Posts

Kassel, December 2nd, 2019. The open source security specialist NetKnights has released a new version of the multi-factor authentication software “privacyIDEA”. It offers new possibilities to adapt the authentication system by flexible configuration and to integrate it into one’s own workflows.

With version 3.2 of privacyIDEA, the administrator receives two new event handler modules to define rules that can modify both HTTP requests and HTTP responses of the REST API as required. This allows workflows to be highly customized. It is now possible to easily forward audit information to external log management tools such as Splunk or Logstash and process it there. The authentication at the REST-API has been extended so that a robust integration into any other application can be implemented.

privacyIDEA is now available via the Python Package Index and in repositories for Ubuntu LTS.

Two new Event-Handler-Modules improve flexibility

Up to now, the event handler framework had token, script, federation, and statistics handlers in addition to notifications. The request handler and the response handler are now two additional, very flexible modules. These enable the administrator to define rules that change parameters of REST request to privacyIDEA and also the values in the response at will, depending on definable conditions.

The behavior of privacyIDEA can thus be adapted extremely flexibly. Closest application cases are, for example, the secure resetting of passwords, special rollout scenarios or individual authentication rules. The system can thus be adapted to different user requirements and the behaviour and fit into already existing processes.

Audit-Data at your fingertip

privacyIDEA writes log data: Who did what, how and when – including success or failure and additional information – into an internal, structured SQL audit module. From version 3.2 the administrator can also facilitate a file audit module. Its entries can now be easily imported into any log management system such as Splunk or Logstash. This enables companies to correlate events – also from privacyIDEA – and to identify and process problems more easily.

Integrate any privacyIDEA function into your own portals

Via the REST-API privacyIDEA can already be integrated into the portals of a user, for example into a browser-based self-service or internal, existing management portal.

This has become considerably easier with version 3.2 through the use of trusted JSON Web Tokens in privacyIDEA. Any token management function can also be integrated into other applications, which should be particularly interesting for in-house developments. However, it remains the responsibility of the privacyIDEA administrator to grant or withdraw all rights centrally in privacyIDEA.

Many further enhancements

Also the policies, which generally control the behavior of privacyIDEA, were extended. The administrator can now use any HTTP header as a condition for the respective policy.

Event handlers can also use the requesting HTTP client or the rollout state of a token as a condition.

In addition to notification by e-mail and SMS, the notification handler now also contains the option of simply writing messages to files in a spool directory.

The behavior of the PUSH token has also been improved. The authentication process is now designed to integrate more easily with other applications.

In total there were more than 25 extensions and six bug fixes. A complete list of the changes can be found in the changelog at Github.

Install or update privacyIDEA

privacyIDEA 3.2 is now available via the public repositories for Ubuntu 16.04 and 18.04. The software can also be installed on any distribution via the Python Package Index. Enterprise releases for Ubuntu LTS and RHEL/CentOS will follow shortly.

Visit our Blog.

Abonnieren Sie unseren Newsletter.

Lesen Sie die Mitteilung auf privacyIDEA.org.

privacyIDEA will provide an Event Handler Framework in the upcoming release 2.12.

Policies for Two Factor Authentication

Using policies you can already configure privacyIDEA in a very detailed and sophisticated manner. The administrator can define the behaviour of privacyIDEA. This way you can run privacyIDEA in many differenz scenarios and find a solution for all requirements. Policies change the authentication and authorization behaviour. The administrator can define security levels or perform an easy migration.

Event-Handler

With the Event-Handler you get completely new possibilities. While policies change the behaviour of privacyIDEA, the Event-Handler does not change this, but starts completely new actions depending on events without changing the behaviour define by the policies.

 

event-handler-enThe screenshot above shows an event definition for the event “token_init”. This is the event of initializing or enrolling a token. In addition to the way the token is initialized, now the action “sendmail” is triggered. The logic is implemented in the handlermodule “UserNotification”. The interesting thing is, that such an action can be bound to any arbitrary event.

 

More Event-Handler-Module

The first event-handler module to be shipped is the module “UserNotification”. More modules are about to follow. A moduel “Enrollment” could trigger and action to enroll a certain token type for a user — as an reaction to any kind of event!

This way you get unimagined possibilities to design new, creative configurations and workflows. Once more privacyIDEA proves, that it is a modern, innovative and trend-setting authentication system.

Please sign up to our newsletter to always be up to date.