### IdResolver Setup Method Source: https://privacyidea.readthedocs.io/en/stable/_modules/privacyidea/lib/resolvers/PasswdIdResolver.html Details the setup hook for the IdResolver, which is triggered when the server starts serving the first request. ```APIDOC ## IdResolver.setup ### Description This setup hook is triggered when the server starts to serve the first request. ### Method `staticmethod` ### Parameters - **config** (dict) - Optional - The privacyidea config dictionary. - **cache_dir** (str) - Optional - The directory for caching. ``` -------------------------------- ### Get U2F Initialization Details Source: https://privacyidea.readthedocs.io/en/stable/_modules/privacyidea/lib/tokens/u2ftoken.html Prepares the details required for the initial U2F device setup. It generates a challenge for the first step and returns the U2F registration request. For the second step, it returns the subject (description) of the token. ```python @log_with(log) def get_init_detail(self, params=None, user=None): """ At the end of the initialization we ask the user to press the button """ response_detail = {} # get_init_details runs after "update" method. So in the first step clientwait has already been set if self.token.rollout_state == RolloutState.CLIENTWAIT: # This is the first step of the init request app_id = get_from_config("u2f.appId", "").strip("/") from privacyidea.lib.error import TokenAdminError if not app_id: raise TokenAdminError(_("You need to define the appId in the " "token config!")) nonce = url_encode(geturandom(32)) response_detail = TokenClass.get_init_detail(self, params, user) register_request = {"version": U2F_Version, "challenge": nonce, "appId": app_id} response_detail["u2fRegisterRequest"] = register_request self.add_tokeninfo("appId", app_id) elif self.token.rollout_state == "": # This is the second step of the init request, the clientwait rollout state has been reset response_detail["u2fRegisterResponse"] = {"subject": self.token.description} return response_detail ``` -------------------------------- ### Example GET /client Request Source: https://privacyidea.readthedocs.io/en/stable/modules/api/client.html This is an example HTTP request to retrieve a list of authenticated clients. Ensure the Host header is set to your privacyIDEA instance. ```http GET /client HTTP/1.1 Host: example.com Accept: application/json ``` -------------------------------- ### Example GET /client Response Source: https://privacyidea.readthedocs.io/en/stable/modules/api/client.html This is an example JSON response for a successful GET /client request. It includes the status of the operation and a dictionary of clients grouped by their type. ```json HTTP/1.1 200 OK Content-Type: application/json { "id": 1, "jsonrpc": "2.0", "result": { "status": true, "value": {"PAM": [], "SAML": [], }, "version": "privacyIDEA unknown" } ``` -------------------------------- ### privacyIDEA Configuration File Example Source: https://privacyidea.readthedocs.io/en/stable/installation/centos.html Example configuration for privacyIDEA, defining SUPERUSER_REALM, database connection, encryption keys, and logging settings. ```python import logging # The realm, where users are allowed to login as administrators SUPERUSER_REALM = ['super'] # Your database SQLALCHEMY_DATABASE_URI = 'mysql+pymysql://pi:@localhost/pi' # This is used to encrypt the auth_token #SECRET_KEY = 't0p s3cr3t' # This is used to encrypt the admin passwords #PI_PEPPER = "Never know..." # This is used to encrypt the token data and token passwords PI_ENCFILE = '/etc/privacyidea/enckey' # This is used to sign the audit log PI_AUDIT_KEY_PRIVATE = '/etc/privacyidea/private.pem' PI_AUDIT_KEY_PUBLIC = '/etc/privacyidea/public.pem' PI_AUDIT_SQL_TRUNCATE = True # The Class for managing the SQL connection pool PI_ENGINE_REGISTRY_CLASS = "shared" PI_AUDIT_POOL_SIZE = 20 PI_LOGFILE = '/var/log/privacyidea/privacyidea.log' PI_LOGLEVEL = logging.INFO ``` -------------------------------- ### Logging Configuration Example Source: https://privacyidea.readthedocs.io/en/stable/_modules/privacyidea/lib/auditmodules/loggeraudit.html Example configuration for logging.cfg to define the audit logger and handler. ```ini [handlers] keys=file,audit [loggers] keys=root,privacyidea,audit ... [logger_audit] handlers=audit qualname=privacyidea.lib.auditmodules.loggeraudit level=INFO [handler_audit] class=logging.handlers.RotatingFileHandler backupCount=14 maxBytes=10000000 formatter=detail level=INFO args=('/var/log/privacyidea/audit.log',) ``` -------------------------------- ### GET /validate/initialize Source: https://privacyidea.readthedocs.io/en/stable/modules/api/validate.html Starts an authentication