Force authentication only with tokentype

iamohtep · May 17, 2017, 9:45am

Hi all!

We have a little problem with our rest api. Ive installed Privacyidea in
one of our servers and my partner is the one in charge for coding a plugin
between our app and privacyidea. Is there a parameter to force a certain
tokentype from a particular user-id to authenticate against privacyidea?
The user has like three tokens paper, totp, and hotp and I was wondering if
we could force paper for this? I mean this would only affect the plugin and
NOT other plugins authenticating against the server like owncloud and
freeradius.

With kind regards,
Jojo

cornelinux · May 17, 2017, 9:39pm

Please take a look at the tokentype policy.
http://privacyidea.readthedocs.io/en/latest/policies/authorization.html#tokentype

Kind regards
CorneliusAm Mittwoch, 17. Mai 2017 11:45:01 UTC+2 schrieb iamohtep@gmail.com:

Hi all!

We have a little problem with our rest api. Ive installed Privacyidea in
one of our servers and my partner is the one in charge for coding a plugin
between our app and privacyidea. Is there a parameter to force a certain
tokentype from a particular user-id to authenticate against privacyidea?
The user has like three tokens paper, totp, and hotp and I was wondering if
we could force paper for this? I mean this would only affect the plugin and
NOT other plugins authenticating against the server like owncloud and
freeradius.

With kind regards,
Jojo

iamohtep · May 18, 2017, 5:19pm

Hi Cornelius,

Thanks! Im still looking at the policies and how to mix it up. Currently I
only have 2 policies 1 authentication and 1 webui. I have another problem,
but its not related to the previous one. Here it is, the server does not
accept my correct totp generated from my smartphone just because I
previously entered a wrong totp one time? I mean Im pretty much sure that I
entered the correct totp after the wrong one within the 30 seconds time. So
I tried to log in again from the start and carefully entered the totp and
it works. It seems that the system does not allow wrong totp or did I miss
some configurations? Can this be tweaked?

With kind regards
JojoOn Wednesday, May 17, 2017 at 11:39:11 PM UTC+2, Cornelius Kölbel wrote:

Please take a look at the tokentype policy.

7.4. Authorization policies — privacyIDEA 3.8 documentation

Kind regards
Cornelius

Am Mittwoch, 17. Mai 2017 11:45:01 UTC+2 schrieb iamo...@gmail.com
<javascript:>:

Hi all!

We have a little problem with our rest api. Ive installed Privacyidea in
one of our servers and my partner is the one in charge for coding a plugin
between our app and privacyidea. Is there a parameter to force a certain
tokentype from a particular user-id to authenticate against privacyidea?
The user has like three tokens paper, totp, and hotp and I was wondering if
we could force paper for this? I mean this would only affect the plugin and
NOT other plugins authenticating against the server like owncloud and
freeradius.

With kind regards,
Jojo

cornelinux · May 19, 2017, 12:38pm

Hello Jojo,

please open a new topic for your TOTP question.
This way other users can find such things more easy and thus it will also help others - not only you!

Kind regards
Cornelius