u’To email’:
u’XXX@XXX.sk’, u’To’: u’tokenowner’, u’subject’: u’Prihlasenie do
VPN’}, ‘action’: u’sendmail’, ‘conditions’: {u’tokenrealm’:
u’defrealm’}, ‘id’: 4L, ‘condition’: u’’}, ‘request’: <Request ‘https
://localhost/validate/check’ [POST]>, ‘response’: <Response 349 bytes
[200 OK]>, ‘g’: <flask.g of ‘privacyidea.app’>}
[2016-11-29
18:02:50,972][11502][139850777446144][DEBUG][privacyidea.lib.eventhan
dler.usernotification:343] Executing event for action sendmail, user
XXX.AD@defrealm,logged_in_user {}
[2016-11-29
18:02:50,972][11502][139850777446144][DEBUG][privacyidea.lib.eventhan
dler.usernotification:343] Executing event for action sendmail, user
XXX.AD@defrealm,logged_in_user {}
[2016-11-29
18:02:51,370][11502][139850777446144][INFO][privacyidea.lib.eventhand
ler.usernotification:453] Sent a notification email to user
{‘username’: u’XXX’, ‘userrealm’: u’defrealm’, ‘surname’: u’XXX’,
‘mobile’: [u’XXX’], ‘givenname’: u’XXX’, ‘email’: u’XXX.XXX@XXX.sk’}
[2016-11-29
18:02:51,370][11502][139850777446144][INFO][privacyidea.lib.eventhand
ler.usernotification:453] Sent a notification email to user
{‘username’: u’XXX’, ‘userrealm’: u’defrealm’, ‘surname’: u’XXX’,
‘mobile’: [u’XXX’], ‘givenname’: u’XXX’, ‘email’: u’XXX.XXX@XXX.sk’}
[2016-11-29
18:02:54,701][11502][139850869765888][DEBUG][privacyidea.lib.event:64
] Handling event validate_check with {‘handlermodule’:
u’UserNotification’, ‘ordering’: 0L, ‘event’: [u’validate_check’],
‘options’: {u’body’: u’{username} sa prihlasil do VPN XXX’,
u’emailconfig’: u’exchange’, u’To email’: u’XXX@XXX.sk’, u’To’:
u’tokenowner’, u’subject’: u’Prihlasenie do VPN’}, ‘action’:
u’sendmail’, ‘conditions’: {u’tokenrealm’: u’defrealm’}, ‘id’: 4L,
‘condition’: u’’}
[2016-11-29
18:02:54,701][11502][139850869765888][DEBUG][privacyidea.lib.event:64
] Handling event validate_check with {‘handlermodule’:
u’UserNotification’, ‘ordering’: 0L, ‘event’: [u’validate_check’],
‘options’: {u’body’: u’{username} sa prihlasil do VPN XXX’,
u’emailconfig’: u’exchange’, u’To email’: u’XXX@XXX.sk’, u’To’:
u’tokenowner’, u’subject’: u’Prihlasenie do VPN’}, ‘action’:
u’sendmail’, ‘conditions’: {u’tokenrealm’: u’defrealm’}, ‘id’: 4L,
‘condition’: u’’}
[2016-11-29
18:02:54,721][11502][139850869765888][DEBUG][privacyidea.lib.event:76
] Handling event validate_check with options{‘handler_def’:
{‘handlermodule’: u’UserNotification’, ‘ordering’: 0L, ‘event’:
[u’validate_check’], ‘options’: {u’body’: u’{username} sa prihlasil
do VPN XXX’, u’emailconfig’: u’exchange’, u’To email’: u’XXX@XXX.sk’,
u’To’: u’tokenowner’, u’subject’: u’Prihlasenie do VPN’}, ‘action’:
u’sendmail’, ‘conditions’: {u’tokenrealm’: u’defrealm’}, ‘id’: 4L,
‘condition’: u’’}, ‘request’: <Request ‘https://localhost/validate/ch
eck’ [POST]>, ‘response’: <Response 313 bytes [200 OK]>, ‘g’:
<flask.g of ‘privacyidea.app’>}
[2016-11-29
18:02:54,721][11502][139850869765888][DEBUG][privacyidea.lib.event:76
] Handling event validate_check with options{‘handler_def’:
{‘handlermodule’: u’UserNotification’, ‘ordering’: 0L, ‘event’:
[u’validate_check’], ‘options’: {u’body’: u’{username} sa prihlasil
do VPN XXX’, u’emailconfig’: u’exchange’, u’To email’: u’XXX@XXX.sk’,
u’To’: u’tokenowner’, u’subject’: u’Prihlasenie do VPN’}, ‘action’:
u’sendmail’, ‘conditions’: {u’tokenrealm’: u’defrealm’}, ‘id’: 4L,
‘condition’: u’’}, ‘request’: <Request ‘https://localhost/validate/ch
eck’ [POST]>, ‘response’: <Response 313 bytes [200 OK]>, ‘g’:
<flask.g of ‘privacyidea.app’>}
[2016-11-29
18:02:54,722][11502][139850869765888][DEBUG][privacyidea.lib.eventhan
dler.usernotification:343] Executing event for action sendmail, user
XXX.AD@defrealm,logged_in_user {}
[2016-11-29
18:02:54,722][11502][139850869765888][DEBUG][privacyidea.lib.eventhan
dler.usernotification:343] Executing event for action sendmail, user
XXX.AD@defrealm,logged_in_user {}
[2016-11-29
18:02:55,103][11502][139850869765888][INFO][privacyidea.lib.eventhand
ler.usernotification:453] Sent a notification email to user
{‘username’: u’XXX’, ‘userrealm’: u’defrealm’, ‘surname’: u’XXX’,
‘mobile’: [u’XXX’], ‘givenname’: u’XXX’, ‘email’: u’XXX.XXX@XXX.sk’}
[2016-11-29
18:02:55,103][11502][139850869765888][INFO][privacyidea.lib.eventhand
ler.usernotification:453] Sent a notification email to user
{‘username’: u’XXX’, ‘userrealm’: u’defrealm’, ‘surname’: u’XXX’,
‘mobile’: [u’XXX’], ‘givenname’: u’XXX’, ‘email’: u’XXX.XXX@XXX.sk’}

all suggestions are welcome
Thanks a lot
Miro

Hello Miro,

since you, Miro, are addressing me directly, I respond also quite
frankly.

You did not provide any of your settings. How should I help you?
You really must improve your way of asking questions. Analyze your
problem yourself. Try to explain it. Try to provide all
information.
Your way of asking questions in a community forum really sucks.
Ask
Alan DeKok this way and see which answer you will get :wink:

You know I also ask questions in community forums and I try to
explain
everything in detail. Provide all information. Debug logs.
And guess what! When I am ready with writing my questions THIS WAY,
I
usually see the answer myself because I have worked with the
problem!

If jumping into a community I expect nothing less from you!

If you are reluctant to do so or have no knowledge or time to do
basic
analysis on your own and ask questions this way, you really need to
get
professional help.
You may be so tired of hearing me saying this. And I might drive a
lot
of oh-opensource-is-for-free-guys away. But this is totally fine
for
me.

And yes. I am making money with open source. This is the concept
here.
Like it or leave.

You might want to get professional help and look here and get a
consulting or support contingent.
https://netknights.it/en/leistungen/one-time-services/
If you can not afford this - which I do not believe since you are
connecting it to a CHECKPOINT firewall - you need to put more of
your
own time into this!

Kind regards
Cornelius

Am Dienstag, den 29.11.2016, 01:08 -0800 schrieb Payne:

Hi Cornelius,
Please help me which condition, i tested all options and always
get
two emails
Thanks a lot
Miro


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (819 Bytes)