It was a long way, but finally pieces started to fit together.

We are proud to present to you privacyIDEA version 2.23!

Monitoring and Statistics

To be able to provide a flexible and modular monitoring and to create any arbitrary statistics we created a framework of periodic tasks.

Using specific modules the administrator can define, what should happen in certain time intervals or at certain dates. These modules can collect system information for statistics, but such modules could also do anything else. Currently we provide two modules – the Event Counter and Simple Stats. 

The Event Counter can be used in conjunction with the Event Handler to record the occurrence of any arbitrary event. The periodic task scheduler will write the number of these events to a time series. The Simple Stats module reads predefined values from the privacyIDEA system (like number of tokens, number of assigned tokens, number of not assigned hardware tokens) and also writes those to a time series.

The administrator can easily use tools like Grafana to view the time span of interest in an expressive graph.

Pre-Event-Handling

Event Handlers were already added to privacyIDEA in Version 2.12. Using event handlers the administrator can connect any event to new actions like user notification, token management or any arbitrary script. If such an event occurs, the defined action is triggered.

With version 2.23 these actions can now be triggered, before the original event is processed. We distinguish Post-Event-Handling and Pre-Event-Handling. E.g. the administrator can define, that a user, who has no token assigned and tries to authenticate, gets a new token enrolled. And this newly enrolled token will be directly used during this authentication request. The logon experience for the user is totally transparent. There is no additional effort for the administrator.

This way a lot of tasks, which would otherwise be done manually or called by a script, will be executed automatically just at the right moment within privacyIDEA. This way the administrator can cope with unforeseen scenarios and can automate actions accordingly.

Ordered Policies

Policies have been around in privacyIDEA since day One. Policies define the way how privacyIDEA should respond to an API request. Policy definitions can become very complex. Policies also depend on time and the source IP address of the request. So in certain cases policies could overlap and the logic would not be clear, how privacyIDEA should respond.

To solve this problem we introduced a policy order in privacyIDEA 2.23. The administrator can give each policy an order number. This way the administrator can define which policy should come first and should take precedence if something should be unclear.

This can help in bigger, complex setups to make configuring privacyIDEA a lot easier.

Your next steps

We also added a lot more minor features and improved the SQL and HSM performance. For a complete Changelog please take a look at Github. You can install or update privacyIDEA via the Ubuntu Launchpad repositories or via the Python Package Index.

When you update, please see read_before_update.

If you have any questions, please have a look at the community forum.

Visitors will be able to talk to the core developer team of privacyIDEA and see the new features of the upcoming release 2.23, including Monitoring and Statistics and Pre-Event Handler. Once again these implementations will prove, that privacyIDEA is the most flexible two factor authentication system. The administrator can define freely which kind of values or event he wants to monitor. The pre-event handling opens unforeseen possibilties to design workflows like automagically enrolling Email tokens to the user just upon authentication.

Come and gape! The privacyIDEA booth is in the Mensa next to the ownCloud booth. And as privacyIDEA also integrates well with ownCloud, there will also be a workshop on integrating enterprise ready 2FA with the open file sharing solution on Sunday.

I18N

The first important new features is, that it adds German translation to the Web UI. We are using gettext, so that it is easy to add translations to any other language. If you need other languages or if you want to translate to another language, drop us a note.

Statistics

Another new main feature is, that you can now see some statistics like

• Authentication requests per user (successful and failed),
• Authentication requests per token (successful and failed),
• Failed authentication requests per token,
• Failed authentication requests per user,
• Management requests,
• Token usage.

This way you can easily see, which user generated the most failed authentication requests during the last day, week or month. You can see, which tokens are used most often…

If you have any further ideas about using the statistics, drop us a note on the mailing list or at github.

Pin Handler

We added a hook for a PinHandler. You can choose to create a random OTP PIN during token enrollment. This way the administrator will not know the OTP PIN of the token. You can add a PinHandler python module, that can process this random, secret PIN and send the PIN via Email, SMS or print a sealed letter, that will be sent to the user.

…and more

In addition we added the possibility to create an automated restructed text documentation, which can be used to document the system state after setting up privacyIDEA.

A plugin for ownCloud was added and you can find a howto here.

When enrolling an Email- or an SMS-token the email address and the mobile phone number are presetted from the user store.

LDAP binds in LDAP resolvers can now be configured anonymously.

When enrolling HOTP or TOTP tokens with a QR Code, the hash algorithm is added ti the QR Code.

Fixes

• Fix registration token
• Fix mOTP reuse problem