No realm filter necessary.This should be OK. Turn on debug an look into the log.You could also debug through the program.
https://www.privacyidea.org/privacyidea-development-howto/
Kind regardsCornelius
Cornelius Kölbel +49 151 2960 1417
NetKnights GmbHHttp://NetKnights. It
+49 561 3166 797-------- Ursprüngliche Nachricht --------Von: Tilmann tilmann@rehfeldt.eu Datum: 15.09.16 13:01 (GMT+01:00) An: privacyidea privacyidea@googlegroups.com Betreff: [privacyidea] Re: PrivacyIDEA - BasicAuth
Hi,
Yes, i defined the following policy in the scope WebUi
{ “default_tokentype”: “totp”, “remote_user”: “allowed”, “tokenwizard”: true }
Is that right? Is it nesseseary to set a filter to Realm, user-resolver or something else?
Regards, Timann
Am Montag, 12. September 2016 22:08:06 UTC+2 schrieb Tilmann:
PrivacyIDEA - Install BasicAuth Hi, I try to activate the Basic Authentication for SSO purpose for the WebUI. If I change the AuthType in the apache config file „privacyidea.conf“ to basic the login dialog appears but the authentication failed. In the apache error log I receive the following Message. /var/log/httpd/error_log:[Mon Sep 12 21:11:34.936915 2016] [:error] [pid 1483] [client 172.16.16.16:63124] mod_wsgi (pid=1483): Exception occurred processing WSGI script ‘/opt/privacyIDEA/lib/python2.7/site-packages/authmodules/apache2/privacyidea_apache.py’.[Mon Sep 12 21:11:34.936989 2016] [:error] [pid 1483] [client 172.16.16.16:63124] Traceback (most recent call last):[Mon Sep 12 21:11:34.937046 2016] [:error] [pid 1483] [client 172.16.16.16:63124] File “/opt/privacyIDEA/lib/python2.7/site-packages/authmodules/apache2/privacyidea_apache.py”, line 66, in check_password[Mon Sep 12 21:11:34.937129 2016] [:error] [pid 1483] [client 172.16.16.16:63124] value = rd.get(key)[Mon Sep 12 21:11:34.937146 2016] [:error] [pid 1483] [client 172.16.16.16:63124] File “/opt/privacyIDEA/lib/python2.7/site-packages/redis/client.py”, line 863, in get[Mon Sep 12 21:11:34.937698 2016] [:error] [pid 1483] [client 172.16.16.16:63124] return self.execute_command(‘GET’, name)[Mon Sep 12 21:11:34.937725 2016] [:error] [pid 1483] [client 172.16.16.16:63124] File “/opt/privacyIDEA/lib/python2.7/site-packages/redis/client.py”, line 570, in execute_command[Mon Sep 12 21:11:34.937745 2016] [:error] [pid 1483] [client 172.16.16.16:63124] connection.send_command(*args)[Mon Sep 12 21:11:34.937757 2016] [:error] [pid 1483] [client 172.16.16.16:63124] File “/opt/privacyIDEA/lib/python2.7/site-packages/redis/connection.py”, line 556, in send_command[Mon Sep 12 21:11:34.937958 2016] [:error] [pid 1483] [client 172.16.16.16:63124] self.send_packed_command(self.pack_command(args))[Mon Sep 12 21:11:34.938001 2016] [:error] [pid 1483] [client 172.16.16.16:63124] File “/opt/privacyIDEA/lib/python2.7/site-packages/redis/connection.py”, line 532, in send_packed_command[Mon Sep 12 21:11:34.938041 2016] [:error] [pid 1483] [client 172.16.16.16:63124] self.connect()[Mon Sep 12 21:11:34.938052 2016] [:error] [pid 1483] [client 172.16.16.16:63124] File “/opt/privacyIDEA/lib/python2.7/site-packages/redis/connection.py”, line 436, in connect[Mon Sep 12 21:11:34.938065 2016] [:error] [pid 1483] [client 172.16.16.16:63124] raise ConnectionError(self._error_message(e))[Mon Sep 12 21:11:34.938081 2016] [:error] [pid 1483] [client 172.16.16.16:63124] ConnectionError: Error 111 connecting to localhost:6379. Connection refused. /etc/httpd/conf.d/privacyidea.conf:TraceEnable offServerSignature OffServerTokens ProdWSGIPythonHome /opt/privacyIDEAWSGISocketPrefix /var/run/wsgi ServerAdmin support@xxx.xy ServerName Servername1 RewriteEngine On RewriteCond %{HTTPS} !=On RewriteRule (.) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] ServerAdmin support@xxx.xy ServerName Servername DocumentRoot /var/www # For Apache 2.4 you need to set this: # Require all granted Options FollowSymLinks AllowOverride None SSLRequireSSL AuthType Basic AuthName “OTP WebUi Login” AuthBasicProvider wsgi WSGIAuthUserScript /opt/privacyIDEA/lib/python2.7/site-packages/authmodules/apache2/privacyidea_apache.py require valid-user <Location /validate/check> Require all granted Options FollowSymLinks AllowOverride None <Location /ttype> Require all granted Options FollowSymLinks AllowOverride None # The daemon is running as user ‘privacyidea’ # This user should have access to the encKey database encryption file WSGIDaemonProcess privacyidea python-path=/etc/privacyidea:/opt/privacyIDEA/lib/python2.7/site-packages processes=1 threads=15 display-name=%{GROUP} user=privacyidea WSGIPassAuthorization On WSGIProcessGroup privacyidea WSGIPassAuthorization On WSGIScriptAlias / /etc/privacyidea/privacyideaapp.wsgi SSLEngine On SSLProtocol All -SSLv2 -SSLv3 SSLHonorCipherOrder On SSLCipherSuite EECDH+AES256:DHE+AES256:EECDH+AES:EDH+AES:-SHA1:EECDH+RC4:EDH+RC4:RC4-SHA:AES256-SHA:!aNULL:!eNULL:!EXP:!LOW:!MD5 SSLCertificateFile /etc/pki/tls/certs/privacyideaserver.pem SSLCertificateKeyFile /etc/pki/tls/private/privacyideaserver.key Software Versions:PrivacyIDEA 2.14centos-release-7-2.1511.el7.centos.2.10.x86_64Python 2.7.5Apache/2.4.6 (CentOS) Could you please tell me, what is wrong? Thanks in advance! Tilmann
–
Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.
For professional services and consultancy regarding two factor authentication please visit
https://netknights.it/en/leistungen/one-time-services/
In an enterprise environment you should get a SERVICE LEVEL AGREEMENT which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/
You received this message because you are subscribed to the Google Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit https://groups.google.com/d/msgid/privacyidea/0057e90b-8c00-48aa-84f7-f84240930fc9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.