Hello!
I’m using privacyIDEA 2.11.2.
Setting passOnNoUser and passOnNoToken this is the result:
Reply-Message = “ERR905: The user can not be found in any resolver in this
realm!” if the user is not present…
or
Reply-Message = “privacyIDEA access granted” also if the user is present
and has token assigned!
Is it a bug?
Could you help me?
Regards—
Sim
Hi Sim,
can you please describe
I don’t quite get your problem.
Thanks a lot
CorneliusAm Dienstag, den 03.05.2016, 04:12 -0700 schrieb simvirus@gmail.com:
Hello!
I’m using privacyIDEA 2.11.2.Setting passOnNoUser and passOnNoToken this is the result:
Reply-Message = “ERR905: The user can not be found in any resolver in
this realm!” if the user is not present…or
Reply-Message = “privacyIDEA access granted” also if the user is
present and has token assigned!Is it a bug?
Could you help me?Regards
Sim
–
Please read the blog post about getting help
Getting help – privacyID3A.For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - VerschlüsselungIn an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support LevelYou received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/de8f2ff8-c02e-4de9-8415-5bfb171b18c2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (836 Bytes)
Hello Cornelius,
thank you for the quick reply! 
The settings are real simple.
REALMS:
business → business-mysql (sqlresolver)
USERS:
business-mysql → sqlresolver (local DB/TABLE)
POLICIES:
business_authentication → authentication { “passOnNoUser”: true,
“passOnNoToken”: true } [ “business” ] [ “business-mysql” ]
I’ve an external application (with local accounts user/pass)
For login are requested “user, password and otp (optional)”
Otp will be checked outside that system (privacyIDEA in this case) with
POST/json query (user/token).
I would not want to create all users in privacyIDEA, and i need a “true”
reply for no-user (into sqlresolver) and no-token (created users but
without OTP)
Enabling “passOnNoUser: true” and “passOnNoToken: true” privacyIDEA reply:
access granted if the user is present (ok!),
ERR905 if the local user is not present (why?),
access granted if the user is present with token but bad token (why?)
Thanks you again!
SimOn Tuesday, May 3, 2016 at 1:17:33 PM UTC+2, Cornelius Kölbel wrote:
Hi Sim,
can you please describe
- your settings,
- what you are doing and
- the effects you get in more detail?
I don’t quite get your problem.
Thanks a lot
CorneliusAm Dienstag, den 03.05.2016, 04:12 -0700 schrieb simv...@gmail.com
<javascript:>:Hello!
I’m using privacyIDEA 2.11.2.Setting passOnNoUser and passOnNoToken this is the result:
Reply-Message = “ERR905: The user can not be found in any resolver in
this realm!” if the user is not present…or
Reply-Message = “privacyIDEA access granted” also if the user is
present and has token assigned!Is it a bug?
Could you help me?Regards
Sim
–
Please read the blog post about getting help
Getting help – privacyID3A.For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - VerschlüsselungIn an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support LevelYou received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visitFor more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
corneliu…@netknights.it <javascript:>
+49 151 2960 1417NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
Hi Sim,
I will create a test case for this and come back to you.
Kind regards
CorneliusAm Dienstag, den 03.05.2016, 04:46 -0700 schrieb simvirus@gmail.com:
Hello Cornelius,
thank you for the quick reply!The settings are real simple.
REALMS:
business → business-mysql (sqlresolver)USERS:
business-mysql → sqlresolver (local DB/TABLE)POLICIES:
business_authentication → authentication { “passOnNoUser”: true,
“passOnNoToken”: true } [ “business” ] [ “business-mysql” ]I’ve an external application (with local accounts user/pass)
For login are requested “user, password and otp (optional)”
Otp will be checked outside that system (privacyIDEA in this case)
with POST/json query (user/token).
I would not want to create all users in privacyIDEA, and i need a
“true” reply for no-user (into sqlresolver) and no-token (created
users but without OTP)Enabling “passOnNoUser: true” and “passOnNoToken: true” privacyIDEA
reply:access granted if the user is present (ok!),
ERR905 if the local user is not present (why?),
access granted if the user is present with token but bad token (why?)Thanks you again!
