Hi all;
I am new to PrivacyIdea. Our environment has the following characteristics:
- Privacy idea version: 3.7 (installed with pip)
- privacy idea simple saml php plugin: 2.1 (installed with composer)
- privacy idea is configured as an authsource for simplesamlphp:
'privacyidea' => array(
'privacyidea:PrivacyideaAuthSource',
'privacyideaServerURL' => 'https://privacyidea.internal',
'sslverifyhost' => True,
'sslverifypeer' => True,
'realm' => '',
'SSO' => 'true',
'otpFieldHint' => 'OTP',
'passFieldHint' => 'PIN',
'attributemap' => array(
'username' => 'uid',
'email' => 'mail',
'surname' => null,
'givenname' => null,
'phone' => null,
'mobile' => null,
),
'doTriggerChallenge' => 'false',
'doSendPassword' => 'true',
'preferredTokenType' => '',
'concatenationmap' => array(
'givenname,surname' => 'fullName',
),
'detailmap' => array(
'message' => 'message',
'type' => 'otpType',
'serial' => 'otpSerial',
'otplen' => 'otpLength'
),
),
)
access to web service S is allowed when the saml authentication is done successfully for user X.
Problem description:
I enrolled an OTP token to privacy idea successfully for user X. The problem occurs when I try to authenticate through the simplesaml web UI. In fact, I input the user identifier and the PIN+OTP in the PIN field. In the logs of simplesamlphp I can clearly read that the User authenticated successfully!
.
Here is an excerpt from the logs:
privacyIDEA-PHP-Client: /validate/check returned {
"detail": {
"message": "matching 1 tokens",
"otplen": 6,
"serial": "SERIAL-REMOVED",
"threadid": 139806027273984,
"type": "hotp"
},
"id": 2,
"jsonrpc": "2.0",
"result": {
"authentication": "ACCEPT",
"status": true,
"value": true
},
"time": 1649920666.5231423,
"version": "privacyIDEA 3.7",
"versionnumber": "3.7",
"signature":
I expect that there will be a redirect to web service S. What happens actually is a second from coming from simplesamlphp occurs again asking for the OTP.
Even if we input the PIN+OTP again into that field, we again see in the logs User authenticated successfully!
but again the form occurs again asking for the OTP.
Any help is appreciated !