Validating tokeninfo during login

Hi folks,
we try to use the tokeninfo as a condition for the login to the webui. Here the scenario:

During the registration of a user, he enrolls his first totp token, this token is automatically flagged with login = 1 in the tokeninfo via the event handler. All totp tokens after that one do not receive the key-value-pair.
Now when the user likes the log in to the webui, he should only be allowed to do that if the token he is using has the login = 1 in the tokeninfo - all other tokens are not allowed to log in.

I managed to get the first part working, but i can’t get the policy working for the login in the policies. Here the last try of many:


In any case, i saw in the audit logs, that the policy is not used.

Has anybody some hint on that?

Thanks and greetz from southern Hesse

So you would like to have the user only log in with his “first” token to the privacyIDEA WebUI!?

Why do you want to do this? What do you want to achive?