Sim
On Tuesday, May 3, 2016 at 1:17:33 PM UTC+2, Cornelius Kölbel wrote:
Hi Sim,can you please describe - your settings, - what you are doing and - the effects you get in more detail? I don't quite get your problem. Thanks a lot Cornelius Am Dienstag, den 03.05.2016, 04:12 -0700 schrieb simv...@gmail.com: > Hello! > I'm using privacyIDEA 2.11.2. > > Setting passOnNoUser and passOnNoToken this is the result: > > Reply-Message = "ERR905: The user can not be found in any resolver in > this realm!" if the user is not present.... > > or > > Reply-Message = "privacyIDEA access granted" also if the user is > present and has token assigned! > > Is it a bug? > Could you help me? > > Regards > > --- > Sim > > -- > Please read the blog post about getting help > https://www.privacyidea.org/getting-help/. > > For professional services and consultancy regarding two factor > authentication please visit > https://netknights.it/en/leistungen/one-time-services/ > > In an enterprise environment you should get a SERVICE LEVEL AGREEMENT > which suites your needs for SECURITY, AVAILABILITY and LIABILITY: > https://netknights.it/en/leistungen/service-level-agreements/ > --- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > Visit this group at https://groups.google.com/group/privacyidea. > To view this discussion on the web visit > https://groups.google.com/d/msgid/privacyidea/de8f2ff8-c02e-4de9-8415-5bfb171b18c2%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
Please read the blog post about getting help
Getting help – privacyID3A.For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - VerschlüsselungIn an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support LevelYou received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/d68ea812-94cb-4b66-8205-30c7ea0abeb2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (836 Bytes)
Thank you Cornelius!
SimOn Tuesday, May 3, 2016 at 2:10:41 PM UTC+2, Cornelius Kölbel wrote:
Hi Sim,
I will create a test case for this and come back to you.
Kind regards
CorneliusAm Dienstag, den 03.05.2016, 04:46 -0700 schrieb simv...@gmail.com
<javascript:>:Hello Cornelius,
thank you for the quick reply!The settings are real simple.
REALMS:
business → business-mysql (sqlresolver)USERS:
business-mysql → sqlresolver (local DB/TABLE)POLICIES:
business_authentication → authentication { “passOnNoUser”: true,
“passOnNoToken”: true } [ “business” ] [ “business-mysql” ]I’ve an external application (with local accounts user/pass)
For login are requested “user, password and otp (optional)”
Otp will be checked outside that system (privacyIDEA in this case)
with POST/json query (user/token).
I would not want to create all users in privacyIDEA, and i need a
“true” reply for no-user (into sqlresolver) and no-token (created
users but without OTP)Enabling “passOnNoUser: true” and “passOnNoToken: true” privacyIDEA
reply:access granted if the user is present (ok!),
ERR905 if the local user is not present (why?),
access granted if the user is present with token but bad token (why?)Thanks you again!
Sim
On Tuesday, May 3, 2016 at 1:17:33 PM UTC+2, Cornelius Kölbel wrote:
Hi Sim,can you please describe - your settings, - what you are doing and - the effects you get in more detail? I don't quite get your problem. Thanks a lot Cornelius Am Dienstag, den 03.05.2016, 04:12 -0700 schrieb simv...@gmail.com: > Hello! > I'm using privacyIDEA 2.11.2. > > Setting passOnNoUser and passOnNoToken this is the result: > > Reply-Message = "ERR905: The user can not be found in any resolver in > this realm!" if the user is not present.... > > or > > Reply-Message = "privacyIDEA access granted" also if the user is > present and has token assigned! > > Is it a bug? > Could you help me? > > Regards > > --- > Sim > > -- > Please read the blog post about getting help > https://www.privacyidea.org/getting-help/. > > For professional services and consultancy regarding two factor > authentication please visit > https://netknights.it/en/leistungen/one-time-services/ > > In an enterprise environment you should get a SERVICE LEVEL AGREEMENT > which suites your needs for SECURITY, AVAILABILITY and LIABILITY: > https://netknights.it/en/leistungen/service-level-agreements/ > --- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > Visit this group at https://groups.google.com/group/privacyidea. > To view this discussion on the web visit >> For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
Please read the blog post about getting help
Getting help – privacyID3A.For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - VerschlüsselungIn an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support LevelYou received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visitFor more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
corneliu…@netknights.it <javascript:>
+49 151 2960 1417NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
Hello Sim,
congratulations and thanks a lot!
You found a severe bug, for wich we just released the advisory and
fix/update.
Please read here:
https://www.privacyidea.org/bug-passonnouser-policy-allows-arbitrary-authentication/
Kind regards
CorneliusAm Dienstag, den 03.05.2016, 05:19 -0700 schrieb simvirus@gmail.com:
Thank you Cornelius!
