Is privacyIDEA an open source or a commercial solution

Hi all,

a user asked if privacyIDEA was an open source or a commercial solution.

That is a very good question, because is shows one thing, that in my opinion happens often in this forum. Why is the question being it A or B? privacyIDEA is an open source solution. It is definitively an enterprise solution. And sometimes it is a commercial solution.

If someone asks if it is open source or comercial, this indicates that you think open source and commercial do actually mutually exclude each other. That is wrong. Let me tell you why. Let my tell you my understanding of open source.

No gifts back in the old days

I grew up in a time without smartphones. Even without mobile phones. But I grew up in a time with open source. Imho the era of smartphones led to a basic feeling that in the IT landscape you get things for free. There are million of apps, you get for free (and we all know, we do not get them for free, we pay with our data.)

Around twenty years ago it was also clear, that you do not get open source for free.
But wait - it does not cost anything! There is no price tag on it, right? That’s right.
But it was clear that you pay at least with your time. You need to invest your own time! The time it takes you to download the tgz, to compile the code, to read the fucking manual, to search forums, to try to understand things.

Today I have the impression, that we ended up in an IT world, where open source simply degraded to “it does not cost anything”. Great, and there is this community “who will solve my problems” and “which will explain things to me, since I did not read the manual”.

Folks, privacyIDEA is a complex enterprise solution. A complex enterprise solution where you would pay a middle range 5 digit amount a year for a mid sized business. Consider this!

privacyIDEA comes with a roughly 400 pages of documentation. Read it! …or use DUO secuity! I mean it!

privacyIDEA is Open Source

Why? Because we think that such a solution needs to be open source! The main reasons are:

  • It gives you access to the code to verify that the critical authentication works as you expect and is free of back doors.
  • You can understand, how the system works under the hood.
  • It makes you independent of one company and end-of-life problems. I wrote about this earlier.

These reasons should also be important to enterprises.
There are other, weaker reasons:

  • You can adapt the code and contribute to the code
  • You can fork it, if you need to
  • You can spare license costs

What is the company NetKnights

To clarify some things: The company NetKnights was founded (by me) alongside the start of the project privacyIDEA (by me) with the intention to provide support, consultancy and SLA for privacyIDEA.
This is the core business of the company. Since this company earns money, employees can work full time on developing privacyIDEA. Be grateful for that!

But still privacyIDEA is open source. If any other company on this planet would decide to fork privacyIDEA and provide services for it, they can do so.

If any other company on this planet would decide to provide consultancy and services for privacyIDEA, thy can do so. (Actually there are other companies, that do so)

Remember, this is what open source is about! Being independent from one company.

Nevertheless 99% of the code of privacyIDEA is currently provided by employees of the company NetKnights. Still privacyIDEA is transparently developed at github and we are very open for pull requests.

So a “community” member can also add code or documentation if wanted.

What is this community

What do you think the community is? Ask yourself, do you expect from “the community” to solve your problems? …to explain the system to you, since you are too lazy to read the documentation? Read the log files for you? Think for you?

This forum has over 400 members. But on this forum there are - at the time of writing - only maybe 4-5 persons who actually answer questions. 3-4 of them are employees of the above mentioned company.
It would be great if the “community” would be more self contained and you would help each other.

But don’t get me wrong, I do not expect from anyone to become an expert in privacyIDEA.

But what I expect from you is to be an expert in Linux! Again, this is a sophisticated, complex system and if you do not know, how to debug a problem on a Linux server, you should probably not be responsible for running privacyIDEA! Or you should get professional help!

I am totally fine with people using privacyIDEA on their own! With you using privacyIDEA we also get feedback on the system and the solution gets known better. Thank you for that!

But please understand that we can not invest hours of our time in asking you more details in regards to your problems, because you missed to tell enough information in the first place!

What you need to do

But here is what I expect from each and every one of you:

If you post a question to this forum, I expect that you have at least worked half an hour on your question yourself! Anything else would be to take advantage of the time of those who otherwise try to earn money with this work. Try to explain your topic as good as possible. Try to consider yourself what would be probably necessary information, s.o. needs to know to understand your topic?

Forum posts like “I get this error messates … What am I doing wrong?” or “The system responds with… Is this a bug?” can not be accepted!

If you do not put any effort in understanding and describing your problems or ideas, why should anyone else do so?

Please note the FQDN of this site! It is and it is not

Thanks a lot for noting.

Thanks a lot for following these notes.