Hi, how are you?
I am using event handler to create the SMS token for users on the first login, to avoid creating several tokens, I only enroll the SMS token when the user has no token.
Event handler:
[ “auth” ] Token pre {“logged_in_user”:“user”,“realm”:“realm_user_corp.xxxxxxxxx.com.br”,“user_token_number”:“0”} enroll { “dynamic_phone”: “True”, “sms_identifier”: “test”, “tokentype”: “sms”, “user”: “True” }
This is working fine.
What I am trying to achieve:
The user must not be allowed to modify or delete the SMS token, this is immutable.
The user is only allowed to enroll and manage push / email tokens.
So I have created 2 policies with filters:
1 - disabled delete of SMS:
user { “”: true }
Condition: active / token
tokentype
equals
sms
2 - allow email and push
user { “delete”: true, “enrollEMAIL”: true, “enrollPUSH”: true }
token
tokentype
equals
email
It is not working, I cannot delete, but I cannot enroll, I am getting the message below:
Policy ‘sssss_2’ has conditions on tokens, but a token object is not available.
Is this scenario possible to be implemented?
Cheers,
Thiago