Sim
On Tuesday, May 3, 2016 at 2:10:41 PM UTC+2, Cornelius Kölbel wrote:
Hi Sim,I will create a test case for this and come back to you. Kind regards Cornelius Am Dienstag, den 03.05.2016, 04:46 -0700 schrieb simv...@gmail.com: > Hello Cornelius, > thank you for the quick reply! :-) > > The settings are real simple. > > REALMS: > business -> business-mysql [] (sqlresolver) > > USERS: > business-mysql -> sqlresolver (local DB/TABLE) > > POLICIES: > business_authentication -> authentication { "passOnNoUser": true, > "passOnNoToken": true } [ "business" ] [] [ "business-mysql" ] [] > > > I've an external application (with local accounts user/pass) > For login are requested "user, password and otp (optional)" > Otp will be checked outside that system (privacyIDEA in this case) > with POST/json query (user/token). > I would not want to create all users in privacyIDEA, and i need a > "true" reply for no-user (into sqlresolver) and no-token (created > users but without OTP) > > Enabling "passOnNoUser: true" and "passOnNoToken: true" privacyIDEA > reply: > > access granted if the user is present (ok!), > ERR905 if the local user is not present (why?), > access granted if the user is present with token but bad token (why?) > > Thanks you again! > > Sim > > On Tuesday, May 3, 2016 at 1:17:33 PM UTC+2, Cornelius Kölbel wrote: > Hi Sim, > > can you please describe > - your settings, > - what you are doing and > - the effects you get in more detail? > > I don't quite get your problem. > > Thanks a lot > Cornelius > > Am Dienstag, den 03.05.2016, 04:12 -0700 schrieb > simv...@gmail.com: > > Hello! > > I'm using privacyIDEA 2.11.2. > > > > Setting passOnNoUser and passOnNoToken this is the result: > > > > Reply-Message = "ERR905: The user can not be found in any > resolver in > > this realm!" if the user is not present.... > > > > or > > > > Reply-Message = "privacyIDEA access granted" also if the > user is > > present and has token assigned! > > > > Is it a bug? > > Could you help me? > > > > Regards > > > > --- > > Sim > > > > -- > > Please read the blog post about getting help > > https://www.privacyidea.org/getting-help/. > > > > For professional services and consultancy regarding two > factor > > authentication please visit > > https://netknights.it/en/leistungen/one-time-services/ > > > > In an enterprise environment you should get a SERVICE LEVEL > AGREEMENT > > which suites your needs for SECURITY, AVAILABILITY and > LIABILITY: > > > https://netknights.it/en/leistungen/service-level-agreements/ > > --- > > You received this message because you are subscribed to the > Google > > Groups "privacyidea" group. > > To unsubscribe from this group and stop receiving emails > from it, send > > an email to privacyidea...@googlegroups.com. > > To post to this group, send email to > priva...@googlegroups.com. > > Visit this group at > https://groups.google.com/group/privacyidea. > > To view this discussion on the web visit > > > https://groups.google.com/d/msgid/privacyidea/de8f2ff8-c02e-4de9-8415-5bfb171b18c2%40googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. > > -- > Cornelius Kölbel > corneliu...@netknights.it > +49 151 2960 1417 > > NetKnights GmbH > http://www.netknights.it > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > Tel: +49 561 3166797, Fax: +49 561 3166798 > > Amtsgericht Kassel, HRB 16405 > Geschäftsführer: Cornelius Kölbel > > > -- > Please read the blog post about getting help > https://www.privacyidea.org/getting-help/. > > For professional services and consultancy regarding two factor > authentication please visit > https://netknights.it/en/leistungen/one-time-services/ > > In an enterprise environment you should get a SERVICE LEVEL AGREEMENT > which suites your needs for SECURITY, AVAILABILITY and LIABILITY: > https://netknights.it/en/leistungen/service-level-agreements/ > --- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > Visit this group at https://groups.google.com/group/privacyidea. > To view this discussion on the web visit > https://groups.google.com/d/msgid/privacyidea/d68ea812-94cb-4b66-8205-30c7ea0abeb2%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
Please read the blog post about getting help
Getting help – privacyID3A.For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - VerschlüsselungIn an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support LevelYou received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/b6034247-ba7d-4e6d-b5e7-a899967d1bc0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (836 Bytes)
Hello Cornelius,
excuse me for delay but I was out of office.
Thank you very much to your for the quick support and fix!
I’ve performed the testing now and it works as expected.
Best Regards
SimOn Wednesday, May 4, 2016 at 2:52:41 PM UTC+2, Cornelius Kölbel wrote:
Hello Sim,
congratulations and thanks a lot!
You found a severe bug, for wich we just released the advisory and
fix/update.