process by requesting a challenge for a specific token type. Currently supports 'passkey' type. ```APIDOC ## GET /validate/initialize ### Description Starts an authentication by requesting a challenge for a token type. Currently, supports only type passkey. ### Method GET ### Endpoint /validate/initialize ### Parameters #### Query Parameters - **type** (string) - Required - The type of the token, for which a challenge should be created. ``` -------------------------------- ### Enable and Start Services on CentOS Source: https://privacyidea.readthedocs.io/en/stable/installation/centos.html Enables and starts the Apache HTTP Server (httpd) and MariaDB database services, ensuring they run on boot. ```bash $ systemctl enable --now httpd $ systemctl enable --now mariadb $ mysql_secure_installation ``` -------------------------------- ### Example POST Request for /validate/check Source: https://privacyidea.readthedocs.io/en/stable/modules/api/validate.html This example demonstrates how to send a POST request to the /validate/check endpoint for user authentication. Ensure the 'Host', 'Accept', 'user', 'realm', and 'pass' parameters are correctly set. ```http POST /validate/check HTTP/1.1 Host: example.com Accept: application/json user=user realm=realm1 pass=s3cret123456 ``` -------------------------------- ### Install privacyIDEA Packages Source: https://privacyidea.readthedocs.io/en/stable/installation/ubuntu.html Update the package list and install the privacyIDEA web server package. ```bash apt update apt install privacyidea-apache2 ``` -------------------------------- ### Install PostgreSQL driver Source: https://privacyidea.readthedocs.io/en/stable/faq/mysqldb.html Install the psycopg2_binary package into the privacyIDEA virtual environment to enable PostgreSQL support. ```bash (privacyidea) $ pip install psycopg2_binary ``` -------------------------------- ### Example HTTP Response for Token Initialization Source: https://privacyidea.readthedocs.io/en/stable/modules/api/token.html This is an example of a successful HTTP response when initializing a token. It includes details for Google Authenticator and OATH tokens. ```http HTTP/1.1 200 OK Content-Type: application/json { "detail": { "googleurl": { "description": "URL for google Authenticator", "img": " }, "oathurl": { "description": "URL for OATH token", ``` -------------------------------- ### Start privacyIDEA Development Server Source: https://privacyidea.readthedocs.io/en/stable/installation/pip.html Command to start the development server for privacyIDEA. Note: This is not recommended for production environments. For versions prior to 3.10, use `runserver` (deprecated). ```bash (privacyidea)$ pi-manage run ``` -------------------------------- ### Implement Setup Hook Source: https://privacyidea.readthedocs.io/en/stable/_modules/privacyidea/lib/resolvers/PasswdIdResolver.html Static method triggered upon server startup to initialize the resolver. ```python @staticmethod def setup(config=None, cache_dir=None): """ this setup hook is triggered, when the server starts to serve the first request :param config: the privacyidea config :type config: the privacyidea config dict """ log.info("Setting up the PasswdResolver") return ``` -------------------------------- ### GET /token/get_init_detail Source: https://privacyidea.readthedocs.io/en/stable/_modules/privacyidea/lib/tokens/passkeytoken.html Initiates the passkey enrollment process by returning registration options and creating a challenge in the database. ```APIDOC ## GET /token/get_init_detail ### Description Returns the registration data for the passkey token and creates a challenge that must be verified in the second step of enrollment. ### Parameters #### Request Body - **webauthn_relying_party_id** (string) - Required - The FIDO2 relying party ID. - **webauthn_relying_party_name** (string) - Required - The FIDO2 relying party name. - **registered_credential_ids** (list) - Optional - A list of credential IDs already registered with the user. - **PUBLIC_KEY_CREDENTIAL_ALGORITHMS** (list) - Optional - List of allowed public key algorithms (default: ECDSA_SHA_256, RSASSA_PKCS1_v1_5_SHA_256). - **USER_VERIFICATION_REQUIREMENT** (string) - Optional - User verification requirement (default: PREFERRED). - **AttestationConveyancePreference** (string) - Optional - Attestation conveyance preference (default: NONE). ### Response #### Success Response (200) - **rollout_state** (string) - The current rollout state of the token. ``` -------------------------------- ### Get Initialization Detail Source: https://privacyidea.readthedocs.io/en/stable/modules/lib/tokentypes/webauthn.html Prepares information required for the client to perform token enrollment. ```python get_init_detail(_params =None_, _user =None_)[source] ``` -------------------------------- ### Clickatell HTTP GET Request Construction Source: https://privacyidea.readthedocs.io/en/stable/configuration/sms_gateway_config.html Example of the constructed HTTP GET request for the Clickatell provider using placeholders. ```http http://api.clickatell.com/http/sendmsg?user=YOU&password=YOU&\ api_id=YOUR API ID&text=....