Api for adding a new user+otp

Is it possible to add a new user with a custom python script? (I need to
dynamically add users to privacyidea upon a registration…

Hallo Paolo,

I guess you are talking of users and not administrators?

privacyidea does not manage the users.
It reads users from sql databases, flat files, scim services or ldap
services.
So if you are doing user registration, the user registration application
should create a new user in your sql database.

You should set up a userresolver and realm, that points to this user table
in your sql database. If the user registered succesfully you will then see
the new user in privacyidea.

Kind regards
CorneliusAm Donnerstag, 23. Oktober 2014 17:46:15 UTC+2 schrieb Paolo:

Is it possible to add a new user with a custom python script? (I need to
dynamically add users to privacyidea upon a registration…

PS: If you registration script created the new user in the database is
visible in privacyidea, you can very well create a new token for this new
user.
You may use the API to do this. The web API of interest is /admin/init.
Take a look at http://api.privacyidea.org.
You are interested in the admin-controller:
http://api.privacyidea.org/privacyidea.controllers.admin.AdminController-class.html

You may also take a look at the command line client, you will get an idea,
how to do such a request in a python command line script.

corneliu...@netknights.it:Am Donnerstag, 23. Oktober 2014 23:18:48 UTC+2 schrieb

Hallo Paolo,

I guess you are talking of users and not administrators?

privacyidea does not manage the users.
It reads users from sql databases, flat files, scim services or ldap
services.
So if you are doing user registration, the user registration application
should create a new user in your sql database.

You should set up a userresolver and realm, that points to this user table
in your sql database. If the user registered succesfully you will then see
the new user in privacyidea.

Kind regards
Cornelius

Am Donnerstag, 23. Oktober 2014 17:46:15 UTC+2 schrieb Paolo:

Is it possible to add a new user with a custom python script? (I need to
dynamically add users to privacyidea upon a registration…

Hello, thanks a lot for your time, your very kind :slight_smile:
However I still have another problem because, when I try your request, I
always receive a* <Response [576]> *and no token is being added!On Thursday, October 30, 2014 12:33:24 PM UTC+1, corneliu...@netknights.it wrote:

Hallo Paolo,

yes, you can.

You can add a single token by issuing a comand like

/admin/init?serial=12345678&type=TOTP&otpkey=a3c687f5ff…

You provide the tokentype (default is hmac), the serial number and the
otpkey, which is in hex form.

You can also upload a file via the API, which is a bit more complicated…
(
http://api.privacyidea.org/privacyidea.controllers.admin.AdminController-class.html#loadtokens
)
The type would be “aladdin-xml” or “oathcsv”.

Kind regards
COrnelius

On Thursday, October 30, 2014 8:57:16 AM UTC+1, Paolo wrote:

Can I add a token using a JSON get/post request?

On Thursday, October 23, 2014 11:24:04 PM UTC+2, corneliu...@netknights.it wrote:

PS: If you registration script created the new user in the database is
visible in privacyidea, you can very well create a new token for this new
user.
You may use the API to do this. The web API of interest is /admin/init.
Take a look at http://api.privacyidea.org.
You are interested in the admin-controller:
http://api.privacyidea.org/privacyidea.controllers.admin.AdminController-class.html

You may also take a look at the command line client, you will get an
idea, how to do such a request in a python command line script.

https://github.com/privacyidea/privacyideaadm/blob/master/scripts/privacyidea#L386

Am Donnerstag, 23. Oktober 2014 23:18:48 UTC+2 schrieb
corneliu...@netknights.it:

Hallo Paolo,

I guess you are talking of users and not administrators?

privacyidea does not manage the users.
It reads users from sql databases, flat files, scim services or ldap
services.
So if you are doing user registration, the user registration
application should create a new user in your sql database.

You should set up a userresolver and realm, that points to this user
table in your sql database. If the user registered succesfully you will
then see the new user in privacyidea.

Kind regards
Cornelius

Am Donnerstag, 23. Oktober 2014 17:46:15 UTC+2 schrieb Paolo:

Is it possible to add a new user with a custom python script? (I need
to dynamically add users to privacyidea upon a registration…

You need to provide the username and password of an administrator.
Honestly it is a bit tricky:

  1. Call
    https://privacyidea/account/dologin?
    login=admin&realm=admin&password=yourpassword
    You may call it as a post request…
    The important part is, you get a cookie called “privacyidea_session”.

  2. Now you need to pass this cookie as cookie and also the contents of the
    cookie
    in the html paramter “session”.

You are welcome to ask again - since in fact it is a bit tricky :wink:

Kind regards
CorneliusOn Thursday, October 30, 2014 2:53:09 PM UTC+1, Paolo wrote:

Hello, thanks a lot for your time, your very kind :slight_smile:
However I still have another problem because, when I try your request, I
always receive a* <Response [576]> *and no token is being added!

On Thursday, October 30, 2014 12:33:24 PM UTC+1, corneliu...@netknights.it wrote:

Hallo Paolo,

yes, you can.

You can add a single token by issuing a comand like

/admin/init?serial=12345678&type=TOTP&otpkey=a3c687f5ff…

You provide the tokentype (default is hmac), the serial number and the
otpkey, which is in hex form.

You can also upload a file via the API, which is a bit more
complicated… (
http://api.privacyidea.org/privacyidea.controllers.admin.AdminController-class.html#loadtokens
)
The type would be “aladdin-xml” or “oathcsv”.

Kind regards
COrnelius

On Thursday, October 30, 2014 8:57:16 AM UTC+1, Paolo wrote:

Can I add a token using a JSON get/post request?

