Hi Stephan,
first this would require a policy to contain a tokentype - which it does
not.
2nd: You only know the tokentype, if you know the token. And the token
is sometimes determined by the otp pin.
Imagine a login screen.
The user enters "something".
There is no easy, straigtforward way for privacyIDEA to know if this is
supposed to be OTP PIN, an LDAP password or a PIN+OTP...
It only knows the user, who can have several tokens.
(At least I do not know an easy way - would be happy to implement such
one)
Anyway: You have the following possibilities at the moment:
You can decide based on
1. Client IP address
2. User Resolver.
1.
So lets say, you know that logging in from the Application A will always
happen with email-tokens, than you can create a policy with the Client
IP if application A, that says: OTP PIN required.
If the login is from somewhere else, you can say: LDAP password
required.
2.
If _you_ know which users will only have an EMAIL token, you can put
these users in their own resolver "email-users". Lets say by a group
membership.
All other users can be located in resolver "hardware-users".
Now you can join both resolvers in your default realm.
Create a policy with
resolver=email-users
otppin=privacyidea
and a second policy
resolver=hardware-users
otppin=userstore
I am happy to discuss this.
And hopefully we come up with a really good idea, that can make a shiny
new cool feature in the next PI release.
Kind regards
Cornelius
> --
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to
privacyidea...@googlegroups.com.
> To post to this group, send email to
priva...@googlegroups.com.
> To view this discussion on the web visit
>
https://groups.google.com/d/msgid/privacyidea/d222ed4c-357b-4873-9cfb-a571be14f7db%40googlegroups.com.
> For more options, visit
https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel:
+49 561 3166797, Fax:
+49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel