Regex bug or feature? (v 3.9.3)

Dio · November 19, 2025, 3:32pm

I’m having a Problem with the behavior of privacyidea when usernames (effectively E-Mail addresses) differ in only one character. (e.g. frank.drebin@national-lampoon.com, frank-drebin@national-lampoon.com and frank_drebin@cop.com) They are recognized as the same user.
So if you use the API endpoint /token/init for all three users to assign one TOTP to each of them, only one user_id gets all three tokens.

Is it a bug in Version 3.9.3 or a feature?

Denis

cornelinux · November 19, 2025, 7:42pm

Hard to say. It can be a bug - it can be a feature.

It very much depends on your configuration and on your API call, i.e. the paramters of your API call.

Please note, that 3.9 is roughly two years old and you should think about updating.