privacyIDEA 2.16 – better notification – more secure

Today we released just on schedule the version 2.16 of privacyIDEA.

Event Handler Framework

The event handler framework is great. It is used by a lot of people to adapt their workflows. So we enhanced the UserNotification module. It comes with a lot of new conditions and can send notifications to tokenowners or administrators. You can use the user object, groups or simple email addresses. The administrator can define conditions in which cases the notification should be sent. eventhandler-1

The notification template can contain a lot of new tags:

  • {admin} name of the logged in user.
  • {realm} realm of the logged in user.
  • {action} the action that the logged in user performed.
  • {serial} the serial number of the token.
  • {url} the URL of the privacyIDEA system.
  • {user} the given name of the token owner.
  • {givenname} the given name of the token owner.
  • {surname} the surname of the token owner.
  • {username} the loginname of the token owner.
  • {userrealm} the realm of the token owner.
  • {tokentyp} the type of the token.
  • {registrationcode} the registration code in the detail response.
  • {recipient_givenname} the given name of the recipient.
  • {recipient_surname} the surname of the recipient.

eventhandler2The registrationcode is an interesting tag, which can be used to automatically notify the user about his new registration token.

Hardware Security Module

In addition to the PKCS11 module a second AES based Security Module was added. The system administrator can use the security module to encrypt and decrypt data like the OTP seeds in a network attached hardware security module (HSM) boosting your overall security.

This way you do not have to worry about seeds or encryption keys getting compromized.

Managing Subscriptions

It is true. Not all client components communicating with privacyIDEA are free. privacyIDEA helps to manage subscriptions for such components like the privacyIDEA ownCloud App. You can upload subscription files by NetKnights and other 3rd party vendors to assure the communication with the corresponding applications.



Please see the complete changelog:


  • Add HSM support via AES keys (#534)
  • Improved Event Handler for flexible notification (#511)
  • Signed subscription files for adding and checking for extra functionality during authentication request (#502)


  • Allow additional filter attributes in the Audit Log (#519)
  • Show or hide realms in the login dialog via policy (#517)
  • Improve UI if admin is not allowed for certain actions (#516, #512)
  • Disable OTP PIN during enrollment via policy (#439)
  • Allow automatic sending of registration code via email (#514)


  • Allow compatibility with ldap3 >= 2.0.7 (#533 #535)
  • Fix problem with Notification when no tokenowner is available (#528)
  • Fix confusion of client HTTP parameters (#529)
  • Fix enabled flag with certain database types (#527)
  • Catch error in case of faulty overrideClient definition (#526)
  • Truncate Audit lines, that are too long for the DB table (#525)

Install or update privacyIDEA according to the installation instructions.

Leave a comment