simplesamlPHP doEnrollToken

Good morning.
I have simplesaml setup as AuthProc
My config is this
39 => array(

'class'             => 'privacyidea:PrivacyideaAuthProc',
'privacyideaServerURL' => 'https://privacyideaserver',
'realm'             => 'realm',
'uidKey'            => 'sAMAccountName',
'sslverifyhost'     => false,
'sslverifypeer'     => false,
'serviceAccount'  => 'idp',
'servicePass'     => '**********',
'SSO' => 'true',
 'otpFieldHint' => 'Codigo de Segurança Adicional!',
'doEnrollToken' => 'true',
'typeOfTokenToEnroll' => 'totp',


The authetication is working fine, but if i make ‘doEnrollToken’ => ‘true’, the user is pro,pted to enroll a toke every time it logins, creating a infinty number of tokens.
If i read it correctly, that should only happen if the user doesnt have a toke already .
What i’m i doing wrong ?

Sory for my English, it’s not my native language

Hi, this seems to be a bug. However, i would advise you to use the enroll via challenge-response feature from the server to enroll token for users on login.
scope: authentication
misc: enroll_via_multichallenge
This requires a successful authentication beforehand, so for users that do not have a token, you need to enable “passOnNoToken” from scope=authentication aswell.

The feature to enroll token from the plugin itself will be removed in the future because it is contrary to the workflows we want to encourage.

OK, im new to privacyIDEA , so im going to give it a try.
Best Regards