The code of the privacyIDEA Authenticator App 4.0 as it is contained in the github repository has an important change in the Push functionality.
If you are not using your own source code but use the precompiled privacyIDEA Authenticator released by the company NetKnights, this has the following meaning for you.
Breaking Change in Push-Functionality
In order to increase the stability of the push functionality and the reliability of the delivery of the push messages, we decided to revise the configuration of the Firebase project. As of version 4.0, the app works with a central Firebase project that is managed by NetKnights.
That means your privacyIDEA server will no longer be able to notify the push tokens in the app version 4.0 via the Firebase project you have configure individually. To enable the new and more stable notification feature, you either need to recompile the App or get a subscription from NetKnights to gain access to the central Firebase project.
However, you can also use the precompiled and released Authenticator App without the need for a Firebase project.
Using Push-Token without Firebase project
In this scenario you will use the Push-Poll functionality, where the Authenticator polls the challenges from the privacyIDEA server. Users will have to have the privacyIDEA Authenticator App in the foreground to receive messages.
You need to proceed as follows.
- Update the privacyIDEA server to version 3.7.1. This will ensure a flawless polling functionality
- If not yet configured, create a policy in scope “Authentication” with the setting “push_allow_polling” = “allow”.
- If not yet configured, create a policy in scope “Enrollment” with the setting “push_firebase_configuration” = “poll only”.
- If you already have a “push_firebase_configuration” policy, change it to “poll only”.
- To receive the Push notification, the user must open the privacyIDEA Authenticator. The notifications will be polled or the user can actively poll the notifications by swiping downwards.
- The configuration of the Firebase project in your privacyIDEA server can be deleted.