&to=.... ``` -------------------------------- ### Deterministic Installation of privacyIDEA Source: https://privacyidea.readthedocs.io/en/stable/installation/pip.html Install pinned and tested versions of dependencies before installing privacyIDEA to ensure a stable and deterministic setup. This uses a requirements file from a specific version of the privacyIDEA repository. ```bash (privacyidea)$ pip install -r https://raw.githubusercontent.com/privacyidea/privacyidea/v3.11.3/requirements.txt ``` ```bash (privacyidea)$ pip install privacyidea==3.11.3 ``` -------------------------------- ### Enrollment and Initialization Methods Source: https://privacyidea.readthedocs.io/en/stable/modules/lib/tokentypes/hotp.html Methods for enrolling tokens, retrieving default settings, and handling CSV imports. ```python classmethod enroll_via_validate(_g_ , _content_ , _user_obj_ , _message =None_)[source] ``` ```python classmethod get_default_settings(_g_ , _params_)[source] ``` ```python get_enroll_url(_user : User_, _params : dict_) → str[source] ``` ```python static get_import_csv(_l_)[source] ``` ```python get_init_detail(_params =None_, _user =None_)[source] ``` -------------------------------- ### Get Validity Period Start Source: https://privacyidea.readthedocs.io/en/stable/_modules/privacyidea/lib/tokenclass.html Retrieves the start date of the token's validity period. Returns an empty string if not set. ```python ret = int(self.get_tokeninfo("validity_period_start", 0)) return ret ``` -------------------------------- ### get_init_detail Source: https://privacyidea.readthedocs.io/en/stable/modules/lib/tokentypes/webauthn.html Prepares information for token enrollment confirmation. ```APIDOC ## Method: get_init_detail ### Description At the end of the initialization we ask the user to confirm the enrollment with his token. This will prepare all the information the client needs to build the publicKeyCredentialCreationOptions to call navigator.credentials.create() with. It will then be called again, once the token is created and provide confirmation of the successful enrollment to the client. ### Parameters * **params** (_dict_) - A dictionary with parameters from the request. * **user** (_User_) - The user enrolling the token. ### Returns The response detail returned to the client. ### Return Type dict ``` -------------------------------- ### GET /healthz/startupz Source: https://privacyidea.readthedocs.io/en/stable/modules/api/healthcheck.html Startup check to confirm if the app has started. ```APIDOC ## GET /healthz/startupz ### Description Startup check endpoint that indicates if the app has started. This endpoint returns a status of “started” if the app is initialized and running. ### Method GET ### Endpoint /healthz/startupz ### Response #### Success Response (200) - **status** (string) - Application has started. #### Response Example { "status": "started" } ``` -------------------------------- ### POST /token/init (Step 1: Initialize) Source: https://privacyidea.readthedocs.io/en/stable/modules/lib/tokentypes/webauthn.html Initializes the WebAuthn token enrollment process and retrieves the registration request parameters required for the client-side credential creation. ```APIDOC ## POST /token/init ### Description Initializes the WebAuthn token enrollment process. Returns the necessary parameters for the browser's navigator.credentials.create call. ### Method POST ### Endpoint /token/init ### Request Body - **type** (string) - Required - Must be "webauthn" - **user** (string) - Required - The username for the enrollment ### Response #### Success Response (200) - **detail** (object) - Contains the webAuthnRegisterRequest object with nonce, relyingParty, serialNumber, and other configuration parameters. #### Response Example { "detail": { "serial": "", "webAuthnRegisterRequest": { "attestation": "direct", "authenticatorSelection": { "userVerification": "preferred" }, "displayName": "", "message": "Please confirm with your WebAuthn token", "name": "", "nonce": "", "pubKeyCredAlgorithms": [ { "alg": -7, "type": "public-key" } ], "relyingParty": { "id": "", "name": "" }, "serialNumber": "", "timeout": 60000, "transaction_id": "" } } } ``` -------------------------------- ### Get Token Validity Period Start Source: https://privacyidea.readthedocs.io/en/stable/_modules/privacyidea/lib/tokenclass.html Retrieves the start date of a token's validity period. Parses legacy time formats if necessary. ```python start = self.get_tokeninfo("validity_period_start", "") if start: start = parse_legacy_time(start) return start ``` -------------------------------- ### Initiate WebAuthn Token Enrollment (Step 1) Source: https://privacyidea.readthedocs.io/en/stable/modules/lib/tokentypes/webauthn.html Send a POST request to `/token/init` with `type=webauthn` and the username to begin the enrollment process. This step retrieves the `webAuthnRegisterRequest` containing essential data for the client-side WebAuthn API call. ```http POST /token/init HTTP/1.1 Host: Accept: application/json type=webauthn user= ``` ```json HTTP/1.1 200 OK Content-Type: application/json { "detail": { "serial": "", "webAuthnRegisterRequest": { "attestation": "direct", "authenticatorSelection": { "userVerification": "preferred" }, "displayName": "", "message": "Please confirm with your WebAuthn token", "name": "", "nonce": "", "pubKeyCredAlgorithms": [ { "alg": -7, "type": "public-key" }, { "alg": -37, "type": "public-key" } ], "relyingParty": { "id": "", "name": "" }, "serialNumber": "", "timeout": 60000, "transaction_id": "" } }, "result": { "status": true, "value": true }, "version": "" } ``` -------------------------------- ### GET /api/tokens/{tokenId}/validity_period_start Source: https://privacyidea.readthedocs.io/en/stable/_modules/privacyidea/lib/tokenclass.html Retrieves the start of the validity period for a token, if set. ```APIDOC ## GET /api/tokens/{tokenId}/validity_period_start ### Description Retrieves the start of the validity period for a token. If the validity period start is not set, an empty string is returned. ### Method GET ### Endpoint /api/tokens/{tokenId}/validity_period_start ### Parameters #### Path Parameters - **tokenId** (int) - Required - The ID of the token. ### Response #### Success Response (200) - **start_date** (str) - The start date of the validity period in YYYY-MM-DDTHH:MM+OOOO format, or an empty string if not set. #### Response Example ```json { "start_date": "2024-01-01T00:00:00+0000" } ``` ``` -------------------------------- ### tokeninfo Policy Example Source: https://privacyidea.readthedocs.io/en/stable/policies/authorization.html Authorize users based on a regular expression matching the tokeninfo field. The OTP value is consumed even if authorization fails. This example checks if the tokeninfo starts with '2018'. ```plaintext action = last_auth/^2018.*/ ``` -------------------------------- ### Example for the options dictionary Source: https://privacyidea.readthedocs.io/en/stable/modules/lib/containerfunction.html Shows the structure of the options dictionary used when creating a container template. ```json { "tokens": [{"type": "hotp", "genkey": true, "hashlib": "sha256"}, ...] } ``` -------------------------------- ### Setup Database for privacyIDEA Source: https://privacyidea.readthedocs.io/en/stable/installation/centos.html Creates a dedicated database 'pi' and a user 'pi' with all privileges for the privacyIDEA server. Requires root MySQL access. ```bash $ echo 'create database pi;' | mysql -u root -p $ echo 'create user "pi"@"localhost" identified by "";' | mysql -u root -p $ echo 'grant all privileges on pi.* to "pi"@"localhost";' | mysql -u root -p ``` -------------------------------- ### Example: Get serial action values Source: https://privacyidea.readthedocs.io/en/stable/modules/lib/policy.html Demonstrates retrieving policy names associated with the 'serial' action. ```python scope: authorization action: serial ``` -------------------------------- ### Initialize privacyIDEA Server Components Source: https://privacyidea.readthedocs.io/en/stable/installation/centos.html Uses the 'pi-manage' tool to create the encryption key, audit keys, and database structure for the privacyIDEA server. ```bash (privacyidea)$ pi-manage setup create_enckey # encryption key for the database (privacyidea)$ pi-manage setup create_audit_keys # key for verification of audit log entries (privacyidea)$ pi-manage setup create_tables # create the database structure ``` -------------------------------- ### Example: Get tokentype action values Source: https://privacyidea.readthedocs.io/en/stable/modules/lib/policy.html Demonstrates retrieving policy names associated with the 'tokentype' action. ```python scope: authorization action: tokentype ``` -------------------------------- ### Enroll Yubikeys via privacyidea CLI Source: https://privacyidea.readthedocs.io/en/stable/workflows_and_tools/enrollment_tools/yubikey_enrollment_tools.html Initializes Yubikey devices and creates tokens in privacyIDEA using the command line interface. ```bash privacyidea -U https://your.privacyidea.server -a admin token \ yubikey_mass_enroll --yubimode YUBICO ``` -------------------------------- ### Example GET policy check response Source: https://privacyidea.readthedocs.io/en/stable/modules/api/policy.html A successful response from the policy check endpoint, detailing policy matching results. ```JSON { "id": 1, "jsonrpc": "2.0", "result": { "status": true, "value": { "pol_update_del": { "action": "enroll", "active": true, "client": "172.16.0.0/16", "name": "pol_update_del", "realm": "r1", "resolver": "test", "scope": "selfservice", "time": "", "user": "admin" } } }, "version": "privacyIDEA unknown" } ``` -------------------------------- ### Setup Database for Specific Instance Source: https://privacyidea.readthedocs.io/en/stable/installation/system/wsgiscript.html Command to set up the database tables for a specific privacyIDEA instance by setting the PRIVACYIDEA_CONFIGFILE environment variable. ```bash PRIVACYIDEA_CONFIGFILE=/etc/privacyidea3/pi.cfg pi-manage setup create_tables ``` -------------------------------- ### Initialize Registration Token via API Source: https://privacyidea.readthedocs.io/en/stable/_modules/privacyidea/lib/tokens/registrationtoken.html Example request and response for creating a registration token using the token/init API. ```http POST /token/init HTTP/1.1 Host: example.com Accept: application/json type=registration user=cornelius realm=realm1 ``` ```http HTTP/1.1 200 OK Content-Type: application/json { "detail": { "registrationcode": "12345808124095097608" }, "id": 1, "jsonrpc": "2.0", "result": { "status": true, "value": true }, "version": "privacyIDEA unknown" } ``` -------------------------------- ### Configure Encrypt Key Security Module with YubiKey Source: https://privacyidea.readthedocs.io/en/stable/installation/system/securitymodule.html Example configuration for the Encrypt Key Security Module using a YubiKey. Ensure the paths and labels match your HSM setup. ```ini PI_HSM_MODULE = "privacyidea.lib.security.encryptkey.EncryptKeyHardwareSecurityModule" PI_HSM_MODULE_MODULE = "/usr/lib/libykcs11.so" PI_HSM_MODULE_SLOTNAME = "Yubico YubiKey" PI_HSM_MODULE_KEYLABEL = 'Private key for PIV Authentication' PI_HSM_MODULE_PASSWORD = 'yourPin' PI_HSM_MODULE_ENCFILE = "/etc/privacyidea/enckey.enc" ``` -------------------------------- ### Load Resolver Configuration Source: https://privacyidea.readthedocs.io/en/stable/_modules/privacyidea/lib/resolvers/SQLIdResolver.html Initializes resolver settings from a configuration dictionary and sets up the database engine. ```python def loadConfig(self, config): """ Load the config from conf. :param config: The configuration from the Config Table :type config: dict """ self.server = config.get('Server', "") self.driver = config.get('Driver', "") self.database = config.get('Database', "") self.resolverId = self.database self.port = config.get('Port', "") self.limit = config.get('Limit', 100) self.user = config.get('User', "") self.password = config.get('Password', "") self.table = config.get('Table', "") self._editable = config.get("Editable", False) self.password_hash_type = config.get("Password_Hash_Type", "SSHA256") usermap = config.get('Map', {}) self.map = yaml.safe_load(usermap) self.reverse_map = {v: k for k, v in self.map.items()} self.where = config.get('Where', "") self.encoding = str(config.get('Encoding') or "latin1") self.conParams = config.get('conParams', "") self.pool_size = int(config.get('poolSize') or 5) self.pool_timeout = int(config.get('poolTimeout') or 10) # recycle SQL connections after 2 hours by default # (necessary for MySQL servers, which terminate idle connections after some hours) self.pool_recycle = int(config.get('poolRecycle') or 7200) # create the connect-string like params = {'Port': self.port, 'Password': self.password, 'conParams': self.conParams, 'Driver': self.driver, 'User': self.user, 'Server': self.server, 'Database': self.database} self.connect_string = self._create_connect_string(params) # get an engine from the engine registry, using self.getResolverId() as the key, # which involves the connect-string and the pool settings. self.engine = get_engine(self.getResolverId(), self._create_engine) # We use ``scoped_session``. ``` -------------------------------- ### Get Allowed Token Types for Enrollment Source: https://privacyidea.readthedocs.io/en/stable/_modules/privacyidea/lib/policy.html Returns a dictionary of allowed token types for the logged-in user, used for the token enrollment UI. Example format: {"hotp": "HOTP: event based One Time Passwords"} ```python {"hotp": "HOTP: event based One Time Passwords", ``` -------------------------------- ### Install Additional Packages for Pinned Installation Source: https://privacyidea.readthedocs.io/en/stable/installation/centos.html Installs development packages required for building pinned versions of privacyIDEA packages on CentOS. ```bash $ yum install gcc postgresql-devel ``` -------------------------------- ### POST /token/init (Step 2: Finalize) Source: https://privacyidea.readthedocs.io/en/stable/modules/lib/tokentypes/webauthn.html Submits the client-side generated WebAuthn credential data to complete the token enrollment. ```APIDOC ## POST /token/init ### Description Finalizes the WebAuthn token enrollment by sending the credential data generated by the browser back to the server. ### Method POST ### Endpoint /token/init ### Request Body - **type** (string) - Required - Must be "webauthn" - **transaction_id** (string) - Required - The transaction ID received from Step 1 - **description** (string) - Optional - Description for the new token - **clientdata** (string) - Required - The clientDataJSON from the WebAuthn authenticator (web-safe base64 encoded) - **regdata** (string) - Required - The attestationObject from the WebAuthn authenticator (web-safe base64 encoded) - **registrationclientextensions** (string) - Optional - The registrationClientExtensions from the credential ``` -------------------------------- ### Install Pinned Dependencies for privacyIDEA Source: https://privacyidea.readthedocs.io/en/stable/installation/centos.html Installs specific versions of privacyIDEA dependencies from a requirements file, useful for pinned installations. The PI_VERSION environment variable must be set. ```bash (privacyidea)$ export PI_VERSION=3.11.3 (privacyidea)$ pip install -r https://raw.githubusercontent.com/privacyidea/privacyidea/v${PI_VERSION}/requirements.txt ``` -------------------------------- ### Install FreeRADIUS Module Source: https://privacyidea.readthedocs.io/en/stable/installation/ubuntu.html Install the privacyIDEA module for FreeRADIUS integration. ```bash apt-get install privacyidea-radius ``` -------------------------------- ### Get Initialization Details Source: https://privacyidea.readthedocs.io/en/stable/modules/lib/tokentypes/tiqr.html Returns the URL for the TiQR App at the end of the initialization process. ```APIDOC ## privacyidea.lib.tokens.tiqrtoken.TiqrTokenClass.get_init_detail ### Description At the end of the initialization we return the URL for the TiQR App. ### Parameters * **params** (_dict_) – parameters from the token init * **user** (_User object_) – the requesting user ``` -------------------------------- ### Install FreeRADIUS and rlm_rest Source: https://privacyidea.readthedocs.io/en/stable/application_plugins/rlm_rest.html Install the necessary FreeRADIUS packages on Ubuntu or Debian systems. ```bash apt-get install freeradius freeradius-rest ``` -------------------------------- ### Example response for realm creation Source: https://privacyidea.readthedocs.io/en/stable/modules/api/realm.html Indicates a successful realm creation with a status of true and a list of added resolvers. ```http HTTP/1.1 200 OK Content-Type: application/json { "id": 1, "jsonrpc": "2.0", "result": { "status": true, "value": { "added": ["resolver1", "resolver2"], "failed": [] } } "version": "privacyIDEA unknown" } ``` -------------------------------- ### GET /system/documentation Source: https://privacyidea.readthedocs.io/en/stable/modules/api/system.html Returns a restructured text document describing the complete configuration. ```APIDOC ## GET /system/documentation ### Description Returns a restructured text document that describes the complete configuration. ### Method GET ### Endpoint /system/documentation ``` -------------------------------- ### Authentication Request Example Source: https://privacyidea.readthedocs.io/en/stable/tokens/tokentypes/4eyes.html Example of the username and password format required for Four Eyes authentication. ```text username: "root@r2" password: "pin123456 secret789434 key098123" ``` -------------------------------- ### Startup Healthcheck Request and Response Source: https://privacyidea.readthedocs.io/en/stable/modules/api/healthcheck.html Example request and response for the application startup check. ```http GET /healthz/startupz HTTP/1.1 Host: example.com Accept: application/json ``` ```http HTTP/1.1 200 OK Content-Type: application/json { "status": "started" } ``` -------------------------------- ### Get Initialization Details Source: https://privacyidea.readthedocs.io/en/stable/_modules/privacyidea/lib/tokenclass.html Returns the current status dictionary for token rollout initialization details. This method is logged. ```python @log_with(log) def get_init_details(self): """ return the status of the token rollout :return: return the status dict. :rtype: dict """ return self.init_details ``` -------------------------------- ### GET /validate/triggerchallenge Source: https://privacyidea.readthedocs.io/en/stable/modules/api/validate.html Alternative method to trigger challenges for native challenge-response tokens using a GET request. ```APIDOC ## GET /validate/triggerchallenge ### Description Triggers challenges for native challenge-response tokens. Requires admin rights (scope: admin) and a valid PI-Authorization header. ### Method GET ### Endpoint /validate/triggerchallenge ### Parameters #### Query Parameters - **user** (string) - Optional - The loginname/username of the user. ``` -------------------------------- ### Handle API GET Requests Source: https://privacyidea.readthedocs.io/en/stable/_modules/privacyidea/lib/tokens/pushtoken.html Processes GET requests, primarily used for polling the status of authentication challenges. ```python @classmethod def _api_endpoint_get(cls, g: Any, request_data: dict) -> list: """ Handle all GET requests to the api endpoint. Currently, this is only used for polling. :param g: The Flask context :param request_data: Dictionary containing the parameters of the request :type request_data: dict :returns: Result of the polling operation, 'True' if an unanswered and matching challenge exists, 'False' otherwise. :rtype: bool """ # By default, we allow polling if the policy is not set. allow_polling = get_action_values_from_options( SCOPE.AUTH, PushAction.ALLOW_POLLING, options={'g': g}) or PushAllowPolling.ALLOW if allow_polling == PushAllowPolling.DENY: ``` -------------------------------- ### Example Header Template Source: https://privacyidea.readthedocs.io/en/stable/tokens/tokentypes/paper.html A sample implementation for the top section of the paper token printout. ```html

{{ enrolledToken.serial }}

Please use the OTP values of your paper token in order one after the other. You may scratch of or otherwise mark used values.

``` -------------------------------- ### Install privacyIDEA Server Source: https://privacyidea.readthedocs.io/en/stable/installation/centos.html Installs the specified version of the privacyIDEA server within the active virtual environment using pip. ```bash (privacyidea)$ pip install privacyidea==${PI_VERSION} ``` -------------------------------- ### GET /api Source: https://privacyidea.readthedocs.io/en/stable/_modules/privacyidea/lib/tokens/pushtoken.html Handles GET requests to the API endpoint, primarily used for polling to check the status of authentication challenges. ```APIDOC ## GET /api ### Description Handles all GET requests to the api endpoint. Currently, this is primarily used for polling to check the status of authentication challenges. It determines if an unanswered and matching challenge exists. ### Method GET ### Endpoint /api ### Parameters #### Query Parameters - **transaction_id** (string) - Required - The ID of the transaction to poll. ### Request Example ``` GET /api?transaction_id=123e4567-e89b-12d3-a456-426614174000 ``` ### Response #### Success Response (200) - **bool** (boolean) - 'True' if an unanswered and matching challenge exists, 'False' otherwise. #### Response Example ```json true ``` ``` -------------------------------- ### Get Initialization Detail for Certificate Tokens Source: https://privacyidea.readthedocs.io/en/stable/_modules/privacyidea/lib/tokens/certificatetoken.html Retrieves initialization details for certificate tokens, including the certificate and PKCS12 file if the private key exists. It also returns the rollout state and removes the unused 'otpkey' from the response. ```python @log_with(log) def get_init_detail(self, params=None, user=None): """ At the end of the initialization we return the certificate and the PKCS12 file, if the private key exists. """ response_detail = TokenClass.get_init_detail(self, params, user) certificate = self.get_tokeninfo("certificate") response_detail["certificate"] = certificate response_detail["rollout_state"] = self.token.rollout_state # Remove the "otpkey" from the response, it is unused for certificate tokens if "otpkey" in response_detail: del response_detail["otpkey"] return response_detail ``` -------------------------------- ### Example Policy Creation Response Source: https://privacyidea.readthedocs.io/en/stable/modules/api/policy.html This is an example of a successful response when creating or modifying a policy. It includes the status and the ID of