Event Handler ignoring Conditions

Hello everyone,

I have a question on how to properly set up my event Handler.

We allow users the enrollment of Paper and TOTP Token.
As Paper Token are not endless I wanted to configure an event that is called when a certain amount of otp values is used and sends the user a mail to remind him he should create a new token or switch to totp in the future.

I configured the event to call on the condition of “counter=75” (our Paper token has 80 values), for the Tokentype “Paper” and for Token starting with Serial PPR*.

This works as intended, when I use up otp value number 75 an e-mail is send.

But there is a problem, I have reports of users getting the Mail even though they dont have paper token.

In the audit log I see the event trriggered

My event as configured;

{ ‘event’: [ { ‘action’: ‘sendmail’,
‘active’: True,
‘condition’: ‘’,
‘conditions’: { ‘otp_counter’: ‘=75’,
‘realm’: ‘hs-merseburg.de’,
‘resolver’: ‘HoMe’,
‘serial’: ‘PPR*’,
‘tokentype’: ‘paper’},
‘event’: [‘validate_check’],
‘handlermodule’: ‘UserNotification’,
‘id’: 1,
‘name’: ‘PaperToken Count’,
‘options’: { ‘To’: ‘tokenowner’,
‘attach_qrcode’: ‘False’,
‘body’: '

Hallo {givenname} ’


Sie haben bisher 75 Ihrer ’
'TAN-Token({serial}) verwendet, ’
'dies bedeutet, dass Ihnen noch 5 ’
‘TANs zur Verfügung stehen.


Bitte erstellen Sie ’
'zeitnah eine neue TAN-Token-Liste ’
'über das 2-Faktor-Portal der ’
'Hochschule Merseburg ’


Bei Fragen oder Problemen ’
'stehen wir Ihnen gerne im ’
'IT-Servicezentrum zur ’

‘emailconfig’: ‘HS_Merseburg’,
‘mimetype’: ‘html’,
‘subject’: ‘TAN-Token aufgebraucht’},
‘ordering’: 1,
‘position’: ‘post’},

Help is appreciated.

Thanks and Regards


This is wierd.
You probably need to debug (debug log level) deeper.
This is a POST event handler, so the information for the condition should be available.

One hunch, however: Remve the serial: PPR* from the conditions. You have tokentype:paper, which is sufficient.

Hello Cornelius, sorry for the late reply, I was on vacation.

I used to have only the condition “tokentype: paper” before, and it presented the same problems, that’s why I added the “serial=PPR*” Condition as a double check I hoped.

Where I can set the debug log level?



Read the docs: