Feature request: Initial pincode

Hi Cornelius,

I want to suggest a feature request, the software we use at the moment
(RSA) has the ability to assign a token with an initial pincode.
After the user uses this pincode for the first time to login/authenticatie
to our frontend he will be asked to change this to his own value.
This makes assigning tokens for other people possible, can you look into
this?

Thanks

I added an issue
https://github.com/privacyidea/privacyidea/issues/429Am Samstag, den 18.06.2016, 05:35 -0700 schrieb jmdeking:

Hi Cornelius,

I want to suggest a feature request, the software we use at the moment
(RSA) has the ability to assign a token with an initial pincode.
After the user uses this pincode for the first time to
login/authenticatie to our frontend he will be asked to change this to
his own value.
This makes assigning tokens for other people possible, can you look
into this?

Thanks

Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/d5243197-6d8b-4f6e-8c2e-554ab48126cc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)

This is because there is no PIN handler at the moment:

(click and follow the previous link)
http://privacyidea.readthedocs.io/en/latest/policies/enrollment.html#policy-pinhandling

The randomly created PIN is passed to the PINhandler.
The basic pinhandler simply logs the pin to the log file.
You may implement whichever pin handler you need (like sending the
email)

Implementing an SMTP Pin Handler based on the new centrally defined smtp
servers should not be a big issue. Of course you may also order this
development at your preferred open source service provider. :wink:

privacyIDEA can not cover 100% of all possible scenarios. But it is
flexible enough to do the basics. And you may understand that my time to
enrich the world with no-cost code is also limited.

Kind regards
CorneliusAm Montag, den 20.06.2016, 01:19 -0700 schrieb jmdeking:

Sorry but its not clear how this works exactly when reading the
document.

I apply’d the otp_pin_random option and assigned a token to a user
without setting a pin. But the user doesnt receive a email or anything
so not sure how to know what the random code is.

Gr.
Johan

On Monday, June 20, 2016 at 10:09:22 AM UTC+2, Cornelius Kölbel wrote:
The 2nd is already possible.
http://privacyidea.readthedocs.io/en/latest/policies/enrollment.html#otp-pin-random

    Am Montag, den 20.06.2016, 01:07 -0700 schrieb jmdeking: 
    > Thanks Cornleius, 
    > 
    > 
    > Looks good. Just to clarify my use case is the following: 
    > 
    > 
    > An administrator assigns a challenge response token (email
    or sms) 
    > with a pincode. But this pincode should not be known to the 
    > administrator cause its personal so in my view one of the
    following 2 
    > things can be done about this. 
    > 
    > 
    > 1. My users log in to their citrix desktop using Citrix
    Netscaler with 
    > Radius request to the privacyidea server. The privacyidea
    server 
    > detects the 'initial' pincode is used and asks for a
    challenge 
    > response to change the pin to its own value. 
    > 2. When an administrator assigns an token he can leave the
    pin field 
    > empty for the system to generate a random pin that is being
    send 
    > automatically using the chosen token method. (email of SMS) 
    > 
    > 
    > You think this is possible? 
    > 
    > 
    > 
    > 
    > 
    > 
    > 
    > 
    > 
    > 
    > 
    > 
    > 
    > 
    > On Sunday, June 19, 2016 at 11:02:16 AM UTC+2, Cornelius Kölbel wrote: 
    >         I added an issue 
    >
    https://github.com/privacyidea/privacyidea/issues/429 
    >         
    >         Am Samstag, den 18.06.2016, 05:35 -0700 schrieb
    jmdeking: 
    >         > Hi Cornelius, 
    >         > 
    >         > 
    >         > I want to suggest a feature request, the software
    we use at 
    >         the moment 
    >         > (RSA) has the ability to assign a token with an
    initial 
    >         pincode. 
    >         > After the user uses this pincode for the first
    time to 
    >         > login/authenticatie to our frontend he will be
    asked to 
    >         change this to 
    >         > his own value. 
    >         > This makes assigning tokens for other people
    possible, can 
    >         you look 
    >         > into this? 
    >         > 
    >         > 
    >         > Thanks 
    >         > -- 
    >         > Please read the blog post about getting help 
    >         > https://www.privacyidea.org/getting-help/. 
    >         >   
    >         > For professional services and consultancy
    regarding two 
    >         factor 
    >         > authentication please visit 
    >         >
    https://netknights.it/en/leistungen/one-time-services/ 
    >         >   
    >         > In an enterprise environment you should get a
    SERVICE LEVEL 
    >         AGREEMENT 
    >         > which suites your needs for SECURITY, AVAILABILITY
    and 
    >         LIABILITY: 
    >         > 
    >
    https://netknights.it/en/leistungen/service-level-agreements/ 
    >         > --- 
    >         > You received this message because you are
    subscribed to the 
    >         Google 
    >         > Groups "privacyidea" group. 
    >         > To unsubscribe from this group and stop receiving
    emails 
    >         from it, send 
    >         > an email to privacyidea...@googlegroups.com. 
    >         > To post to this group, send email to 
    >         priva...@googlegroups.com. 
    >         > Visit this group at 
    >         https://groups.google.com/group/privacyidea. 
    >         > To view this discussion on the web visit 
    >         > 
    >
    https://groups.google.com/d/msgid/privacyidea/d5243197-6d8b-4f6e-8c2e-554ab48126cc%40googlegroups.com. 
    >         > For more options, visit
    https://groups.google.com/d/optout. 
    >         
    >         -- 
    >         Cornelius Kölbel 
    >         corneliu...@netknights.it 
    >         +49 151 2960 1417 
    >         
    >         NetKnights GmbH 
    >         http://www.netknights.it 
    >         Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
    >         Tel: +49 561 3166797, Fax: +49 561 3166798 
    >         
    >         Amtsgericht Kassel, HRB 16405 
    >         Geschäftsführer: Cornelius Kölbel 
    >         
    >         
    > -- 
    > Please read the blog post about getting help 
    > https://www.privacyidea.org/getting-help/. 
    >   
    > For professional services and consultancy regarding two
    factor 
    > authentication please visit 
    > https://netknights.it/en/leistungen/one-time-services/ 
    >   
    > In an enterprise environment you should get a SERVICE LEVEL
    AGREEMENT 
    > which suites your needs for SECURITY, AVAILABILITY and
    LIABILITY: 
    >
    https://netknights.it/en/leistungen/service-level-agreements/ 
    > --- 
    > You received this message because you are subscribed to the
    Google 
    > Groups "privacyidea" group. 
    > To unsubscribe from this group and stop receiving emails
    from it, send 
    > an email to privacyidea...@googlegroups.com. 
    > To post to this group, send email to
    priva...@googlegroups.com. 
    > Visit this group at
    https://groups.google.com/group/privacyidea. 
    > To view this discussion on the web visit 
    >
    https://groups.google.com/d/msgid/privacyidea/449848c1-cec1-4ab7-93b6-5d6561ddcbdc%40googlegroups.com. 
    > For more options, visit https://groups.google.com/d/optout. 
    
    -- 
    Cornelius Kölbel 
    corneliu...@netknights.it 
    +49 151 2960 1417 
    
    NetKnights GmbH 
    http://www.netknights.it 
    Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
    Tel: +49 561 3166797, Fax: +49 561 3166798 
    
    Amtsgericht Kassel, HRB 16405 
    Geschäftsführer: Cornelius Kölbel 


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/a62bce18-21f4-4524-b4ec-35ea9cd3b04e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)

Now when enabling pinhandling and setting the value to “send pin” i get the
error Item in ``from list’’ not a stringOn Monday, June 20, 2016 at 10:19:28 AM UTC+2, jmdeking wrote:

Sorry but its not clear how this works exactly when reading the document.

I apply’d the otp_pin_random option and assigned a token to a user
without setting a pin. But the user doesnt receive a email or anything so
not sure how to know what the random code is.

Gr.
Johan

On Monday, June 20, 2016 at 10:09:22 AM UTC+2, Cornelius Kölbel wrote:

The 2nd is already possible.

http://privacyidea.readthedocs.io/en/latest/policies/enrollment.html#otp-pin-random

Am Montag, den 20.06.2016, 01:07 -0700 schrieb jmdeking:

Thanks Cornleius,

Looks good. Just to clarify my use case is the following:

An administrator assigns a challenge response token (email or sms)
with a pincode. But this pincode should not be known to the
administrator cause its personal so in my view one of the following 2
things can be done about this.

  1. My users log in to their citrix desktop using Citrix Netscaler with
    Radius request to the privacyidea server. The privacyidea server
    detects the ‘initial’ pincode is used and asks for a challenge
    response to change the pin to its own value.
  2. When an administrator assigns an token he can leave the pin field
    empty for the system to generate a random pin that is being send
    automatically using the chosen token method. (email of SMS)

You think this is possible?

On Sunday, June 19, 2016 at 11:02:16 AM UTC+2, Cornelius Kölbel wrote:
I added an issue
https://github.com/privacyidea/privacyidea/issues/429

    Am Samstag, den 18.06.2016, 05:35 -0700 schrieb jmdeking: 
    > Hi Cornelius, 
    > 
    > 
    > I want to suggest a feature request, the software we use at 
    the moment 
    > (RSA) has the ability to assign a token with an initial 
    pincode. 
    > After the user uses this pincode for the first time to 
    > login/authenticatie to our frontend he will be asked to 
    change this to 
    > his own value. 
    > This makes assigning tokens for other people possible, can 
    you look 
    > into this? 
    > 
    > 
    > Thanks 
    > -- 
    > Please read the blog post about getting help 
    > https://www.privacyidea.org/getting-help/. 
    >   
    > For professional services and consultancy regarding two 
    factor 
    > authentication please visit 
    > https://netknights.it/en/leistungen/one-time-services/ 
    >   
    > In an enterprise environment you should get a SERVICE LEVEL 
    AGREEMENT 
    > which suites your needs for SECURITY, AVAILABILITY and 
    LIABILITY: 
    > 
    https://netknights.it/en/leistungen/service-level-agreements/ 
    > --- 
    > You received this message because you are subscribed to the 
    Google 
    > Groups "privacyidea" group. 
    > To unsubscribe from this group and stop receiving emails 
    from it, send 
    > an email to privacyidea...@googlegroups.com. 
    > To post to this group, send email to 
    priva...@googlegroups.com. 
    > Visit this group at 
    https://groups.google.com/group/privacyidea. 
    > To view this discussion on the web visit 
    > 

https://groups.google.com/d/msgid/privacyidea/d5243197-6d8b-4f6e-8c2e-554ab48126cc%40googlegroups.com.

    > For more options, visit https://groups.google.com/d/optout. 
    
    -- 
    Cornelius Kölbel 
    corneliu...@netknights.it 
    +49 151 2960 1417 
    
    NetKnights GmbH 
    http://www.netknights.it 
    Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
    Tel: +49 561 3166797, Fax: +49 561 3166798 
    
    Amtsgericht Kassel, HRB 16405 
    Geschäftsführer: Cornelius Kölbel 


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit

https://groups.google.com/d/msgid/privacyidea/449848c1-cec1-4ab7-93b6-5d6561ddcbdc%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

Sorry but its not clear how this works exactly when reading the document.

I apply’d the otp_pin_random option and assigned a token to a user without
setting a pin. But the user doesnt receive a email or anything so not sure
how to know what the random code is.

Gr.
JohanOn Monday, June 20, 2016 at 10:09:22 AM UTC+2, Cornelius Kölbel wrote:

The 2nd is already possible.

http://privacyidea.readthedocs.io/en/latest/policies/enrollment.html#otp-pin-random

Am Montag, den 20.06.2016, 01:07 -0700 schrieb jmdeking:

Thanks Cornleius,

Looks good. Just to clarify my use case is the following:

An administrator assigns a challenge response token (email or sms)
with a pincode. But this pincode should not be known to the
administrator cause its personal so in my view one of the following 2
things can be done about this.

  1. My users log in to their citrix desktop using Citrix Netscaler with
    Radius request to the privacyidea server. The privacyidea server
    detects the ‘initial’ pincode is used and asks for a challenge
    response to change the pin to its own value.
  2. When an administrator assigns an token he can leave the pin field
    empty for the system to generate a random pin that is being send
    automatically using the chosen token method. (email of SMS)

You think this is possible?

On Sunday, June 19, 2016 at 11:02:16 AM UTC+2, Cornelius Kölbel wrote:
I added an issue
https://github.com/privacyidea/privacyidea/issues/429

    Am Samstag, den 18.06.2016, 05:35 -0700 schrieb jmdeking: 
    > Hi Cornelius, 
    > 
    > 
    > I want to suggest a feature request, the software we use at 
    the moment 
    > (RSA) has the ability to assign a token with an initial 
    pincode. 
    > After the user uses this pincode for the first time to 
    > login/authenticatie to our frontend he will be asked to 
    change this to 
    > his own value. 
    > This makes assigning tokens for other people possible, can 
    you look 
    > into this? 
    > 
    > 
    > Thanks 
    > -- 
    > Please read the blog post about getting help 
    > https://www.privacyidea.org/getting-help/. 
    >   
    > For professional services and consultancy regarding two 
    factor 
    > authentication please visit 
    > https://netknights.it/en/leistungen/one-time-services/ 
    >   
    > In an enterprise environment you should get a SERVICE LEVEL 
    AGREEMENT 
    > which suites your needs for SECURITY, AVAILABILITY and 
    LIABILITY: 
    > 
    https://netknights.it/en/leistungen/service-level-agreements/ 
    > --- 
    > You received this message because you are subscribed to the 
    Google 
    > Groups "privacyidea" group. 
    > To unsubscribe from this group and stop receiving emails 
    from it, send 
    > an email to privacyidea...@googlegroups.com. 
    > To post to this group, send email to 
    priva...@googlegroups.com. 
    > Visit this group at 
    https://groups.google.com/group/privacyidea. 
    > To view this discussion on the web visit 
    > 

https://groups.google.com/d/msgid/privacyidea/d5243197-6d8b-4f6e-8c2e-554ab48126cc%40googlegroups.com.

    > For more options, visit https://groups.google.com/d/optout. 
    
    -- 
    Cornelius Kölbel 
    corneliu...@netknights.it 
    +49 151 2960 1417 
    
    NetKnights GmbH 
    http://www.netknights.it 
    Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
    Tel: +49 561 3166797, Fax: +49 561 3166798 
    
    Amtsgericht Kassel, HRB 16405 
    Geschäftsführer: Cornelius Kölbel 


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit

https://groups.google.com/d/msgid/privacyidea/449848c1-cec1-4ab7-93b6-5d6561ddcbdc%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
corneliu...@netknights.it <javascript:>
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

I understand Cornelius, thanks for the github feature enhacement. i hope
you get the time to implement that.

Gr.
JohanOn Monday, June 20, 2016 at 10:31:48 AM UTC+2, Cornelius Kölbel wrote:

Hi Johan,

have you tried entering “do_what_i_mean”? :wink:

…sorry - could not resist this…

Kind regards
Cornelius

Am Montag, den 20.06.2016, 01:30 -0700 schrieb jmdeking:

Now when enabling pinhandling and setting the value to “send pin” i
get the error Item in ``from list’’ not a string

On Monday, June 20, 2016 at 10:19:28 AM UTC+2, jmdeking wrote:
Sorry but its not clear how this works exactly when reading
the document.

    I apply'd the  otp_pin_random option and assigned a token to a 
    user without setting a pin. But the user doesnt receive a 
    email or anything so not sure how to know what the random code 
    is. 
    
    
    Gr. 
    Johan 
    
    On Monday, June 20, 2016 at 10:09:22 AM UTC+2, Cornelius  Kölbel wrote: 
            The 2nd is already possible. 

http://privacyidea.readthedocs.io/en/latest/policies/enrollment.html#otp-pin-random

            Am Montag, den 20.06.2016, 01:07 -0700 schrieb 
            jmdeking: 
            > Thanks Cornleius, 
            > 
            > 
            > Looks good. Just to clarify my use case is the 
            following: 
            > 
            > 
            > An administrator assigns a challenge response token 
            (email or sms) 
            > with a pincode. But this pincode should not be known 
            to the 
            > administrator cause its personal so in my view one 
            of the following 2 
            > things can be done about this. 
            > 
            > 
            > 1. My users log in to their citrix desktop using 
            Citrix Netscaler with 
            > Radius request to the privacyidea server. The 
            privacyidea server 
            > detects the 'initial' pincode is used and asks for a 
            challenge 
            > response to change the pin to its own value. 
            > 2. When an administrator assigns an token he can 
            leave the pin field 
            > empty for the system to generate a random pin that 
            is being send 
            > automatically using the chosen token method. (email 
            of SMS) 
            > 
            > 
            > You think this is possible? 
            > 
            > 
            > 
            > 
            > 
            > 
            > 
            > 
            > 
            > 
            > 
            > 
            > 
            > 
            > On Sunday, June 19, 2016 at 11:02:16 AM UTC+2,  Cornelius Kölbel wrote: 
            >         I added an issue 
            > 
            https://github.com/privacyidea/privacyidea/issues/429 
            >         
            >         Am Samstag, den 18.06.2016, 05:35 -0700 
            schrieb jmdeking: 
            >         > Hi Cornelius, 
            >         > 
            >         > 
            >         > I want to suggest a feature request, the 
            software we use at 
            >         the moment 
            >         > (RSA) has the ability to assign a token 
            with an initial 
            >         pincode. 
            >         > After the user uses this pincode for the 
            first time to 
            >         > login/authenticatie to our frontend he 
            will be asked to 
            >         change this to 
            >         > his own value. 
            >         > This makes assigning tokens for other 
            people possible, can 
            >         you look 
            >         > into this? 
            >         > 
            >         > 
            >         > Thanks 
            >         > -- 
            >         > Please read the blog post about getting 
            help 
            >         > 
            https://www.privacyidea.org/getting-help/. 
            >         >   
            >         > For professional services and consultancy 
            regarding two 
            >         factor 
            >         > authentication please visit 
            >         > 
            https://netknights.it/en/leistungen/one-time-services/ 
            >         >   
            >         > In an enterprise environment you should 
            get a SERVICE LEVEL 
            >         AGREEMENT 
            >         > which suites your needs for SECURITY, 
            AVAILABILITY and 
            >         LIABILITY: 
            >         > 
            > 

https://netknights.it/en/leistungen/service-level-agreements/

            >         > --- 
            >         > You received this message because you are 
            subscribed to the 
            >         Google 
            >         > Groups "privacyidea" group. 
            >         > To unsubscribe from this group and stop 
            receiving emails 
            >         from it, send 
            >         > an email to 
            privacyidea...@googlegroups.com. 
            >         > To post to this group, send email to 
            >         priva...@googlegroups.com. 
            >         > Visit this group at 
            > 
            https://groups.google.com/group/privacyidea. 
            >         > To view this discussion on the web visit 
            >         > 
            > 

https://groups.google.com/d/msgid/privacyidea/d5243197-6d8b-4f6e-8c2e-554ab48126cc%40googlegroups.com.

            >         > For more options, visit 
            https://groups.google.com/d/optout. 
            >         
            >         -- 
            >         Cornelius Kölbel 
            >         corneliu...@netknights.it 
            >         +49 151 2960 1417 
            >         
            >         NetKnights GmbH 
            >         http://www.netknights.it 
            >         Landgraf-Karl-Str. 19, 34131 Kassel, 
            Germany 
            >         Tel: +49 561 3166797, Fax: +49 561 3166798 
            >         
            >         Amtsgericht Kassel, HRB 16405 
            >         Geschäftsführer: Cornelius Kölbel 
            >         
            >         
            > -- 
            > Please read the blog post about getting help 
            > https://www.privacyidea.org/getting-help/. 
            >   
            > For professional services and consultancy regarding 
            two factor 
            > authentication please visit 
            > 
            https://netknights.it/en/leistungen/one-time-services/ 
            >   
            > In an enterprise environment you should get a 
            SERVICE LEVEL AGREEMENT 
            > which suites your needs for SECURITY, AVAILABILITY 
            and LIABILITY: 
            > 

https://netknights.it/en/leistungen/service-level-agreements/

            > --- 
            > You received this message because you are subscribed 
            to the Google 
            > Groups "privacyidea" group. 
            > To unsubscribe from this group and stop receiving 
            emails from it, send 
            > an email to privacyidea...@googlegroups.com. 
            > To post to this group, send email to 
            priva...@googlegroups.com. 
            > Visit this group at 
            https://groups.google.com/group/privacyidea. 
            > To view this discussion on the web visit 
            > 

https://groups.google.com/d/msgid/privacyidea/449848c1-cec1-4ab7-93b6-5d6561ddcbdc%40googlegroups.com.

            > For more options, visit 
            https://groups.google.com/d/optout. 
            
            -- 
            Cornelius Kölbel 
            corneliu...@netknights.it 
            +49 151 2960 1417 
            
            NetKnights GmbH 
            http://www.netknights.it 
            Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
            Tel: +49 561 3166797, Fax: +49 561 3166798 
            
            Amtsgericht Kassel, HRB 16405 
            Geschäftsführer: Cornelius Kölbel 


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit

https://groups.google.com/d/msgid/privacyidea/98e6cda2-398b-4fe2-9a5b-7ea55208049e%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
corneliu...@netknights.it <javascript:>
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

Hi Johan,

have you tried entering “do_what_i_mean”? :wink:

…sorry - could not resist this…

Kind regards
CorneliusAm Montag, den 20.06.2016, 01:30 -0700 schrieb jmdeking:

Now when enabling pinhandling and setting the value to “send pin” i
get the error Item in ``from list’’ not a string

On Monday, June 20, 2016 at 10:19:28 AM UTC+2, jmdeking wrote:
Sorry but its not clear how this works exactly when reading
the document.

    I apply'd the  otp_pin_random option and assigned a token to a
    user without setting a pin. But the user doesnt receive a
    email or anything so not sure how to know what the random code
    is.
    