the set policy. ```json { "id": 1, "jsonrpc": "2.0", "result": { "status": true, "value": { "setPolicy pol1": 1 } }, "version": "privacyIDEA unknown" } ``` -------------------------------- ### get_init_detail Source: https://privacyidea.readthedocs.io/en/stable/modules/lib/tokentypes/push.html Retrieves initialization details during the enrollment process, including the QR code in the first step. ```APIDOC ## GET /get_init_detail ### Description This returns the init details during enrollment. In the 1st step the QR Code is returned. ### Method GET ### Endpoint /get_init_detail ### Parameters #### Query Parameters - **params** (dict) - Optional - Additional parameters - **user** (User) - Optional - The user object ### Response #### Success Response (200) - **dict** - Initialization details, potentially including a QR code #### Response Example ```json { "qr_code": "otpauth://totp/Example:user@example.com?secret=JBSWY3DPEHPK3PXP&issuer=Example" } ``` ``` -------------------------------- ### Set up Python Virtual Environment Source: https://privacyidea.readthedocs.io/en/stable/installation/pip.html Create and activate a Python virtual environment for privacyIDEA. Ensure you are using a compatible Python version (3.9-3.12). ```bash $ virtualenv /opt/privacyidea $ cd /opt/privacyidea $ source bin/activate (privacyidea)$ ``` ```bash virtualenv -p /usr/bin/python3 /opt/privacyidea ``` -------------------------------- ### LDAP DN Template Examples Source: https://privacyidea.readthedocs.io/en/stable/configuration/useridresolvers.html Examples of how to format the Distinguished Name (DN) for new LDAP objects using available variables. ```text CN= , ``` ```text CN=,OU=external users, ``` ```text uid=,ou=users,o=example,c=com ``` -------------------------------- ### Get Initialization Details Source: https://privacyidea.readthedocs.io/en/stable/_modules/privacyidea/lib/tokens/passwordtoken.html Retrieves initialization details including the registration code and password. ```python @log_with(log) def get_init_detail(self, params=None, user=None): """ At the end of the initialization we return the registration code. """ response_detail = TokenClass.get_init_detail(self, params, user) secretHOtp = self.token.get_otpkey() password = secretHOtp.getKey() response_detail[self.password_detail_key] = to_unicode(password) return response_detail ``` -------------------------------- ### get_init_detail Method Source: https://privacyidea.readthedocs.io/en/stable/modules/lib/tokentypes/motp.html Completes token normalization by building the initialization response using token-specific methods. ```APIDOC ## get_init_detail Method ### Description To complete the token normalisation, the response of the initialization should be built by the token specific method, the getInitDetails. ### Method get_init_detail ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body * **params** (dict) - Optional - parameters for initialization * **user** (object) - Optional - the user object ### Request Example ```json { "params": { "key": "value" }, "user": "" } ``` ### Response #### Success Response (200) None #### Response Example None ``` -------------------------------- ### GET /serviceid/(_name_) and GET /serviceid/ Source: https://privacyidea.readthedocs.io/en/stable/modules/api/serviceid.html Retrieves information for a specific service ID or a list of all defined services if no name is provided. ```APIDOC ## GET /serviceid/(_name_) ### Description This call returns the information for the given service ID. ### Method GET ### Endpoint /serviceid/(_name_) ## GET /serviceid/ ### Description This call returns a list of all defined services. ### Method GET ### Endpoint /serviceid/ ### Response #### Success Response (200) - **id** (integer) - The request ID. - **jsonrpc** (string) - The JSON-RPC protocol version. - **result** (object) - The result of the operation. - **status** (boolean) - Indicates if the operation was successful. - **value** (object) - A dictionary containing service definitions. Keys are service names, and values are objects with a 'description' field. - **version** (string) - The privacyIDEA version. #### Response Example ```json { "id": 1, "jsonrpc": "2.0", "result": { "status": true, "value": { "service1": {"description": "1st service"}, "service2": {"description": "2nd service"} } } }, "version": "privacyIDEA unknown" } ``` ``` -------------------------------- ### Get SCIM Resolver Class Type (Static) Source: https://privacyidea.readthedocs.io/en/stable/_modules/privacyidea/lib/resolvers/SCIMIdResolver.html Provides the static method to get the SCIM resolver's class type. ```python return IdResolver.getResolverClassType() ```