Please read here:Bug in passOnNoUser policy allows arbitrary authentication – privacyID3A
Kind regards
CorneliusAm Dienstag, den 03.05.2016, 05:19 -0700 schrieb simv...@gmail.com
<javascript:>:Thank you Cornelius!
Sim
On Tuesday, May 3, 2016 at 2:10:41 PM UTC+2, Cornelius Kölbel wrote:
Hi Sim,I will create a test case for this and come back to you. Kind regards Cornelius Am Dienstag, den 03.05.2016, 04:46 -0700 schrieb simv...@gmail.com: > Hello Cornelius, > thank you for the quick reply! :-) > > The settings are real simple. > > REALMS: > business -> business-mysql [] (sqlresolver) > > USERS: > business-mysql -> sqlresolver (local DB/TABLE) > > POLICIES: > business_authentication -> authentication { "passOnNoUser": true, > "passOnNoToken": true } [ "business" ] [] [ "business-mysql" ] [] > > > I've an external application (with local accounts user/pass) > For login are requested "user, password and otp (optional)" > Otp will be checked outside that system (privacyIDEA in this case) > with POST/json query (user/token). > I would not want to create all users in privacyIDEA, and i need a > "true" reply for no-user (into sqlresolver) and no-token (created > users but without OTP) > > Enabling "passOnNoUser: true" and "passOnNoToken: true" privacyIDEA > reply: > > access granted if the user is present (ok!), > ERR905 if the local user is not present (why?), > access granted if the user is present with token but bad token (why?) > > Thanks you again! > > Sim > > On Tuesday, May 3, 2016 at 1:17:33 PM UTC+2, Cornelius Kölbel wrote: > Hi Sim, > > can you please describe > - your settings, > - what you are doing and > - the effects you get in more detail? > > I don't quite get your problem. > > Thanks a lot > Cornelius > > Am Dienstag, den 03.05.2016, 04:12 -0700 schrieb > simv...@gmail.com: > > Hello! > > I'm using privacyIDEA 2.11.2. > > > > Setting passOnNoUser and passOnNoToken this is the result: > > > > Reply-Message = "ERR905: The user can not be found in any > resolver in > > this realm!" if the user is not present.... > > > > or > > > > Reply-Message = "privacyIDEA access granted" also if the > user is > > present and has token assigned! > > > > Is it a bug? > > Could you help me? > > > > Regards > > > > --- > > Sim > > > > -- > > Please read the blog post about getting help > > https://www.privacyidea.org/getting-help/. > > > > For professional services and consultancy regarding two > factor > > authentication please visit > > https://netknights.it/en/leistungen/one-time-services/ > > > > In an enterprise environment you should get a SERVICE LEVEL > AGREEMENT > > which suites your needs for SECURITY, AVAILABILITY and > LIABILITY: > > > https://netknights.it/en/leistungen/service-level-agreements/ > > --- > > You received this message because you are subscribed to the > Google > > Groups "privacyidea" group. > > To unsubscribe from this group and stop receiving emails > from it, send > > an email to privacyidea...@googlegroups.com. > > To post to this group, send email to > priva...@googlegroups.com. > > Visit this group at > https://groups.google.com/group/privacyidea. > > To view this discussion on the web visit > > >> > For more options, visit https://groups.google.com/d/optout. > > -- > Cornelius Kölbel > corneliu...@netknights.it > +49 151 2960 1417 > > NetKnights GmbH > http://www.netknights.it > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > Tel: +49 561 3166797, Fax: +49 561 3166798 > > Amtsgericht Kassel, HRB 16405 > Geschäftsführer: Cornelius Kölbel > > > -- > Please read the blog post about getting help > https://www.privacyidea.org/getting-help/. > > For professional services and consultancy regarding two factor > authentication please visit > https://netknights.it/en/leistungen/one-time-services/ > > In an enterprise environment you should get a SERVICE LEVEL AGREEMENT > which suites your needs for SECURITY, AVAILABILITY and LIABILITY: > https://netknights.it/en/leistungen/service-level-agreements/ > --- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > Visit this group at https://groups.google.com/group/privacyidea. > To view this discussion on the web visit >> For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
Please read the blog post about getting help
Getting help – privacyID3A.For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - VerschlüsselungIn an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support LevelYou received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visitFor more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
corneliu…@netknights.it <javascript:>
+49 151 2960 1417NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
Hi Sim,
thanks a lot for the feedback.
Kind regards
CorneliusAm Donnerstag, den 05.05.2016, 12:10 -0700 schrieb simvirus@gmail.com:
Hello Cornelius,
excuse me for delay but I was out of office.