    
    Gr.
    Johan
    
    On Monday, June 20, 2016 at 10:09:22 AM UTC+2, Cornelius Kölbel wrote:
            The 2nd is already possible. 
            http://privacyidea.readthedocs.io/en/latest/policies/enrollment.html#otp-pin-random 
            
            
            Am Montag, den 20.06.2016, 01:07 -0700 schrieb
            jmdeking: 
            > Thanks Cornleius, 
            > 
            > 
            > Looks good. Just to clarify my use case is the
            following: 
            > 
            > 
            > An administrator assigns a challenge response token
            (email or sms) 
            > with a pincode. But this pincode should not be known
            to the 
            > administrator cause its personal so in my view one
            of the following 2 
            > things can be done about this. 
            > 
            > 
            > 1. My users log in to their citrix desktop using
            Citrix Netscaler with 
            > Radius request to the privacyidea server. The
            privacyidea server 
            > detects the 'initial' pincode is used and asks for a
            challenge 
            > response to change the pin to its own value. 
            > 2. When an administrator assigns an token he can
            leave the pin field 
            > empty for the system to generate a random pin that
            is being send 
            > automatically using the chosen token method. (email
            of SMS) 
            > 
            > 
            > You think this is possible? 
            > 
            > 
            > 
            > 
            > 
            > 
            > 
            > 
            > 
            > 
            > 
            > 
            > 
            > 
            > On Sunday, June 19, 2016 at 11:02:16 AM UTC+2, Cornelius Kölbel wrote: 
            >         I added an issue 
            >
            https://github.com/privacyidea/privacyidea/issues/429 
            >         
            >         Am Samstag, den 18.06.2016, 05:35 -0700
            schrieb jmdeking: 
            >         > Hi Cornelius, 
            >         > 
            >         > 
            >         > I want to suggest a feature request, the
            software we use at 
            >         the moment 
            >         > (RSA) has the ability to assign a token
            with an initial 
            >         pincode. 
            >         > After the user uses this pincode for the
            first time to 
            >         > login/authenticatie to our frontend he
            will be asked to 
            >         change this to 
            >         > his own value. 
            >         > This makes assigning tokens for other
            people possible, can 
            >         you look 
            >         > into this? 
            >         > 
            >         > 
            >         > Thanks 
            >         > -- 
            >         > Please read the blog post about getting
            help 
            >         >
            https://www.privacyidea.org/getting-help/. 
            >         >   
            >         > For professional services and consultancy
            regarding two 
            >         factor 
            >         > authentication please visit 
            >         >
            https://netknights.it/en/leistungen/one-time-services/ 
            >         >   
            >         > In an enterprise environment you should
            get a SERVICE LEVEL 
            >         AGREEMENT 
            >         > which suites your needs for SECURITY,
            AVAILABILITY and 
            >         LIABILITY: 
            >         > 
            >
            https://netknights.it/en/leistungen/service-level-agreements/ 
            >         > --- 
            >         > You received this message because you are
            subscribed to the 
            >         Google 
            >         > Groups "privacyidea" group. 
            >         > To unsubscribe from this group and stop
            receiving emails 
            >         from it, send 
            >         > an email to
            privacyidea...@googlegroups.com. 
            >         > To post to this group, send email to 
            >         priva...@googlegroups.com. 
            >         > Visit this group at 
            >
            https://groups.google.com/group/privacyidea. 
            >         > To view this discussion on the web visit 
            >         > 
            >
            https://groups.google.com/d/msgid/privacyidea/d5243197-6d8b-4f6e-8c2e-554ab48126cc%40googlegroups.com. 
            >         > For more options, visit
            https://groups.google.com/d/optout. 
            >         
            >         -- 
            >         Cornelius Kölbel 
            >         corneliu...@netknights.it 
            >         +49 151 2960 1417 
            >         
            >         NetKnights GmbH 
            >         http://www.netknights.it 
            >         Landgraf-Karl-Str. 19, 34131 Kassel,
            Germany 
            >         Tel: +49 561 3166797, Fax: +49 561 3166798 
            >         
            >         Amtsgericht Kassel, HRB 16405 
            >         Geschäftsführer: Cornelius Kölbel 
            >         
            >         
            > -- 
            > Please read the blog post about getting help 
            > https://www.privacyidea.org/getting-help/. 
            >   
            > For professional services and consultancy regarding
            two factor 
            > authentication please visit 
            >
            https://netknights.it/en/leistungen/one-time-services/ 
            >   
            > In an enterprise environment you should get a
            SERVICE LEVEL AGREEMENT 
            > which suites your needs for SECURITY, AVAILABILITY
            and LIABILITY: 
            >
            https://netknights.it/en/leistungen/service-level-agreements/ 
            > --- 
            > You received this message because you are subscribed
            to the Google 
            > Groups "privacyidea" group. 
            > To unsubscribe from this group and stop receiving
            emails from it, send 
            > an email to privacyidea...@googlegroups.com. 
            > To post to this group, send email to
            priva...@googlegroups.com. 
            > Visit this group at
            https://groups.google.com/group/privacyidea. 
            > To view this discussion on the web visit 
            >
            https://groups.google.com/d/msgid/privacyidea/449848c1-cec1-4ab7-93b6-5d6561ddcbdc%40googlegroups.com. 
            > For more options, visit
            https://groups.google.com/d/optout. 
            
            -- 
            Cornelius Kölbel 
            corneliu...@netknights.it 
            +49 151 2960 1417 
            
            NetKnights GmbH 
            http://www.netknights.it 
            Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
            Tel: +49 561 3166797, Fax: +49 561 3166798 
            
            Amtsgericht Kassel, HRB 16405 
            Geschäftsführer: Cornelius Kölbel 


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/98e6cda2-398b-4fe2-9a5b-7ea55208049e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)

Thanks Cornleius,

Looks good. Just to clarify my use case is the following:

An administrator assigns a challenge response token (email or sms) with a
pincode. But this pincode should not be known to the administrator cause
its personal so in my view one of the following 2 things can be done about
this.

  1. My users log in to their citrix desktop using Citrix Netscaler with
    Radius request to the privacyidea server. The privacyidea server detects
    the ‘initial’ pincode is used and asks for a challenge response to change
    the pin to its own value.
  2. When an administrator assigns an token he can leave the pin field empty
    for the system to generate a random pin that is being send automatically
    using the chosen token method. (email of SMS)

You think this is possible?On Sunday, June 19, 2016 at 11:02:16 AM UTC+2, Cornelius Kölbel wrote:

I added an issue
https://github.com/privacyidea/privacyidea/issues/429

Am Samstag, den 18.06.2016, 05:35 -0700 schrieb jmdeking:

Hi Cornelius,

I want to suggest a feature request, the software we use at the moment
(RSA) has the ability to assign a token with an initial pincode.
After the user uses this pincode for the first time to
login/authenticatie to our frontend he will be asked to change this to
his own value.
This makes assigning tokens for other people possible, can you look
into this?

Thanks

Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit

https://groups.google.com/d/msgid/privacyidea/d5243197-6d8b-4f6e-8c2e-554ab48126cc%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
corneliu...@netknights.it <javascript:>
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

The 2nd is already possible.
http://privacyidea.readthedocs.io/en/latest/policies/enrollment.html#otp-pin-randomAm Montag, den 20.06.2016, 01:07 -0700 schrieb jmdeking:

Thanks Cornleius,

Looks good. Just to clarify my use case is the following:

An administrator assigns a challenge response token (email or sms)
with a pincode. But this pincode should not be known to the
administrator cause its personal so in my view one of the following 2
things can be done about this.

  1. My users log in to their citrix desktop using Citrix Netscaler with
    Radius request to the privacyidea server. The privacyidea server
    detects the ‘initial’ pincode is used and asks for a challenge
    response to change the pin to its own value.
  2. When an administrator assigns an token he can leave the pin field
    empty for the system to generate a random pin that is being send
    automatically using the chosen token method. (email of SMS)

You think this is possible?

On Sunday, June 19, 2016 at 11:02:16 AM UTC+2, Cornelius Kölbel wrote:
I added an issue
https://github.com/privacyidea/privacyidea/issues/429

    Am Samstag, den 18.06.2016, 05:35 -0700 schrieb jmdeking: 
    > Hi Cornelius, 
    > 
    > 
    > I want to suggest a feature request, the software we use at
    the moment 
    > (RSA) has the ability to assign a token with an initial
    pincode. 
    > After the user uses this pincode for the first time to 
    > login/authenticatie to our frontend he will be asked to
    change this to 
    > his own value. 
    > This makes assigning tokens for other people possible, can
    you look 
    > into this? 
    > 
    > 
    > Thanks 
    > -- 
    > Please read the blog post about getting help 
    > https://www.privacyidea.org/getting-help/. 
    >   
    > For professional services and consultancy regarding two
    factor 
    > authentication please visit 
    > https://netknights.it/en/leistungen/one-time-services/ 
    >   
    > In an enterprise environment you should get a SERVICE LEVEL
    AGREEMENT 
    > which suites your needs for SECURITY, AVAILABILITY and
    LIABILITY: 
    >
    https://netknights.it/en/leistungen/service-level-agreements/ 
    > --- 
    > You received this message because you are subscribed to the
    Google 
    > Groups "privacyidea" group. 
    > To unsubscribe from this group and stop receiving emails
    from it, send 
    > an email to privacyidea...@googlegroups.com. 
    > To post to this group, send email to
    priva...@googlegroups.com. 
    > Visit this group at
    https://groups.google.com/group/privacyidea. 
    > To view this discussion on the web visit 
    >
    https://groups.google.com/d/msgid/privacyidea/d5243197-6d8b-4f6e-8c2e-554ab48126cc%40googlegroups.com. 
    > For more options, visit https://groups.google.com/d/optout. 
    
    -- 
    Cornelius Kölbel 
    corneliu...@netknights.it 
    +49 151 2960 1417 
    
    NetKnights GmbH 
    http://www.netknights.it 
    Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
    Tel: +49 561 3166797, Fax: +49 561 3166798 
    
    Amtsgericht Kassel, HRB 16405 
    Geschäftsführer: Cornelius Kölbel 


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/449848c1-cec1-4ab7-93b6-5d6561ddcbdc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)

I understand that PASSWORD change can be performed via MSCHAPv2.
I could explain to you, why MSCHAPv2 does not work with OTP.
But we would have to dive into your setup a bit deeper. And I am not
willing to invest my time here to explain to you your Many-Bucks-Juniper
setup. Go and ask your Juniper support!!!
!!!
!
!!!
After all - you payed for that!

Besides - I also stressed the problem with MSChapv2 and OTP a lot on
different channels. So google might be your friend here.Am Montag, den 22.08.2016, 03:17 -0700 schrieb jmdeking:

Hi again Cornerlius,

I noticed this feature got released in 2.14-1trusty.

I enabled it and applied it to the only realm i got.

I set a pincode for a ldap user and when looking at the token it
says, next_pin_change: 22/08/16 11:55.

But when i log in to my netscaler using freeradius i do not get
prompted by a radius message to change the pin.

How come.

On Monday, June 20, 2016 at 10:31:48 AM UTC+2, Cornelius Kölbel wrote:
Hi Johan,

    have you tried entering "do_what_i_mean"? ;-) 
    
    ...sorry - could not resist this... 
    
    Kind regards 
    Cornelius 
    
    Am Montag, den 20.06.2016, 01:30 -0700 schrieb jmdeking: 
    > Now when enabling pinhandling and setting the value to "send
    pin" i 
    > get the error Item in ``from list'' not a string 
    > 
    > On Monday, June 20, 2016 at 10:19:28 AM UTC+2, jmdeking wrote: 
    >         Sorry but its not clear how this works exactly when
    reading 
    >         the document. 
    >         
    >         
    >         I apply'd the  otp_pin_random option and assigned a
    token to a 
    >         user without setting a pin. But the user doesnt
    receive a 
    >         email or anything so not sure how to know what the
    random code 
    >         is. 
    >         
    >         
    >         Gr. 
    >         Johan 
    >         
    >         On Monday, June 20, 2016 at 10:09:22 AM UTC+2, Cornelius  Kölbel wrote: 
    >                 The 2nd is already possible. 
    >
    http://privacyidea.readthedocs.io/en/latest/policies/enrollment.html#otp-pin-random 
    >                 
    >                 
    >                 Am Montag, den 20.06.2016, 01:07 -0700 schrieb 
    >                 jmdeking: 
    >                 > Thanks Cornleius, 
    >                 > 
    >                 > 
    >                 > Looks good. Just to clarify my use case is
    the 
    >                 following: 
    >                 > 
    >                 > 
    >                 > An administrator assigns a challenge
    response token 
    >                 (email or sms) 
    >                 > with a pincode. But this pincode should
    not be known 
    >                 to the 
    >                 > administrator cause its personal so in my
    view one 
    >                 of the following 2 
    >                 > things can be done about this. 
    >                 > 
    >                 > 
    >                 > 1. My users log in to their citrix desktop
    using 
    >                 Citrix Netscaler with 
    >                 > Radius request to the privacyidea server.
    The 
    >                 privacyidea server 
    >                 > detects the 'initial' pincode is used and
    asks for a 
    >                 challenge 
    >                 > response to change the pin to its own
    value. 
    >                 > 2. When an administrator assigns an token
    he can 
    >                 leave the pin field 
    >                 > empty for the system to generate a random
    pin that 
    >                 is being send 
    >                 > automatically using the chosen token
    method. (email 
    >                 of SMS) 
    >                 > 
    >                 > 
    >                 > You think this is possible? 
    >                 > 
    >                 > 
    >                 > 
    >                 > 
    >                 > 
    >                 > 
    >                 > 
    >                 > 
    >                 > 
    >                 > 
    >                 > 
    >                 > 
    >                 > 
    >                 > 
    >                 > On Sunday, June 19, 2016 at 11:02:16 AM UTC+2,  Cornelius Kölbel wrote: 
    >                 >         I added an issue 
    >                 > 
    >
    https://github.com/privacyidea/privacyidea/issues/429 
    >                 >         
    >                 >         Am Samstag, den 18.06.2016, 05:35
    -0700 
    >                 schrieb jmdeking: 
    >                 >         > Hi Cornelius, 
    >                 >         > 
    >                 >         > 
    >                 >         > I want to suggest a feature
    request, the 
    >                 software we use at 
    >                 >         the moment 
    >                 >         > (RSA) has the ability to assign
    a token 
    >                 with an initial 
    >                 >         pincode. 
    >                 >         > After the user uses this pincode
    for the 
    >                 first time to 
    >                 >         > login/authenticatie to our
    frontend he 
    >                 will be asked to 
    >                 >         change this to 
    >                 >         > his own value. 
    >                 >         > This makes assigning tokens for
    other 
    >                 people possible, can 
    >                 >         you look 
    >                 >         > into this? 
    >                 >         > 
    >                 >         > 
    >                 >         > Thanks 
    >                 >         > -- 
    >                 >         > Please read the blog post about
    getting 
    >                 help 
    >                 >         > 
    >                 https://www.privacyidea.org/getting-help/. 
    >                 >         >   
    >                 >         > For professional services and
    consultancy 
    >                 regarding two 
    >                 >         factor 
    >                 >         > authentication please visit 
    >                 >         > 
    >
    https://netknights.it/en/leistungen/one-time-services/ 
    >                 >         >   
    >                 >         > In an enterprise environment you
    should 
    >                 get a SERVICE LEVEL 
    >                 >         AGREEMENT 
    >                 >         > which suites your needs for
    SECURITY, 
    >                 AVAILABILITY and 
    >                 >         LIABILITY: 
    >                 >         > 
    >                 > 
    >
    https://netknights.it/en/leistungen/service-level-agreements/ 
    >                 >         > --- 
    >                 >         > You received this message
    because you are 
    >                 subscribed to the 
    >                 >         Google 
    >                 >         > Groups "privacyidea" group. 
    >                 >         > To unsubscribe from this group
    and stop 
    >                 receiving emails 
    >                 >         from it, send 
    >                 >         > an email to 
    >                 privacyidea...@googlegroups.com. 
    >                 >         > To post to this group, send
    email to 
    >                 >         priva...@googlegroups.com. 
    >                 >         > Visit this group at 
    >                 > 
    >
    https://groups.google.com/group/privacyidea. 
    >                 >         > To view this discussion on the
    web visit 
    >                 >         > 
    >                 > 
    >
    https://groups.google.com/d/msgid/privacyidea/d5243197-6d8b-4f6e-8c2e-554ab48126cc%40googlegroups.com. 
    >                 >         > For more options, visit 
    >                 https://groups.google.com/d/optout. 
    >                 >         
    >                 >         -- 
    >                 >         Cornelius Kölbel 
    >                 >         corneliu...@netknights.it 
    >                 >         +49 151 2960 1417 
    >                 >         
    >                 >         NetKnights GmbH 
    >                 >         http://www.netknights.it 
    >                 >         Landgraf-Karl-Str. 19, 34131
    Kassel, 
    >                 Germany 
    >                 >         Tel: +49 561 3166797, Fax: +49 561
    3166798 
    >                 >         
    >                 >         Amtsgericht Kassel, HRB 16405 
    >                 >         Geschäftsführer: Cornelius Kölbel 
    >                 >         
    >                 >         
    >                 > -- 
    >                 > Please read the blog post about getting
    help 
    >                 >
    https://www.privacyidea.org/getting-help/. 
    >                 >   
    >                 > For professional services and consultancy
    regarding 
    >                 two factor 
    >                 > authentication please visit 
    >                 > 
    >
    https://netknights.it/en/leistungen/one-time-services/ 
    >                 >   
    >                 > In an enterprise environment you should
    get a 
    >                 SERVICE LEVEL AGREEMENT 
    >                 > which suites your needs for SECURITY,
    AVAILABILITY 
    >                 and LIABILITY: 
    >                 > 
    >
    https://netknights.it/en/leistungen/service-level-agreements/ 
    >                 > --- 
    >                 > You received this message because you are
    subscribed 
    >                 to the Google 
    >                 > Groups "privacyidea" group. 
    >                 > To unsubscribe from this group and stop
    receiving 
    >                 emails from it, send 
    >                 > an email to
    privacyidea...@googlegroups.com. 
    >                 > To post to this group, send email to 
    >                 priva...@googlegroups.com. 
    >                 > Visit this group at 
    >
    https://groups.google.com/group/privacyidea. 
    >                 > To view this discussion on the web visit 
    >                 > 
    >
    https://groups.google.com/d/msgid/privacyidea/449848c1-cec1-4ab7-93b6-5d6561ddcbdc%40googlegroups.com. 
    >                 > For more options, visit 
    >                 https://groups.google.com/d/optout. 
    >                 
    >                 -- 
    >                 Cornelius Kölbel 
    >                 corneliu...@netknights.it 
    >                 +49 151 2960 1417 
    >                 
    >                 NetKnights GmbH 
    >                 http://www.netknights.it 
    >                 Landgraf-Karl-Str. 19, 34131 Kassel,
    Germany 
    >                 Tel: +49 561 3166797, Fax: +49 561 3166798 
    >                 
    >                 Amtsgericht Kassel, HRB 16405 
    >                 Geschäftsführer: Cornelius Kölbel 
    >                 
    >                 
    > -- 
    > Please read the blog post about getting help 
    > https://www.privacyidea.org/getting-help/. 
    >   
    > For professional services and consultancy regarding two
    factor 
    > authentication please visit 
    > https://netknights.it/en/leistungen/one-time-services/ 
    >   
    > In an enterprise environment you should get a SERVICE LEVEL
    AGREEMENT 
    > which suites your needs for SECURITY, AVAILABILITY and
    LIABILITY: 
    >
    https://netknights.it/en/leistungen/service-level-agreements/ 
    > --- 
    > You received this message because you are subscribed to the
    Google 
    > Groups "privacyidea" group. 
    > To unsubscribe from this group and stop receiving emails
    from it, send 
    > an email to privacyidea...@googlegroups.com. 
    > To post to this group, send email to
    priva...@googlegroups.com. 
    > Visit this group at
    https://groups.google.com/group/privacyidea. 
    > To view this discussion on the web visit 
    >
    https://groups.google.com/d/msgid/privacyidea/98e6cda2-398b-4fe2-9a5b-7ea55208049e%40googlegroups.com. 
    > For more options, visit https://groups.google.com/d/optout. 
    
    -- 
    Cornelius Kölbel 
    corneliu...@netknights.it 
    +49 151 2960 1417 
    
    NetKnights GmbH 
    http://www.netknights.it 
    Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
    Tel: +49 561 3166797, Fax: +49 561 3166798 
    
    Amtsgericht Kassel, HRB 16405 
    Geschäftsführer: Cornelius Kölbel 


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/aaae7048-73c6-4cde-9c7d-5d5db74af67c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)

Hi again Cornerlius,

I noticed this feature got released in 2.14-1trusty.

I enabled it and applied it to the only realm i got.

I set a pincode for a ldap user and when looking at the token it
says, next_pin_change: 22/08/16 11:55.

But when i log in to my netscaler using freeradius i do not get prompted by
a radius message to change the pin.

How come.On Monday, June 20, 2016 at 10:31:48 AM UTC+2, Cornelius Kölbel wrote:

Hi Johan,

have you tried entering “do_what_i_mean”? :wink:

…sorry - could not resist this…

Kind regards
Cornelius

Am Montag, den 20.06.2016, 01:30 -0700 schrieb jmdeking:

Now when enabling pinhandling and setting the value to “send pin” i
get the error Item in ``from list’’ not a string

On Monday, June 20, 2016 at 10:19:28 AM UTC+2, jmdeking wrote:
Sorry but its not clear how this works exactly when reading
the document.

    I apply'd the  otp_pin_random option and assigned a token to a 
    user without setting a pin. But the user doesnt receive a 
    email or anything so not sure how to know what the random code 
    is. 
    
    
    Gr. 
    Johan 
    
    On Monday, June 20, 2016 at 10:09:22 AM UTC+2, Cornelius  Kölbel wrote: 
            The 2nd is already possible. 

http://privacyidea.readthedocs.io/en/latest/policies/enrollment.html#otp-pin-random

            Am Montag, den 20.06.2016, 01:07 -0700 schrieb 
            jmdeking: 
            > Thanks Cornleius, 
            > 
            > 
            > Looks good. Just to clarify my use case is the 
            following: 
            > 
            > 
            > An administrator assigns a challenge response token 
            (email or sms) 
            > with a pincode. But this pincode should not be known 
            to the 
            > administrator cause its personal so in my view one 
            of the following 2 
            > things can be done about this. 
            > 
            > 
            > 1. My users log in to their citrix desktop using 
            Citrix Netscaler with 
            > Radius request to the privacyidea server. The 
            privacyidea server 
            > detects the 'initial' pincode is used and asks for a 
            challenge 
            > response to change the pin to its own value. 
            > 2. When an administrator assigns an token he can 
            leave the pin field 
            > empty for the system to generate a random pin that 
            is being send 
            > automatically using the chosen token method. (email 
            of SMS) 
            > 
            > 
            > You think this is possible? 
            > 
            > 
            > 
            > 
            > 
            > 
            > 
            > 
            > 
            > 
            > 
            > 
            > 
            > 
            > On Sunday, June 19, 2016 at 11:02:16 AM UTC+2,  Cornelius Kölbel wrote: 
            >         I added an issue 
            > 
            https://github.com/privacyidea/privacyidea/issues/429 
            >         
            >         Am Samstag, den 18.06.2016, 05:35 -0700 
            schrieb jmdeking: 
            >         > Hi Cornelius, 
            >         > 
            >         > 
            >         > I want to suggest a feature request, the 
            software we use at 
            >         the moment 
            >         > (RSA) has the ability to assign a token 
            with an initial 
            >         pincode. 
            >         > After the user uses this pincode for the 
            first time to 
            >         > login/authenticatie to our frontend he 
            will be asked to 
            >         change this to 
            >         > his own value. 
            >         > This makes assigning tokens for other 
            people possible, can 
            >         you look 
            >         > into this? 
            >         > 
            >         > 
            >         > Thanks 
            >         > -- 
            >         > Please read the blog post about getting 
            help 
            >         > 
            https://www.privacyidea.org/getting-help/. 
            >         >   
            >         > For professional services and consultancy 
            regarding two 
            >         factor 
            >         > authentication please visit 
            >         > 
            https://netknights.it/en/leistungen/one-time-services/ 
            >         >   
            >         > In an enterprise environment you should 
            get a SERVICE LEVEL 
            >         AGREEMENT 
            >         > which suites your needs for SECURITY, 
            AVAILABILITY and 
            >         LIABILITY: 
            >         > 
            > 

https://netknights.it/en/leistungen/service-level-agreements/

            >         > --- 
            >         > You received this message because you are 
            subscribed to the 
            >         Google 
            >         > Groups "privacyidea" group. 
            >         > To unsubscribe from this group and stop 
            receiving emails 
            >         from it, send 
            >         > an email to 
            privacyidea...@googlegroups.com. 
            >         > To post to this group, send email to 
            >         priva...@googlegroups.com. 
            >         > Visit this group at 
            > 
            https://groups.google.com/group/privacyidea. 
            >         > To view this discussion on the web visit 
            >         > 
            > 

https://groups.google.com/d/msgid/privacyidea/d5243197-6d8b-4f6e-8c2e-554ab48126cc%40googlegroups.com.

            >         > For more options, visit 
            https://groups.google.com/d/optout. 
            >         
            >         -- 
            >         Cornelius Kölbel 
            >         corneliu...@netknights.it 
            >         +49 151 2960 1417 
            >         
            >         NetKnights GmbH 
            >         http://www.netknights.it 
            >         Landgraf-Karl-Str. 19, 34131 Kassel, 
            Germany 
            >         Tel: +49 561 3166797, Fax: +49 561 3166798 
            >         
            >         Amtsgericht Kassel, HRB 16405 
            >         Geschäftsführer: Cornelius Kölbel 
            >         
            >         
            > -- 
            > Please read the blog post about getting help 
            > https://www.privacyidea.org/getting-help/. 
            >   
            > For professional services and consultancy regarding 
            two factor 
            > authentication please visit 
            > 
            https://netknights.it/en/leistungen/one-time-services/ 
            >   
            > In an enterprise environment you should get a 
            SERVICE LEVEL AGREEMENT 
            > which suites your needs for SECURITY, AVAILABILITY 
            and LIABILITY: 
            > 

https://netknights.it/en/leistungen/service-level-agreements/

            > --- 
            > You received this message because you are subscribed 
            to the Google 
            > Groups "privacyidea" group. 
            > To unsubscribe from this group and stop receiving 
            emails from it, send 
            > an email to privacyidea...@googlegroups.com. 
            > To post to this group, send email to 
            priva...@googlegroups.com. 
            > Visit this group at 
            https://groups.google.com/group/privacyidea. 
            > To view this discussion on the web visit 
            > 

https://groups.google.com/d/msgid/privacyidea/449848c1-cec1-4ab7-93b6-5d6561ddcbdc%40googlegroups.com.

            > For more options, visit 
            https://groups.google.com/d/optout. 
            
            -- 
            Cornelius Kölbel 
            corneliu...@netknights.it 
            +49 151 2960 1417 
            
            NetKnights GmbH 
            http://www.netknights.it 
            Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
            Tel: +49 561 3166797, Fax: +49 561 3166798 
            
            Amtsgericht Kassel, HRB 16405 
            Geschäftsführer: Cornelius Kölbel 


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit

https://groups.google.com/d/msgid/privacyidea/98e6cda2-398b-4fe2-9a5b-7ea55208049e%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
corneliu...@netknights.it <javascript:>
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

Since your Netscaler does not know about the pin changing.

The PIN change is sent in the privacyIDEA API. This is not forwarded in
the RADIUS protocol and to my limited knowledge there is no PIN change
functionality in the RADIUS protocol.Am Montag, den 22.08.2016, 03:06 -0700 schrieb jmdeking:

Hi again Cornerlius,

I noticed this feature got released in 2.14-1trusty.

I enabled it and applied it to the only realm i got.

I set a pincode for a ldap user and when looking at the token it
says, next_pin_change: 22/08/16 11:55.

But when i log in to my netscaler using freeradius i do not get
prompted by a radius message to change the pin.

How come.

On Monday, June 20, 2016 at 10:36:44 AM UTC+2, jmdeking wrote:
I understand Cornelius, thanks for the github feature
enhacement. i hope you get the time to implement that.

    Gr.
    Johan
    
    On Monday, June 20, 2016 at 10:31:48 AM UTC+2, Cornelius Kölbel wrote:
            Hi Johan, 
            
            have you tried entering "do_what_i_mean"? ;-) 
            
            ...sorry - could not resist this... 
            
