lazyfai
September 29, 2020, 3:45am
1
I have setup privacyIDEA and AD FS provider ( https://github.com/sbidy/privacyIDEA-ADFSProvider ) to enable MFA for AD FS. It worked fine, but we want to have the client IP in audit log, even we have setup client IP override ( https://privacyidea.readthedocs.io/en/latest/configuration/system_config.html#override-authorization-client ), the client IP was always the AD FS server itself but not the client IP, is there a way to get the client IP instead?
Hello @lazyfai
welcome to the privacyIDEA community and have fun authenticating with the world’s most flexible open source mfa system
With the ADFS plugin passing the client information to privacyIDEA is not possible. The client info is passed in a parameter client
via the REST API. The ADFS plugin does not fill this parameter.
This would have to happen here:
private bool validateOTP(string OTPuser, string OTPpin, string realm, string transaction_id)
{
string responseString = "";
try
{
// check if otp contains only numbers
// Bug #10 - beaks the OTP+PIN combination - removed
//if (!IsDigitsOnly(OTPpin)) return false;
NameValueCollection request_header = new NameValueCollection(){
{"pass", OTPpin},
{"user", OTPuser},
{"realm", realm}
};
// add transaction id if challenge request
if (!string.IsNullOrEmpty(transaction_id)) request_header.Add("transaction_id", transaction_id);
// send reqeust
using (WebClient client = new WebClient())
{
byte[] response =
client.UploadValues(URL + "/validate/check", request_header);
and here
{
string responseString = "";
try
{
using (WebClient client = new WebClient())
{
client.Headers.Set("PI-Authorization", token);
byte[] response =
client.UploadValues(URL + "/validate/triggerchallenge", new NameValueCollection()
{
{ "user", OTPuser},
{ "realm", realm},
});
responseString = Encoding.UTF8.GetString(response);
// get transaction id from response
string transaction_id = getJsonNode(responseString, "transaction_ids");
// get the message from the challenge
string messages = getJsonNode(responseString, "messages");
if (!string.IsNullOrEmpty(messages))
{
this.ChallengeMessage = messages;
You could open an issue at github and ask sbidy to add this.
Regards
Cornelius