On Thursday, October 23, 2014 11:24:04 PM UTC+2, corneliu...@netknights.it wrote:

PS: If you registration script created the new user in the database is
visible in privacyidea, you can very well create a new token for this new
user.
You may use the API to do this. The web API of interest is /admin/init.
Take a look at http://api.privacyidea.org.
You are interested in the admin-controller:
http://api.privacyidea.org/privacyidea.controllers.admin.AdminController-class.html

You may also take a look at the command line client, you will get an
idea, how to do such a request in a python command line script.

https://github.com/privacyidea/privacyideaadm/blob/master/scripts/privacyidea#L386

Am Donnerstag, 23. Oktober 2014 23:18:48 UTC+2 schrieb
corneliu...@netknights.it:

Hallo Paolo,

I guess you are talking of users and not administrators?

privacyidea does not manage the users.
It reads users from sql databases, flat files, scim services or ldap
services.
So if you are doing user registration, the user registration
application should create a new user in your sql database.

You should set up a userresolver and realm, that points to this user
table in your sql database. If the user registered succesfully you will
then see the new user in privacyidea.

Kind regards
Cornelius

Am Donnerstag, 23. Oktober 2014 17:46:15 UTC+2 schrieb Paolo:

Is it possible to add a new user with a custom python script? (I need
to dynamically add users to privacyidea upon a registration…

Hallo Paolo,

yes, you can.

You can add a single token by issuing a comand like

/admin/init?serial=12345678&type=TOTP&otpkey=a3c687f5ff…

You provide the tokentype (default is hmac), the serial number and the
otpkey, which is in hex form.

You can also upload a file via the API, which is a bit more complicated…
(http://api.privacyidea.org/privacyidea.controllers.admin.AdminController-class.html#loadtokens)
The type would be “aladdin-xml” or “oathcsv”.

Kind regards
COrneliusOn Thursday, October 30, 2014 8:57:16 AM UTC+1, Paolo wrote:

Can I add a token using a JSON get/post request?

On Thursday, October 23, 2014 11:24:04 PM UTC+2, corneliu...@netknights.it wrote:

PS: If you registration script created the new user in the database is
visible in privacyidea, you can very well create a new token for this new
user.
You may use the API to do this. The web API of interest is /admin/init.
Take a look at http://api.privacyidea.org.
You are interested in the admin-controller:
http://api.privacyidea.org/privacyidea.controllers.admin.AdminController-class.html

You may also take a look at the command line client, you will get an
idea, how to do such a request in a python command line script.

https://github.com/privacyidea/privacyideaadm/blob/master/scripts/privacyidea#L386

Am Donnerstag, 23. Oktober 2014 23:18:48 UTC+2 schrieb
corneliu...@netknights.it:

Hallo Paolo,

I guess you are talking of users and not administrators?

privacyidea does not manage the users.
It reads users from sql databases, flat files, scim services or ldap
services.
So if you are doing user registration, the user registration application
should create a new user in your sql database.

You should set up a userresolver and realm, that points to this user
table in your sql database. If the user registered succesfully you will
then see the new user in privacyidea.

Kind regards
Cornelius

Am Donnerstag, 23. Oktober 2014 17:46:15 UTC+2 schrieb Paolo:

Is it possible to add a new user with a custom python script? (I need
to dynamically add users to privacyidea upon a registration…

Can I add a token using a JSON get/post request?On Thursday, October 23, 2014 11:24:04 PM UTC+2, corneliu...@netknights.it wrote:

PS: If you registration script created the new user in the database is
visible in privacyidea, you can very well create a new token for this new
user.
You may use the API to do this. The web API of interest is /admin/init.
Take a look at http://api.privacyidea.org.
You are interested in the admin-controller:
http://api.privacyidea.org/privacyidea.controllers.admin.AdminController-class.html

You may also take a look at the command line client, you will get an idea,
how to do such a request in a python command line script.

https://github.com/privacyidea/privacyideaadm/blob/master/scripts/privacyidea#L386

Am Donnerstag, 23. Oktober 2014 23:18:48 UTC+2 schrieb
corneliu...@netknights.it:

Hallo Paolo,

I guess you are talking of users and not administrators?

privacyidea does not manage the users.
It reads users from sql databases, flat files, scim services or ldap
services.
So if you are doing user registration, the user registration application
should create a new user in your sql database.

You should set up a userresolver and realm, that points to this user
table in your sql database. If the user registered succesfully you will
then see the new user in privacyidea.

Kind regards
Cornelius

Am Donnerstag, 23. Oktober 2014 17:46:15 UTC+2 schrieb Paolo:

Is it possible to add a new user with a custom python script? (I need to
dynamically add users to privacyidea upon a registration…

Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9wZ3Atc2lnbmF0dXJlOyBuYW1lPSJzaWduYXR1cmUu
YXNjIg0KQ29udGVudC1EZXNjcmlwdGlvbjogT3BlblBHUCBkaWdpdGFsIHNpZ25hdHVyZQ0KQ29u
dGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9InNpZ25hdHVyZS5hc2MiDQoN
Ci0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tDQpWZXJzaW9uOiBHbnVQRyB2MQ0KDQppUUlj
QkFFQkFnQUdCUUpVVThmY0FBb0pFQkJoWkZVdWpZRkpPSzBRQUp1RDgzcWxDSDZVNHk4QnZFaVYz
N3o1DQpMek1tSW1WQmFSTURRZ2h0UUwzdnF1V3FvRjh5TXc0eldGZ0g5bmJBMEpBQ01hdGErN0ps
QXpOZGlEZmJ3eDFiDQpXWWpFeTBqMmkvcm5tQzlsemJjaTM3eGFoTUprOGFGN1UxQ1dzN1RQdEp5
NlNXdGhodXF4S090MTgyWGJIN0pGDQpFdXA2RDRscVZOeDFGdzdMM1NGYW9RN2p0UldNaWlNY01P
TEsrUnFJdUVyMGJTVHJ0NE1RbW9mU1RHaE9GS2cxDQpOMEduNFd5NkZKVjhZV1FvV2NJOFZLUkdU
Wjg4SXhFTmlhSC9FRkpiNk1NT3pIUEhYdzFadFhHejJNNE1OYWlTDQovY2xZNjlKb3VQR2pxRU93
SHhpRkZXY1ZQMlFHRjZMZTlEUzh2aVMrL3ZjWWZXYjVYSWxJWmpDZGs1TWtjNGZGDQpKRTJsQ1Jw
SW1iL3lraUFXM3NvUU9TRkVsTnN4WFRTNURTREMvcmpKZnUzamRpUG04cTNxR0k5RkRoQ3I3RWJy
DQpIZVo0bmRnK1VncWQvSFNna3p0ckp0RVFBN0ViWFZraVZTd2x3cTR1b0NjbCtMeHVPK2NHZDVK
K0NFWlZKKzZMDQpyRUg4Y05ndWZLYlRkcUZobFJwWm52aDFsRHhCa3U2NFMyeTN4Mk1zZFo2Uktt
eW5jY294bWpHNUU4bk9taE9zDQptcGJBK0J1aEtuZnJTNXZlWmtoV2kyZFVFeHNVbjBGbjJGZFpH
T1NRM1FaTVRGSnhkdmJXejFIMlhlUndxYklqDQp6ZDFVaTcwejlib0tVRnJKUTFGK0JyMUR4emJ4
YzNTdGFZUUtDeWxUbFhPTmg2dlpXN29maUxOOW16RmJRWXB4DQpHK29Na3ZBbWhWMm14VWh2TXlX
VQ0KPTIvaHoNCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K

Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9wZ3Atc2lnbmF0dXJlOyBuYW1lPSJzaWduYXR1cmUu
YXNjIg0KQ29udGVudC1EZXNjcmlwdGlvbjogT3BlblBHUCBkaWdpdGFsIHNpZ25hdHVyZQ0KQ29u
dGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9InNpZ25hdHVyZS5hc2MiDQoN
Ci0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tDQpWZXJzaW9uOiBHbnVQRyB2MQ0KDQppUUlj
QkFFQkFnQUdCUUpVVXlOZ0FBb0pFQkJoWkZVdWpZRko4aVVRQUppeUVSQ1M3L1laNVF0WkVkWTJj
Um5wDQpReExqSFNvMHFCUitkTnVYdkcrQkJ3TzRKK3dpZ0UwRWUwRi9CNWNXOTh5SnZhV1ROUTRy
VEQzRmZYQlhOT29pDQpiNXRNWGJBdWtZb1RvbVZWVnBGM1lBWCtvYnI0ekxlajVSemM4MjV0czd5
SFpUS0tZUU92eDhWU0FaTW54NTQ4DQpFSlVMQitpRExuWkFtMDM5WGVFLzZ3bHMwdUJoQ3ArYy9q
VGR4aXhMcTBqTXhEYUZiMzJRQkRqT0I4S3NYNDF5DQpFbzkyU01TWjh3MGd0SFc4QytjK1BCOEtz
OThkQVl4Mi9KRUtIeGRFL0JHZ1VUM2pjVGNONVhmTXZMdWJEMmZIDQpERG1TUFpzU1kxdWZDd0hl
MU1QQVFaUnFLR1dKcThqZ3BVWVJwWGFsQzBMUEU0My8yMVVQYzhHSkJETk12MlhwDQoxRzZPcStn
QklpUGRwQmg5L0xxVXkySFRzZytrMTQveGI2cUN1N1VicTJ5UzAwVm51ZVAyeFNjTTBrMmNTOHox
DQpWUS9vbW0reFVIell1ZkxDWlIxaVYveCsrczV6V0pkRUV1MkdqOURuNmIyVGpxLzgvNUVnSk1L
MmZIbGgzQzZjDQo2cUVOaGdpVHNsWUdBc09OcFpYSDdhVG1BR1A2LzFMU0hUM2ttQkk3ME5FWlov
TlArM2dtdWxuak0xZHYwbkxZDQpST0ZwTk1jQk1nUTBYL3JzVGFkZS9FQVhzKy9janNnMmZ6R1JR
VFNRRUEvV0IvNHNIMnlXekpOL2p0UkpBS2puDQpPMmRQbnptVXFFdUFjWTBzdVFqeU5SaFh2Z3RY
YUFCNDlIeGZ2WVd0bkp1bi9mWnBhYi93dTlFN0NPMDFZWDZrDQpRcHpUYmpXaWQ0T1hFVTIreTNP
MA0KPVdwdGUNCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K

Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9wZ3Atc2lnbmF0dXJlOyBuYW1lPSJzaWduYXR1cmUu
YXNjIg0KQ29udGVudC1EZXNjcmlwdGlvbjogT3BlblBHUCBkaWdpdGFsIHNpZ25hdHVyZQ0KQ29u
dGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9InNpZ25hdHVyZS5hc2MiDQoN
Ci0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tDQpWZXJzaW9uOiBHbnVQRyB2MQ0KDQppUUlj
QkFFQkFnQUdCUUpVVTl6VkFBb0pFQkJoWkZVdWpZRkowYzhRQUwyekhoRjNObkhlbWczbExvQWxO
L1dUDQpsd0lrdHRCUWhQQ2czNnZWbklTdXhVbG9GVEsrcC9EckR2dWNDTVZ4V3dNM2dFcGFGMHIw
dkF3NW12Slk5VTVVDQpMOW41R3h2anMxeWVZTE82TWptZUlERGwrak5uTzhIc1Yvd2dzdWQyYSs0
cStTbG9yYmtJdjBZNmpKdmZyVmVyDQo4bjI0MkYxRmRXMC9QU2dpUmM4d2RjUVpjWS9tMzFYaDZI
SlB3ZjUraXY0Mk8rdnVmOFFPRXcxMG51NlJBTkQxDQpidGVORTAvYVk1MjVUNEhscWVRd0hsWml6
S3ZOWlVsdTlkMW96d2dPVzNKdDNObDJHbEFUNy9DbjNHcVpReXhLDQpqTXlnMGtIeldNdHdwZjht
ZTBtdEc4MnlHdXYzWW5FcXl6aGZJbDVmMnJTVjl3WFFqWlE0ZWpXQ0JXVlBjNk4yDQo4bEtlbTU2
cVFtUDUzMlMzWjhvQUlkQy9GNE1PNHdqSEpZUTZEYS95a0d4TFAwMHNFOGY3MTRydFphUXJpVm8y
DQpVMGNxbFk0Zlp1dHlJVGNSYXBGUmNodS9GUWxjc1lOOU5UUVFEdGZNQWpUNklmanZTelVERFl4
bDJxNUtSdWdHDQpCV1U5a0ZwbmgvTGoyY2hkQ3JJMnc1R0RZYXdqM1Z0YzNRYS9UQURyallCTE5B
dytXMmkwalh5MENyallpaHpIDQppQ1I0cjEzaTdJZ010TnpLUjYrQmJEQXpvK0ovc3dwUlZpN2dq
eTFPZE5JZmZxRyt0eElmRmg3dHEwcGYvbElkDQpCZGF1dUg4bEM2RTdYZENwQkhRQmxPNERjbWhC
S2FRb24xUWt0VXlMSE03SlhnNHBxazlrcGRCZHY3dXJUbnZzDQpNK3U4VGFLVkRpM3B5cWRTcy9V
RQ0KPU5kamYNCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K

I’m issuing these requests:

s = requests.Session()
s.cookies = LWPCookieJar(‘cookiejar’)
s.post(‘https://localhost:5001/account/dologin?login=’ + USER + ‘&realm=’ +
REALM + ‘&password=’ + PASSWD, verify=False)
s.get(‘https://localhost:5001/admin/init?serial=’ + SERIAL +
’&type=hmac&description=pol_gen&genkey=1&hashlib=sha1&otplen=6&session=’ +
SESSION_ID, verify=False)
s.get(‘https://localhost:5001/admin/assign?serial=’ + SERIAL + ‘&user=’ +
USER_TK + ‘&session=’ + SESSION_ID, verify=False)
s.get(‘https://localhost:5001/admin/enable?serial=’ + SERIAL + ‘&user=’ +
USER_TK + ‘&session=’ + SESSION_ID, verify=False)
s.get(‘https://localhost:5001/gettoken/getotp?serial=’ + SERIAL +
’&session=’ + SESSION_ID, verify=False)Il giorno venerdì 31 ottobre 2014 18:33:18 UTC+1, Cornelius Kölbel ha scritto:

Confused.

You set this policy:
scope: gettoken
action: max_count_hotp=1
user: *
realm: testrealm

You enrolled an HOTP-token with serial 12345678.

Did you assign the token to a user?

What request are you issuing?

Honestly I can not reproduce it here.

Kind regards
Cornelius

Am 31.10.2014 um 18:15 schrieb Paolo:

scope: gettoken
action: max_count_hotp=1
user: *
realm: testrealm

Il giorno venerdì 31 ottobre 2014 18:12:48 UTC+1, corneliu...@netknights.it ha scritto:

What does your policy look like?

Am Freitag, 31. Oktober 2014 18:10:51 UTC+1 schrieb Paolo:

Now I get this message:

{
“version”: “privacyIDEA 1.5dev6”,
“jsonrpc”: “2.0”,
“result”: {
“status”: false,
“error”: {
“message”: “The policy forbids receiving OTP values for the
token 12345678 in this realm”,
“code”: -311
}
},
“id”: 1
}


You received this message because you are subscribed to the Google Groups
"privacyidea" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/462fa265-388e-45cf-9e0c-3890f8ba461f%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/462fa265-388e-45cf-9e0c-3890f8ba461f%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

The first error I got is this:
{
“version”: “privacyIDEA 1.5dev6”,
“jsonrpc”: “2.0”,
“result”: {
“status”: false,
“error”: {
“message”: “The policy forbids receiving OTP values for the token
12345678 in this realm”,
“code”: -311
}
},
“id”: 1
}

I tried some things and I saw that setting the policy gettoken with the
param* max_count_hotp=1 *will solve the abovementioned problem :slight_smile:
But then if I try again with another request I get the message I wrote in
the previous post :frowning:
This is the content of the log file:

2014/10/31 - 17:35:23 ERROR {140182842357504}
[privacyidea.controllers.gettoken][getotp #315] gettoken/getotp failed:
AttributeError("‘NoneType’ object has no attribute ‘lower’",)
2014/10/31 - 17:35:23 ERROR {140182842357504}
[privacyidea.controllers.gettoken][getotp #315] gettoken/getotp failed:
AttributeError("‘NoneType’ object has no attribute ‘lower’",)
2014/10/31 - 17:35:23 ERROR {140182842357504}
[privacyidea.controllers.gettoken][getotp #316] Traceback (most recent call
last):
File
"/usr/lib/python2.7/dist-packages/privacyidea/controllers/gettoken.py",
line 276, in getotp
tokenrealms=tokenrealms)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line 95,
in wrapper
f_result = func(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/policy.py”, line
1553, in checkPolicyPre
’user’: admin_user[‘login’]})
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line 95,
in wrapper
f_result = func(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/policy.py”, line
248, in getPolicy
for p in policy.get(‘user’).lower().split(’,’)]
AttributeError: ‘NoneType’ object has no attribute ‘lower’

2014/10/31 - 17:35:23 ERROR {140182842357504}
[privacyidea.controllers.gettoken][getotp #316] Traceback (most recent call
last):
File
"/usr/lib/python2.7/dist-packages/privacyidea/controllers/gettoken.py",
line 276, in getotp
tokenrealms=tokenrealms)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line 95,
in wrapper
f_result = func(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/policy.py”, line
1553, in checkPolicyPre
’user’: admin_user[‘login’]})
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line 95,
in wrapper
f_result = func(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/policy.py”, line
248, in getPolicy
for p in policy.get(‘user’).lower().split(’,’)]
AttributeError: ‘NoneType’ object has no attribute 'lower’On Friday, October 31, 2014 2:59:03 PM UTC+1, Cornelius Kölbel wrote:

HI Paolo,

first, you can omit the user and realm if you provide the serial number.
The serial number will always identify the token directly.

The error message come from “somewhere deeper”.
It might be, because the tokentype does not support getotp.
Can you provide the traceback in /var/log/privacyidea/privacyidea.log?

I will thankfully take the beer! :wink:

Kind regards
Cornelius

Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9wZ3Atc2lnbmF0dXJlOyBuYW1lPSJzaWduYXR1cmUu
YXNjIg0KQ29udGVudC1EZXNjcmlwdGlvbjogT3BlblBHUCBkaWdpdGFsIHNpZ25hdHVyZQ0KQ29u
dGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9InNpZ25hdHVyZS5hc2MiDQoN
Ci0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tDQpWZXJzaW9uOiBHbnVQRyB2MQ0KDQppUUlj
QkFFQkFnQUdCUUpVVThUbEFBb0pFQkJoWkZVdWpZRkowd2dRQUtaM1k0REdEV3pUdE9ldU5TYVJh
VmNODQpWSkFYWXlFOHY0R2hEMUtKZllRaXlrTVRwZlgxRkhBVDIyVzVMaEE4OEUwcXlHZzlKbi92
K2ZLRUVBM2ZzTDduDQpwejNCWjltOVZPcXNzUlVKdlhldGJWaWs4SVh4VnBZTUMvZ216WktCWit1
NnIvZnFqSGUzRzdkODZudVBlMVVvDQp4ZlJsWmp4TjYwMEppWkNFU1dmZHJCV1lwTTM4bVVOc2wy
NzJYUUQ1MUNJaUlLVnBNOWwxSThHc042K045bHFvDQpsNXF3RnlnMGIxL1NTVEl0VDZDZVRYMHRo
T1YyN2hGalRjczBLNGtQUGUrNThQNVR3K3hyM2w2Y1hiaHNuYjJ4DQpzZmVCdFVXVFQwNWJNTm1w
TmlXa2d3MDNoVzBQUkd2YmJTcXZENTNUaU5MTlgzdzMzbnkvek02SXFOSnhkajJEDQpiNVpacnQ4
S1FuZjNhV2ZLdWFKNkYySXJzbzVQTE1UeWYxMGJnNytDWXRDL3RRTks1SEpHRGJqc1l2aHhHYUEv
DQpTdVRZTUZVNzBFdWJqN1UyU0xZTlRFV1dMOFlXRUlzOStNY1dnZ2IxMi80WG5XdjcyR3J0ZXVv
V2ZueTRwdnBRDQpTT3BJYk55WU5lTitGWVNMaWprYVFRUzB3RGhVdlNic0RSVEVwZzg2OXZDRm1y
TE4weFhZVzdFa3NCSHppblNUDQpadmVnTVg4UDdPS0VjOFhDK1gxVzByQ0JEY0crMnFYcWk3ZG9v
S0JMdDM3emVETnJPb0hUekpFMC9GOTZhamlrDQozalhVby92Z2c4SlVhSncvZDByenBBREx4Nkhn
SUNzWU1PNzk3bTgyanh5eXlNOWRyU3AzQmFGOEV1ODI4RTN6DQprWmZvc1E4MDlMaWF0SDgyc2VI
RA0KPUkyQXINCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K

Now I get this message:

{
“version”: “privacyIDEA 1.5dev6”,
“jsonrpc”: “2.0”,
“result”: {
“status”: false,
“error”: {
“message”: “The policy forbids receiving OTP values for the token
12345678 in this realm”,
“code”: -311
}
},
“id”: 1
}On Friday, October 31, 2014 5:51:48 PM UTC+1, Cornelius Kölbel wrote:

Hi Paolo,

huch. Your policy has no user defined. This is why the line

for p in policy.get('user').lower().split(',')]

fails.

So change your policy to include a “user”: “*”.

This will fix the problem for now.

Kind regards
Cornelius

Am 31.10.2014 um 17:38 schrieb Paolo:

The first error I got is this:
{
“version”: “privacyIDEA 1.5dev6”,
“jsonrpc”: “2.0”,
“result”: {
“status”: false,
“error”: {
“message”: “The policy forbids receiving OTP values for the token
12345678 in this realm”,
“code”: -311
}
},
“id”: 1
}

I tried some things and I saw that setting the policy gettoken with
the param* max_count_hotp=1 *will solve the abovementioned problem :slight_smile:
But then if I try again with another request I get the message I wrote in
the previous post :frowning:
This is the content of the log file:

2014/10/31 - 17:35:23 ERROR {140182842357504}
[privacyidea.controllers.gettoken][getotp #315] gettoken/getotp failed:
AttributeError("‘NoneType’ object has no attribute ‘lower’",)
2014/10/31 - 17:35:23 ERROR {140182842357504}
[privacyidea.controllers.gettoken][getotp #315] gettoken/getotp failed:
AttributeError("‘NoneType’ object has no attribute ‘lower’",)
2014/10/31 - 17:35:23 ERROR {140182842357504}
[privacyidea.controllers.gettoken][getotp #316] Traceback (most recent call
last):
File
"/usr/lib/python2.7/dist-packages/privacyidea/controllers/gettoken.py",
line 276, in getotp
tokenrealms=tokenrealms)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line 95,
in wrapper
f_result = func(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/policy.py”, line
1553, in checkPolicyPre
’user’: admin_user[‘login’]})
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line 95,
in wrapper
f_result = func(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/policy.py”, line
248, in getPolicy
for p in policy.get(‘user’).lower().split(’,’)]
AttributeError: ‘NoneType’ object has no attribute ‘lower’

