Tan-List after all Tokens are used up

Hello everyone,

as we are still in the rollout phase for our PI installation, I am currently testing different scenarios on how the User will behave and what kind of usability problems my arise.

In that regard, I have a question towards the TAN-Token and the Paper-Token.

I created a tan-list for my test user and used up all tans, I was hoping, that the Token would deactivate or delete itself similar to a registration-token after all values were used up, but it didnt.

Is there a way to configure that? I would like to limit my Users to 2 max_active Tan Tokens at the same time, so that if they reach the end of their List they would just create a new one and if the last value of the 1st Set is used it just gets deactivated, mainly for the benefit of the user in the WebUI

Any Ideas how I can accomplish that?

Regards Weber

Check out the event handler.

You could check after succesfull authentication the counter of the token an then delete this token.

Hello Cornelius,

Thank you for the Tip with the event Handler.

I still have a configuration issue with it it seems.

i configured 3 Events:

Event 1: triggers post auth with the check otp counter 20 and sends a mail to the user
with my Understanding, this would mean the User gets a Mail once he used 20 OTP Values of his Paper Token. I also set it for the tokentype: paper

But now I got the Mail when I used it for a registration Token on first use(since its the only use), which makes no sense to me.

Firstly, I defined the Event for the token type: Paper, and secondly for otp-counter “20” not “1”

Why is this happening?

Because of this my 2 other Events also dont behave like I expected.

Regards Marc


I am still confused how the event is handeling my definded Events in the backround:

I definded an event called PaperToken_delete which triggers post auth/ and for token Type “paper” with an otp_count of =80. Which triggers the token_delete action.

This is supposed to delete the Token of a User after he used his 80 Paper Token Values.

In reality, it basically disables the login with registration Token, because it seemingly deletes the Registration Token after the auth process before login the User in…

I don’t understand how my defined Event is conflicting with the Registration Token.

To Test it, I created a 2nd Event with the same triggers, but as Action it sends the User an E-mail “your Token is used up and got deleted”, and disabled the delete Event.

I was able to login then, but got the triggered E-Mail, which confirms for me that the Event gets triggered on login with Registration Token, even though neither the Condition “Paper” as Token-Type and “80” as “otp_count” should have been met.

What am I doing wrong?

I attached a screenshot of the configured event.

Regards Marc