E-mail token with notification & templates

6.1.3. E-mail token with notification & templates#

LinOTP 3.2 supports a notification of the user for the automatic registration of his e-mail token. The option is also available for enrollment in /manage. Two policies are required in LinOTP for activation:

Policy:

Notification of the user for autoenrollment and enrollment of email tokens

name:   '<notify_autoenrollement>'
scope:  'notification'
action: 'autoenrollment=email::enrollmentProvider', 'enrollment=email::enrollmentProvider'

Policie for email autoenrollment

name:   '<email_autoenrollment>'
scope:  'enrollment'.
action: 'autoenrollment=email

The mail provider ‘enrollmentProvider’ is defined as LinOTP providers for email.

In addition to the known parameters of the config, the provider contains the parameter

Additional parmeter in the email provider configuration Configure E-mail Provider details

"TEMPLATE" : "file://enrollemail.eml"

The value for file:// results from the relative path to the mail templates

/etc/linotp/custom-templates/mailtemplates

Example for a mail template ‘enrollemail.eml’

Content-Type: multipart/alternative;
boundary="===============3294676191386143061=="
MIME-Version: 1.0
Subject: ${Subject}
From: ${From}
To: ${To}

This is a multi-part alternative message in MIME format.
--===============3294676191386143061==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

For Token ${serial} your requested OTP is ${otp}.
--===============3294676191386143061==
Content-Type: multipart/related;
 boundary="===============3984710301122897564=="
MIME-Version: 1.0

--===============3984710301122897564==
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

<html>

<body>
   <div align='center' height='100%'>
       <table width='40%' cellpadding='20px' bgcolor="#f1f2f5">
           <thead>
               <tr>
                   <th align='center'><img src="cid:image1"></th>
               </tr>
               <tr>
                   <th align='center'>For Token ${serial} your requested OTP is</th>
               </tr>
           </thead>
           <tbody>
               <tr>
                   <td align='center'><big><big>${otp}</big></big></td>
               </tr>
               <tr>
                   <td align='right'><i>Happy authenticating</i></td>
               </tr>
           </tbody>
       </table>
   </div>
</body>

</html>

--===============3984710301122897564==
Content-Type: image/png
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-ID: <image1>