2014/10/31 - 17:35:23 ERROR {140182842357504}
[privacyidea.controllers.gettoken][getotp #316] Traceback (most recent call
last):
File
"/usr/lib/python2.7/dist-packages/privacyidea/controllers/gettoken.py",
line 276, in getotp
tokenrealms=tokenrealms)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line 95,
in wrapper
f_result = func(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/policy.py”, line
1553, in checkPolicyPre
’user’: admin_user[‘login’]})
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line 95,
in wrapper
f_result = func(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/policy.py”, line
248, in getPolicy
for p in policy.get(‘user’).lower().split(’,’)]
AttributeError: ‘NoneType’ object has no attribute ‘lower’

On Friday, October 31, 2014 2:59:03 PM UTC+1, Cornelius Kölbel wrote:

HI Paolo,

first, you can omit the user and realm if you provide the serial number.
The serial number will always identify the token directly.

The error message come from “somewhere deeper”.
It might be, because the tokentype does not support getotp.
Can you provide the traceback in /var/log/privacyidea/privacyidea.log?

I will thankfully take the beer! :wink:

Kind regards
Cornelius


You received this message because you are subscribed to the Google Groups
"privacyidea" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/3e7160e5-8669-4eee-9996-2e1ce37e42da%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/3e7160e5-8669-4eee-9996-2e1ce37e42da%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbelcorneliu…@netknights.it <javascript:>
+49 151 2960 1417

NetKnights GmbHhttp://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

scope: gettoken
action: max_count_hotp=1
user: *
realm: testrealmIl giorno venerdì 31 ottobre 2014 18:12:48 UTC+1, corneliu...@netknights.it ha scritto:

What does your policy look like?

Am Freitag, 31. Oktober 2014 18:10:51 UTC+1 schrieb Paolo:

Now I get this message:

{
“version”: “privacyIDEA 1.5dev6”,
“jsonrpc”: “2.0”,
“result”: {
“status”: false,
“error”: {
“message”: “The policy forbids receiving OTP values for the
token 12345678 in this realm”,
“code”: -311
}
},
“id”: 1
}

Hello,
thanks :slight_smile:
Now I have a small problem when I try to get the OTP value:
{
“version”: “privacyIDEA 1.5dev6”,
“jsonrpc”: “2.0”,
“result”: {
“status”: false,
“error”: {
“message”: “gettoken/getotp failed: ‘NoneType’ object has no
attribute ‘lower’”,
“code”: -311
}
},
“id”: 0
}

I’m doing this request:
r = s.get(‘https://localhost:5001/gettoken/getotp?user=USER&realm=REALM
&serial=SERIAL&session=SESSION_ID’, verify=False)

What am I missing?
Thanks a lot again!
I owe you a beer. If you come to Italy inform me ;)On Friday, October 31, 2014 6:51:29 AM UTC+1, Cornelius Kölbel wrote:

Am 31.10.2014 um 00:05 schrieb Paolo:

Hello :slight_smile:
with this script I save the content of the response cookie to a file:

s = requests.Session()
s.cookies = LWPCookieJar(‘cookiejar’)
if not os.path.exists(‘cookiejar’):
print(‘setting cookies’)
s.cookies.save()
r = s.post(‘
https://localhost:5001/account/dologin?login=username&realm=myrealm&password=mysuperpwd’,
verify=False)

s.cookies.save(ignore_discard=True)

file content:

#LWP-Cookies-2.0
Set-Cookie3:
privacyidea_session="“cd894d49ff6396f48b249a14783782110552c0bcUSERNAME!”";
path="/"; domain=“localhost.local”; path_spec; discard; version=0

Now what I have to do is the number 1 or the number 2??

  1. send a POST/GET request to https://localhost:5001
    /admin/init?serial=12345678&type=TOTP&genkey=1 with the cookie
    (sending the file)
  2. send a POST/GET request to https://localhost:5001
    /admin/init?serial=12345678&type=TOTP&genkey=1&session=
    cd894d49ff6396f48b249a14783782110552c0bcUSERNAME! (adding the
    privacyidea_session as a url parameter)

Thanks a lot again :slight_smile:

Hi Paolo,
You need to do second one.
I am sorry, I forgot to tell you that you can take a look at the code of
the command line admin client.

First you can login:

https://github.com/privacyidea/privacyideaadm/blob/master/privacyideautils/clientutils.py#L344
(it stores the session in self.session and the cookie in self.cookie_jar)

Then you can call the function you are interested in:

https://github.com/privacyidea/privacyideaadm/blob/master/privacyideautils/clientutils.py#L302
with the stored session and the cookie.

Kind regards
Cornelius

Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9wZ3Atc2lnbmF0dXJlOyBuYW1lPSJzaWduYXR1cmUu
YXNjIg0KQ29udGVudC1EZXNjcmlwdGlvbjogT3BlblBHUCBkaWdpdGFsIHNpZ25hdHVyZQ0KQ29u
dGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9InNpZ25hdHVyZS5hc2MiDQoN
Ci0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tDQpWZXJzaW9uOiBHbnVQRyB2MQ0KDQppUUlj
QkFFQkFnQUdCUUpVVTVXTUFBb0pFQkJoWkZVdWpZRko0aFVQL0FnOWpSMVpEV0VRRW9VWCtBYkJX
WGUvDQpMUWJIZVRzUzk4YW5QNjNLOTlGcEJrN2ZWU0tKNTk4TW9xZ2VCYjIrcmdnRjlqVjZXZzYz
NUwxWGVmU1BlNGZDDQpUeEQ0Y09qd09BQWNhb1hzS1Rybm1CQTZ3NmhHaDVHU3N3N2ZrMlFXVFM3
QkZydW9EVGkrOFpSaGRRdmFuWlBFDQpMUzNmVFY3MWYrMVN6MGl6MGNUMjFFWXEwNHZDTmlCaUZE
NkZuKzBCVDN2VGR4L0tmdlFvTmJZTzNhdHQ1dlZCDQp2ZExCMkNienNDNEZCaThKRHgwaDBkK0JL
OHl6RmI0RmxHbGhKT21PQ0ViSG5neE9FZUtJblo5WUNJMmJmQjRKDQpyNm0reFRYL01XcU02R2Fz
UTh0NklEZjMzWVFEMnFsYUFPVkxqVkR3V3d4eFVVd2RIRFBpZ0JxQlN1ckx4YWRXDQpVY2xrdmxY
YktHL3ErVndhc0tvQ2Eya1piUTRYUXVuK25VUkFoR1RoNWxxRUFGRzE4UUFabTNNWG9uZ1pLbjE2
DQplc1NLVC92YkIweExreXExL3hjZEdpUkppWWRCRi9sQ3l0NXd1MWVPZDdET3lvUTRxRExnVjla
akwyNGU4WEZ4DQoxeFhPeVJNM0NuLyt6S2ZsWXF5bkNzQjQ4OXpwaENLYkkydml1bElNYm10M1I3
UWZBRkZINnpWandVU25peVlzDQpJYlpkSmxuVCtuVXo5VGo1OHhkNkgvYUNPcUZJM3hvQ3MvQ2ZV
MWhpZDlaQjhoVStXQ1dOM1lLYTNob0JwR3ZJDQo2R3lNYncrUWZSbzdCSVJDaGlzc25INy9zQ3gv
NCtYSFk5aG80L21IYVBOT2xvM2JIaDJ0dmM3TkdWV2NWWWFLDQpLTjJGYkk4d1kySWNMODZwNzNK
Kw0KPU9CNXINCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K

Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9wZ3Atc2lnbmF0dXJlOyBuYW1lPSJzaWduYXR1cmUu
YXNjIg0KQ29udGVudC1EZXNjcmlwdGlvbjogT3BlblBHUCBkaWdpdGFsIHNpZ25hdHVyZQ0KQ29u
dGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9InNpZ25hdHVyZS5hc2MiDQoN
Ci0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tDQpWZXJzaW9uOiBHbnVQRyB2MQ0KDQppUUlj
QkFFQkFnQUdCUUpVVTc0Z0FBb0pFQkJoWkZVdWpZRkptR3NQL2pFLzBrT3hVQW5uTTF1VVZIaG9I
elpYDQpKamtzazd5UVhTdXlYOGVqVjNWaWJtNTdXaXhKZjFRYUlEcUJzMGhHYm5TT1BsR0hiOTAx
MWp0dmNhSDVLdTF0DQpyR0l5RysrNWZKOU5DV1VlOEV1dk9OZ2kwdTh4SFNUODdUbWZMY3lzSmRM
RncyWFdJZGx0bU9rTmZCQ3RxZkxjDQprd2ZqR0Nza0VGU2tuTndhaU5ZUzJxSU02aWRTR2RqMDhG
dHpRd0tjN0ZHc2FCclNBb1ZRNXVzUG1hSDlTWFdODQpLZm4yc3ltT21YbUZyRktsbjhnZGlaMFYy
ckdmT2ZTb0dZdFd2NTQ0dEtDdmJZYlJ4M3dkUmZzSWQvRnJtblZ3DQovVkxvaU5vNXl4S0Vta0Q0
RFdqWDB1WGxCdURCcERMR1JyREgwbjE5a2F3WUtaSW9TMm5SQ3ZGL2phYzFPUTFrDQp5anppRFlF
WTR6STJMd1FtZjdsS25EMmt4S045Y1JsZElDR0FhbnFUNU9iQ3h2aktYMzdVK1kxaW42aXhxVXNy
DQoxM0VmSmwwOUdQZVNwVkpoalZDNkhDbWJMdXBjYVF4a2pPQUN2VWxmdkxvSFFIK094ZVZPSmNE
ZnZLaVV0ekFSDQpkM3RIU0daQ0FlMkpTTGZyYllObzdsSlA1bllZQmRLd1FNazRGeWt0SG5SS1Nv
WVdsT1AvVnZkU3FmWG01OFhDDQplWElxOGJleVZVVVJMVDlwYnVKUmlaWGVwWExmMHZZL1hnUWhV
YUlDbVJSejEzTEtzSWZKQmFIdkNCUkUvZG90DQpVTFFuVmJybTBjczdwS0ZRYXlGbUMwc1huQXJL
Y0xWOVJ1OGxIWVh0UWVyQUM1TXdvTWxOYmNtNC9pQXlCTjYrDQpCanJvcnJyNGpPWnptOHRuNkNP
Rw0KPXpuV3kNCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K

What does your policy look like?Am Freitag, 31. Oktober 2014 18:10:51 UTC+1 schrieb Paolo:

Now I get this message:

{
“version”: “privacyIDEA 1.5dev6”,
“jsonrpc”: “2.0”,
“result”: {
“status”: false,
“error”: {
“message”: “The policy forbids receiving OTP values for the token
12345678 in this realm”,
“code”: -311
}
},
“id”: 1
}

On Friday, October 31, 2014 5:51:48 PM UTC+1, Cornelius Kölbel wrote:

Hi Paolo,

huch. Your policy has no user defined. This is why the line

for p in policy.get('user').lower().split(',')]

fails.

So change your policy to include a “user”: “*”.

This will fix the problem for now.