            Kind regards 
            Cornelius 
            
            Am Montag, den 20.06.2016, 01:30 -0700 schrieb
            jmdeking: 
            > Now when enabling pinhandling and setting the value
            to "send pin" i 
            > get the error Item in ``from list'' not a string 
            > 
            > On Monday, June 20, 2016 at 10:19:28 AM UTC+2, jmdeking wrote: 
            >         Sorry but its not clear how this works
            exactly when reading 
            >         the document. 
            >         
            >         
            >         I apply'd the  otp_pin_random option and
            assigned a token to a 
            >         user without setting a pin. But the user
            doesnt receive a 
            >         email or anything so not sure how to know
            what the random code 
            >         is. 
            >         
            >         
            >         Gr. 
            >         Johan 
            >         
            >         On Monday, June 20, 2016 at 10:09:22 AM UTC +2, Cornelius  Kölbel wrote: 
            >                 The 2nd is already possible. 
            >
            http://privacyidea.readthedocs.io/en/latest/policies/enrollment.html#otp-pin-random 
            >                 
            >                 
            >                 Am Montag, den 20.06.2016, 01:07 0700 schrieb 
            >                 jmdeking: 
            >                 > Thanks Cornleius, 
            >                 > 
            >                 > 
            >                 > Looks good. Just to clarify my use
            case is the 
            >                 following: 
            >                 > 
            >                 > 
            >                 > An administrator assigns a
            challenge response token 
            >                 (email or sms) 
            >                 > with a pincode. But this pincode
            should not be known 
            >                 to the 
            >                 > administrator cause its personal
            so in my view one 
            >                 of the following 2 
            >                 > things can be done about this. 
            >                 > 
            >                 > 
            >                 > 1. My users log in to their citrix
            desktop using 
            >                 Citrix Netscaler with 
            >                 > Radius request to the privacyidea
            server. The 
            >                 privacyidea server 
            >                 > detects the 'initial' pincode is
            used and asks for a 
            >                 challenge 
            >                 > response to change the pin to its
            own value. 
            >                 > 2. When an administrator assigns
            an token he can 
            >                 leave the pin field 
            >                 > empty for the system to generate a
            random pin that 
            >                 is being send 
            >                 > automatically using the chosen
            token method. (email 
            >                 of SMS) 
            >                 > 
            >                 > 
            >                 > You think this is possible? 
            >                 > 
            >                 > 
            >                 > 
            >                 > 
            >                 > 
            >                 > 
            >                 > 
            >                 > 
            >                 > 
            >                 > 
            >                 > 
            >                 > 
            >                 > 
            >                 > 
            >                 > On Sunday, June 19, 2016 at 11:02:16 AM UTC+2,  Cornelius Kölbel wrote: 
            >                 >         I added an issue 
            >                 > 
            >
            https://github.com/privacyidea/privacyidea/issues/429 
            >                 >         
            >                 >         Am Samstag, den
            18.06.2016, 05:35 -0700 
            >                 schrieb jmdeking: 
            >                 >         > Hi Cornelius, 
            >                 >         > 
            >                 >         > 
            >                 >         > I want to suggest a
            feature request, the 
            >                 software we use at 
            >                 >         the moment 
            >                 >         > (RSA) has the ability to
            assign a token 
            >                 with an initial 
            >                 >         pincode. 
            >                 >         > After the user uses this
            pincode for the 
            >                 first time to 
            >                 >         > login/authenticatie to
            our frontend he 
            >                 will be asked to 
            >                 >         change this to 
            >                 >         > his own value. 
            >                 >         > This makes assigning
            tokens for other 
            >                 people possible, can 
            >                 >         you look 
            >                 >         > into this? 
            >                 >         > 
            >                 >         > 
            >                 >         > Thanks 
            >                 >         > -- 
            >                 >         > Please read the blog
            post about getting 
            >                 help 
            >                 >         > 
            >
            https://www.privacyidea.org/getting-help/. 
            >                 >         >   
            >                 >         > For professional
            services and consultancy 
            >                 regarding two 
            >                 >         factor 
            >                 >         > authentication please
            visit 
            >                 >         > 
            >
            https://netknights.it/en/leistungen/one-time-services/ 
            >                 >         >   
            >                 >         > In an enterprise
            environment you should 
            >                 get a SERVICE LEVEL 
            >                 >         AGREEMENT 
            >                 >         > which suites your needs
            for SECURITY, 
            >                 AVAILABILITY and 
            >                 >         LIABILITY: 
            >                 >         > 
            >                 > 
            >
            https://netknights.it/en/leistungen/service-level-agreements/ 
            >                 >         > --- 
            >                 >         > You received this
            message because you are 
            >                 subscribed to the 
            >                 >         Google 
            >                 >         > Groups "privacyidea"
            group. 
            >                 >         > To unsubscribe from this
            group and stop 
            >                 receiving emails 
            >                 >         from it, send 
            >                 >         > an email to 
            >                 privacyidea...@googlegroups.com. 
            >                 >         > To post to this group,
            send email to 
            >                 >
            priva...@googlegroups.com. 
            >                 >         > Visit this group at 
            >                 > 
            >
            https://groups.google.com/group/privacyidea. 
            >                 >         > To view this discussion
            on the web visit 
            >                 >         > 
            >                 > 
            >
            https://groups.google.com/d/msgid/privacyidea/d5243197-6d8b-4f6e-8c2e-554ab48126cc%40googlegroups.com. 
            >                 >         > For more options, visit 
            >                 https://groups.google.com/d/optout. 
            >                 >         
            >                 >         -- 
            >                 >         Cornelius Kölbel 
            >                 >         corneliu...@netknights.it 
            >                 >         +49 151 2960 1417 
            >                 >         
            >                 >         NetKnights GmbH 
            >                 >         http://www.netknights.it 
            >                 >         Landgraf-Karl-Str. 19,
            34131 Kassel, 
            >                 Germany 
            >                 >         Tel: +49 561 3166797, Fax:
            +49 561 3166798 
            >                 >         
            >                 >         Amtsgericht Kassel, HRB
            16405 
            >                 >         Geschäftsführer: Cornelius
            Kölbel 
            >                 >         
            >                 >         
            >                 > -- 
            >                 > Please read the blog post about
            getting help 
            >                 >
            https://www.privacyidea.org/getting-help/. 
            >                 >   
            >                 > For professional services and
            consultancy regarding 
            >                 two factor 
            >                 > authentication please visit 
            >                 > 
            >
            https://netknights.it/en/leistungen/one-time-services/ 
            >                 >   
            >                 > In an enterprise environment you
            should get a 
            >                 SERVICE LEVEL AGREEMENT 
            >                 > which suites your needs for
            SECURITY, AVAILABILITY 
            >                 and LIABILITY: 
            >                 > 
            >
            https://netknights.it/en/leistungen/service-level-agreements/ 
            >                 > --- 
            >                 > You received this message because
            you are subscribed 
            >                 to the Google 
            >                 > Groups "privacyidea" group. 
            >                 > To unsubscribe from this group and
            stop receiving 
            >                 emails from it, send 
            >                 > an email to
            privacyidea...@googlegroups.com. 
            >                 > To post to this group, send email
            to 
            >                 priva...@googlegroups.com. 
            >                 > Visit this group at 
            >
            https://groups.google.com/group/privacyidea. 
            >                 > To view this discussion on the web
            visit 
            >                 > 
            >
            https://groups.google.com/d/msgid/privacyidea/449848c1-cec1-4ab7-93b6-5d6561ddcbdc%40googlegroups.com. 
            >                 > For more options, visit 
            >                 https://groups.google.com/d/optout. 
            >                 
            >                 -- 
            >                 Cornelius Kölbel 
            >                 corneliu...@netknights.it 
            >                 +49 151 2960 1417 
            >                 
            >                 NetKnights GmbH 
            >                 http://www.netknights.it 
            >                 Landgraf-Karl-Str. 19, 34131 Kassel,
            Germany 
            >                 Tel: +49 561 3166797, Fax: +49 561
            3166798 
            >                 
            >                 Amtsgericht Kassel, HRB 16405 
            >                 Geschäftsführer: Cornelius Kölbel 
            >                 
            >                 
            > -- 
            > Please read the blog post about getting help 
            > https://www.privacyidea.org/getting-help/. 
            >   
            > For professional services and consultancy regarding
            two factor 
            > authentication please visit 
            >
            https://netknights.it/en/leistungen/one-time-services/ 
            >   
            > In an enterprise environment you should get a
            SERVICE LEVEL AGREEMENT 
            > which suites your needs for SECURITY, AVAILABILITY
            and LIABILITY: 
            >
            https://netknights.it/en/leistungen/service-level-agreements/ 
            > --- 
            > You received this message because you are subscribed
            to the Google 
            > Groups "privacyidea" group. 
            > To unsubscribe from this group and stop receiving
            emails from it, send 
            > an email to privacyidea...@googlegroups.com. 
            > To post to this group, send email to
            priva...@googlegroups.com. 
            > Visit this group at
            https://groups.google.com/group/privacyidea. 
            > To view this discussion on the web visit 
            >
            https://groups.google.com/d/msgid/privacyidea/98e6cda2-398b-4fe2-9a5b-7ea55208049e%40googlegroups.com. 
            > For more options, visit
            https://groups.google.com/d/optout. 
            
            -- 
            Cornelius Kölbel 
            corneliu...@netknights.it 
            +49 151 2960 1417 
            
            NetKnights GmbH 
            http://www.netknights.it 
            Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
            Tel: +49 561 3166797, Fax: +49 561 3166798 
            
            Amtsgericht Kassel, HRB 16405 
            Geschäftsführer: Cornelius Kölbel 


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/efc8fa2d-d481-48fc-8707-c209146b7825%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)