iVBORw0KGgoAAAANSUhEUgAAAFkAAAAeCAYAAABHVrJ7AAAABmJLR0QA/wD/AP+gvaeTAAAACXBI
WXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH3gUTCiUadqoMtQAACJxJREFUaN7tmm2MXFUZx3/PnZfd
nbnT9xeFGgvL7s42oH5QwUBISTCIGIRSTFTSLwajfqiNsezMlEIr9s4MapMVDEShaYwNCrQGg2lI
VonGoBQ1KZLd2b63lLa0LLCd2dmXmTmPH+bO9u50ZnfaTmk0+09OMveee+4953//53m7IwBO0gEg
EU/gJB0/MB+4F7gTWAAUAGUWF4MucZIOiXgCl+yrgVXAbcALwK5EPDE+y9PFw0k6T/k9B58GvgXs
ScQTqzznJ1U+i4tCYFLBTtJ5wkk6N1WT2ygG0pGav2eV7Dzjd23wfa6C/1HpbFS5B5wQEz4f3T1Z
MunIPMCK9mTf709HaCkWad8welkmfyAZ5rr4yP8E0X7Xsd2WiCfurZzsT0eQssxbXYcnlupoVyxX
rL7BdYl8Wb0p+0EDTwLBTMrujfZk1zVzopmUTTSWA2AwZfsL0JJJR1pEdSlgGZF3gTFLdaIrlpvw
julPRwJybi2NQES1IDBmwI9Im4IIIFq+hYqAakmguCSfH1/wIzNljl5YwGrguSoTIQpfBd4GBoDD
wMq6BKQjK1RkPRAEMCLfzaQj9zSb4MOPtUgmHbnewKPAGwpDJZH+kshbwBlgwEDvQMr+wv5k2O9Z
8H3AMXctjbRDCo4rwjuBd4ATwGmFMwrvucdvKPzydDh892DKnh+N5WqaSgu4A/h9DRMRVpirsExh
IRCqy4JqYNLAuy8J1bZmkRyN5Ti4pc0aCwTWKvSpyMMq0u2VpZbbMhX5jor0FUU2DCTDlTnZCvPc
tTTSFiGykLJ6QwoRl48WFQmqSEAhrCLdKrLGwEtGZHsmHVne3ZNlMGWfR/L8RDxRqOHodIbjSbT4
fP8R1afL7IKoPudT3dksFQMUfL6NKrJVYemUfQ1nRLVQNSykIptE5AflbamWpYq3SbV98PaVm19q
rFtUM6K6V1RPVZFzt4Ftuc0Bq6vKZFhuonHR6H98DtesHzai+jNgMbDUgm93xEcm+tMR+utEGgec
0Iz33pcME43lyKTsLxqRTe58K4vtDRhztcI1KjLfZ8xKgYx3vBFJDSbD1wHb3ASr0mxRfcnzog4L
fKLSL+X2YGcsdx43KvINgZsFOn2q9wuc9nR/9u2WltUVv+Z1fHopcfCKh85y9MetkresNgEDGCPS
pmsYl55sJaQLAW3us4p+Y7IFkWAmZX8MuAWICGQU/r1sdPSsvbkEQKcbPajIjinKMOaBaHxkB8BB
J0QJ6Ezk/wJ0D6QjexQ+5yH6se5Y7uvDm/wfzt1U9O4QL4FGRYa7e7LZBpacj8ZylbDmxYGUfQMi
GwAfYCOyEnh+RU92ipIvGa3FYhDYCQy57ThLp9jojZSdxRDw5xLcCvzaiBwxIr8xIk+VRF5V2Hs8
FLoRIJMMVyKJB7S8QyoKfhaR5yv97Yk8nYk8B7e0VfrXVMUJX9MHES/BTQkh3Z0o8AaQ9QQMy/vT
EV91CHfJEBGAEY/xGq4yeqN6jiSfivxKRTrOc58iyxV+e+gRq+Pa+EjRVeIDnmuKwK5ojW3cvmGU
wWQYVX1HYLeK3OnaSuvANaGbIP/3ZpJclMkFzqni8cyKnmyp2iZfMrShU5M27XoV6XAd5JOiuhk4
6vpMgGWFUOh2z42u99jOg1IOxWpXYuIjBFTHBfZOeaZldTaRXwWIxkf4YB2WlgtplXBi1FJ9rZZN
/sgTIAEs1ZsV9kRjueJAOvK+wlbXrqmB5QDHtrQtyrmxt4uzFkyb5rVNTBQLra1D3nMlkUXNmrxP
1T66OdAyHgzeeFIkjsiXPN1DAWN21Mr4PnqoJhVet1RLrgk5riJZYB4gKhIEKKkGPQoHVcWYabO2
yERRz7YyUXW61KyZl0T+lW9trbVVx32q69oT+dxgyqbL4/g+cpKl3P4QjeVmXLgF41NMj0hILat1
ujFDodZKqcAb255q4vRrEXzIUt3YFcvtzKRs6Yrl9MoqWfWMxxtPi08+PDY0kA4UPTO+SsuZWN24
esyyWrx2nLJp2tPEFbwFTADjAseBf/pUX+iM5Q5nUrZEqwi+MiSLlFC9kK8sg8DHXQUtQPUzHyZ4
bcgOabtbnKo4ms6eLJmUvVBFvuJR8YnO+MihJq5grZRrOUW/McMd8ZGsJ/3XOjvyikAuQPm7ql7S
D0/NjSxsT+QnY9UDTohK8K/wC6DFM6K30QyzQZzo7ske6e7JHq8QvN+N2acrdTaK4EDK9stUb49V
Ko1LoXDZvv8tHB9/+r3W1rSbMaKwHNU/7kuGVxdEzuxL2aYAsi8ZDhmRbUbkLs+bPOFT7fWWZC8H
Oqava1sNK9ktL/Yp7PY2RG5dvLs4cTkmvz8ZZsmjhYKorq1KWj5fsqxjwIsGfg7sKFrWSSPiLa+O
iOoay7LG9zdPxQ3DU3CzG1ayitxQx8YulddhYNXlUcibP5lL9/rhZwZS9rUqEp/i4UXu0tq26F1U
v78kk/vTgu1caVw1nZKDDaY/lRfllcscM/Uab9g1R8/3BX43Pa38nnx2eKK8SfzGPCKq94vqm9OG
h6rbRfWOJfn87xZsP1cDqYEp863nJ3RqnRw3YZoR7t8rPgUM1lSyEdGAMS9bql+eMZBX3QvgM+Yh
YKuAKoxZj58rofqNeUbgr64Ax1A9VBVivepTvd0t/KuWI4rJmgRARyJf3JeydxbhZb9ql4G7VOQW
haBbU34ZkVcUzkarPj/VydxiPtUn3OflgJpG26/axzke/ApHGjEVblXzceB7OEmn71L3Q/9P5513
blfvYg5vaaOePax4+3qeud64mTz54Az9FxJp1LuuXo3c++HDSTqrnKTTWznoYxbNdHQ4SecmJ+m8
6CSdwJWMk//vyPX8C+ubwBpgfeWznp9yjXYWFwnXwQWBe4D7gb8BjyXiiZOVfnGSzknK9VffLGUX
DMt11kPAK5S/Dn2QiCeKXgf4X0iH4OfyrFVlAAAAAElFTkSuQmCC
--===============3984710301122897564==--

--===============3294676191386143061==--

Result, the mail was created with the template.

../../_images/otp2user_eml.png

Syntax in the template to use token and user characteristics.

LinOTP scope

Template Variable ${var}

Example

autoenroll, enroll, setPin, authentication

username

jdoe

autoenroll, enroll, setPin, authentication

surname

Doe

autoenroll, enroll, setPin, authentication

givenname

John

autoenroll, enroll, setPin, authentication

mobile

+49(0)1234-22

autoenroll, enroll, setPin, authentication

description

John Doe,Room 22,+49(0)1234-22,+49(0)5678-22,John.Doe@example.com

autoenroll, enroll, setPin, authentication

userid

42

autoenroll, enroll, setPin, authentication

email

John.Doe@example.com

autoenroll, enroll, setPin, authentication

phone

+49(0)5678-22

autoenroll, enroll, setPin, authentication

serial

LSEM00015E83

autoenroll, enroll, setPin

Pin

test123!

autoenroll, enroll

tokentype

email

authentication

otp

819033

autoenroll, enroll, setPin, authentication

message

“A new ${tokentype} token (${serial}) with pin ‘${Pin}’ for ${givenname} ${surname} has been enrolled.”

autoenroll, enroll, setPin, authentication

Subject

New email token enrolled