Kind regards
Cornelius

Am 31.10.2014 um 17:38 schrieb Paolo:

The first error I got is this:
{
“version”: “privacyIDEA 1.5dev6”,
“jsonrpc”: “2.0”,
“result”: {
“status”: false,
“error”: {
“message”: “The policy forbids receiving OTP values for the
token 12345678 in this realm”,
“code”: -311
}
},
“id”: 1
}

I tried some things and I saw that setting the policy gettoken with
the param* max_count_hotp=1 *will solve the abovementioned problem :slight_smile:
But then if I try again with another request I get the message I wrote in
the previous post :frowning:
This is the content of the log file:

2014/10/31 - 17:35:23 ERROR {140182842357504}
[privacyidea.controllers.gettoken][getotp #315] gettoken/getotp failed:
AttributeError("‘NoneType’ object has no attribute ‘lower’",)
2014/10/31 - 17:35:23 ERROR {140182842357504}
[privacyidea.controllers.gettoken][getotp #315] gettoken/getotp failed:
AttributeError("‘NoneType’ object has no attribute ‘lower’",)
2014/10/31 - 17:35:23 ERROR {140182842357504}
[privacyidea.controllers.gettoken][getotp #316] Traceback (most recent call
last):
File
"/usr/lib/python2.7/dist-packages/privacyidea/controllers/gettoken.py",
line 276, in getotp
tokenrealms=tokenrealms)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line
95, in wrapper
f_result = func(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/policy.py”, line
1553, in checkPolicyPre
’user’: admin_user[‘login’]})
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line
95, in wrapper
f_result = func(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/policy.py”, line
248, in getPolicy
for p in policy.get(‘user’).lower().split(’,’)]
AttributeError: ‘NoneType’ object has no attribute ‘lower’

2014/10/31 - 17:35:23 ERROR {140182842357504}
[privacyidea.controllers.gettoken][getotp #316] Traceback (most recent call
last):
File
"/usr/lib/python2.7/dist-packages/privacyidea/controllers/gettoken.py",
line 276, in getotp
tokenrealms=tokenrealms)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line
95, in wrapper
f_result = func(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/policy.py”, line
1553, in checkPolicyPre
’user’: admin_user[‘login’]})
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line
95, in wrapper
f_result = func(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/policy.py”, line
248, in getPolicy
for p in policy.get(‘user’).lower().split(’,’)]
AttributeError: ‘NoneType’ object has no attribute ‘lower’

On Friday, October 31, 2014 2:59:03 PM UTC+1, Cornelius Kölbel wrote:

HI Paolo,

first, you can omit the user and realm if you provide the serial number.
The serial number will always identify the token directly.

The error message come from “somewhere deeper”.
It might be, because the tokentype does not support getotp.
Can you provide the traceback in /var/log/privacyidea/privacyidea.log?

I will thankfully take the beer! :wink:

Kind regards
Cornelius


You received this message because you are subscribed to the Google Groups
"privacyidea" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/3e7160e5-8669-4eee-9996-2e1ce37e42da%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/3e7160e5-8669-4eee-9996-2e1ce37e42da%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbelcorneliu…@netknights.it
+49 151 2960 1417

NetKnights GmbHhttp://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9wZ3Atc2lnbmF0dXJlOyBuYW1lPSJzaWduYXR1cmUu
YXNjIg0KQ29udGVudC1EZXNjcmlwdGlvbjogT3BlblBHUCBkaWdpdGFsIHNpZ25hdHVyZQ0KQ29u
dGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9InNpZ25hdHVyZS5hc2MiDQoN
Ci0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tDQpWZXJzaW9uOiBHbnVQRyB2MQ0KDQppUUlj
QkFFQkFnQUdCUUpVVkpoL0FBb0pFQkJoWkZVdWpZRkpMa2NQLzA5RHA1QXc2WmhBb0FMaHQwbTMr
SGxRDQpRdHMvbE1qMzVzUTZtdlhOUGhseWJhVG9la1VpVDJaN0tzVDVFTkkvNXNQYlVFa2xWTVhV
Y0t4WlZodzhRRGZqDQpCMVN2bUFZUkFJKzVRc0RwK3RBVkIxbSs4d2UxV0pYbjQ3YjBmMm5GY3dw
emd2SStaZlM0S3dJSGJGQWZwWitpDQpyWisvL3JweW5qSTJ5MnJ4NkNyZUxhdzdnVWxPdE4vc2RD
ZHBjRkM5eTNjS01ldVd2cnhJRWcrTVAranNDYWNmDQpnTDU3SjIxbU8wM1IyL0VZUmhxZjRZL0ho
Vng5VVZCMm94UWV3TEcvZ3U4dWlqZS9OWG5WYU1kZ0RURDYyVC9qDQpIMUVZSTVkejlpa3J4NENm
azdFMVY0TnNKVDlJS1VrTXVUb1R3ZXFEdkhML0JOUGlsalhTZm1ncjNidTgwbG5RDQowY0tqZlRF
QmV6Ui9GaGpGcXJxMkowSk55UWtTeTNyNHBsT0ZITytWVDI4ZEovRUUrNjlDS0I0dHBpRTZTVGNW
DQptM3N4OVFxajJTa1QvL2JOWUx5QTV3S0JuajVtQ21OT24zZlNJM1JEaEVDMVRhRVhMMGFodHBt
MmdoSEdlWDBxDQpEaWJ4Slcwdmw5SlEzQmZjOW52VlFjeFVpT2NhVDVURSt0d2cvcGg3Nm1uaGZZ
eEo3bmNyK2hPYVg2YmxseUI5DQprYXhFaVh3NVVOTWJ1OFZEZGpZM09WME9UUU50eHhCZXJranNi
WE1Xb2xLUTVHUU8xVHRwT2R1bm1LMzNtcTVPDQpCbDl1bUJWN1hFakJkK3JuNXZkT3dYU0JmUERS
dTRHaXZVU2pEL3hXbHRZWXhMUWJLYThYY2hJc0taVFhHQU44DQpqNVM3VDNzc1B4VmVRYlNmd0pG
Ng0KPVJLS0UNCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K