How can I map validity date in the Registration token to the TOTP token?

When I create the start validity date & end in the Registration token

it’s ok, but when the user enrolls TOTP to log in,
I checked the user’s information the start validity date & end was not displayed as it was when set in the Registration token

I have to select them again. How can I map them in the Registration token to the TOTP token?

Do you want to automatically stamp the token registration date and token expiration date when user registers the token himself??

Hi leevitan, yes i want do that

You can use Event Handler:
first event handler set tokeninfo


In the token info field you can see registration date:


second event handler set validity


see 8.6.2. Token Handler Module — privacyIDEA 3.6 documentation

this way you get:

  1. user registers a token
  2. automatically set date of registration in the tokeninfo
  3. automatically set validity

Thanks for your support.
Currently, I have 2 unknown issues as follows:

  1. What is the input structure for Validity Date/End box?
  2. The company’s policy asigns each users to a different token expiry date. How to map the Validity Date in Registration to the one that you show?
    Notes: The system Iam using is a registration code that users can enroll and force the user to enroll TOTP token

This is interesting. Do I understand your scenario correctly?

  1. The admin or a helpdesk user enrolls a registration token to a user. This has an individual validity period, depending on the user like 2 weeks, 13 days or ‘till Xmas’. The admin sets this end date manually.
  2. Then the user uses this registration token to authenticate and self-enrol a TOTP token. The user is not allowed to set the validity date, but rather should the validity date (end) be read from the registration token and transferred to the TOTP token.

This way the admin can initially define the individual validity period for a TOTP token per user, before the TOTP token exists.

Is this correct?

Hi Cornelinux,
That’s exactly what I want. Because Iam very passive in limiting the use of self-enroll user’s token.

So can we setting like that ?

You could do this with two event handlers. But you need to store the validity period of the registration token somehwere, because it is deleted, before the TOTP token is created.

  1. Helpdesk enrolls registration token.
  2. Script Event handler: after enrolling registration token store validity period of this token somewhere (maybe user attributes)
  3. User logs in with registration token, it is deleted.
  4. User enrolls TOTP.
  5. Script Event handler: after totp token is enrolled, the event handler reads the validity period and sets it in the TOTP token.

You need to write two scripts for step 2 and 5.

before, i try a event handler to set manual Validity but stil can not. i dont know which wrong ?

wrong event!

You must use script handler modules and write your own scripts.

I get this error message when I select module Handle event = Script

In The Handler Event list, i can choose all but only “Script” i can’t

i dont know how to use it

Can not set like this