4.4.2.7. Remote¶
The token type remote forwards the authentication request to another privacyIDEA Server.
When forwarding the authentication request, you can
- change the username
- change the resolver
- change the realm
- change the serial number
and mangle the password.
Check the PIN locally
If checked, the PIN of the token will be checked on the local server. If the PIN matches only the remaining part of the issued password will be sent to the remote privacyIDEA server.
Remote Server
The privacyIDEA server, to which the authentication request will be forwarded.
The path /validate/check
will be added automatically. So a sensible input
would be https://my.other.server/
.
Remote Serial
If the Remote Serial is specified the given password will be checked against the serial number on the remote privacyIDEA server. Usernames will be ignored.
Remote User
When forwarding the request to the remote server, the authentication request will be issued for this user.
Remote Realm
When forwarding the request to the remote server, the authentication request will be issued for this realm.
Remote Resolver
When forwarding the request to the remote server, the authentication request will be issued for this resolver.
Note
You can use Remote Serial to forward the request to a central privacyIDEA server, that only knows tokens but has no knowledge of users. Or you can use Remote Serial to forward the request to an existing to on localhost thus adding a second user to the same token.