Thank you very much to your for the quick support and fix!
I’ve performed the testing now and it works as expected.Best Regards
Sim
On Wednesday, May 4, 2016 at 2:52:41 PM UTC+2, Cornelius Kölbel wrote:
Hello Sim,congratulations and thanks a lot! You found a severe bug, for wich we just released the advisory and fix/update. Please read here: https://www.privacyidea.org/bug-passonnouser-policy-allows-arbitrary-authentication/ Kind regards Cornelius Am Dienstag, den 03.05.2016, 05:19 -0700 schrieb simv...@gmail.com: > Thank you Cornelius! :-) > > Sim > > > On Tuesday, May 3, 2016 at 2:10:41 PM UTC+2, Cornelius Kölbel wrote: > Hi Sim, > > I will create a test case for this and come back to you. > > Kind regards > Cornelius > > Am Dienstag, den 03.05.2016, 04:46 -0700 schrieb > simv...@gmail.com: > > Hello Cornelius, > > thank you for the quick reply! :-) > > > > The settings are real simple. > > > > REALMS: > > business -> business-mysql [] (sqlresolver) > > > > USERS: > > business-mysql -> sqlresolver (local DB/TABLE) > > > > POLICIES: > > business_authentication -> authentication { "passOnNoUser": > true, > > "passOnNoToken": true } [ "business" ] [] [ "business-mysql" > ] [] > > > > > > I've an external application (with local accounts > user/pass) > > For login are requested "user, password and otp (optional)" > > Otp will be checked outside that system (privacyIDEA in this > case) > > with POST/json query (user/token). > > I would not want to create all users in privacyIDEA, and i > need a > > "true" reply for no-user (into sqlresolver) and no-token > (created > > users but without OTP) > > > > Enabling "passOnNoUser: true" and "passOnNoToken: true" > privacyIDEA > > reply: > > > > access granted if the user is present (ok!), > > ERR905 if the local user is not present (why?), > > access granted if the user is present with token but bad > token (why?) > > > > Thanks you again! > > > > Sim > > > > On Tuesday, May 3, 2016 at 1:17:33 PM UTC+2, Cornelius Kölbel wrote: > > Hi Sim, > > > > can you please describe > > - your settings, > > - what you are doing and > > - the effects you get in more detail? > > > > I don't quite get your problem. > > > > Thanks a lot > > Cornelius > > > > Am Dienstag, den 03.05.2016, 04:12 -0700 schrieb > > simv...@gmail.com: > > > Hello! > > > I'm using privacyIDEA 2.11.2. > > > > > > Setting passOnNoUser and passOnNoToken this is the > result: > > > > > > Reply-Message = "ERR905: The user can not be found > in any > > resolver in > > > this realm!" if the user is not present.... > > > > > > or > > > > > > Reply-Message = "privacyIDEA access granted" also > if the > > user is > > > present and has token assigned! > > > > > > Is it a bug? > > > Could you help me? > > > > > > Regards > > > > > > --- > > > Sim > > > > > > -- > > > Please read the blog post about getting help > > > https://www.privacyidea.org/getting-help/. > > > > > > For professional services and consultancy > regarding two > > factor > > > authentication please visit > > > > https://netknights.it/en/leistungen/one-time-services/ > > > > > > In an enterprise environment you should get a > SERVICE LEVEL > > AGREEMENT > > > which suites your needs for SECURITY, AVAILABILITY > and > > LIABILITY: > > > > > > https://netknights.it/en/leistungen/service-level-agreements/ > > > --- > > > You received this message because you are > subscribed to the > > Google > > > Groups "privacyidea" group. > > > To unsubscribe from this group and stop receiving > emails > > from it, send > > > an email to privacyidea...@googlegroups.com. > > > To post to this group, send email to > > priva...@googlegroups.com. > > > Visit this group at > > https://groups.google.com/group/privacyidea. > > > To view this discussion on the web visit > > > > > > https://groups.google.com/d/msgid/privacyidea/de8f2ff8-c02e-4de9-8415-5bfb171b18c2%40googlegroups.com. > > > For more options, visit > https://groups.google.com/d/optout. > > > > -- > > Cornelius Kölbel > > corneliu...@netknights.it > > +49 151 2960 1417 > > > > NetKnights GmbH > > http://www.netknights.it > > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > > Tel: +49 561 3166797, Fax: +49 561 3166798 > > > > Amtsgericht Kassel, HRB 16405 > > Geschäftsführer: Cornelius Kölbel > > > > > > -- > > Please read the blog post about getting help > > https://www.privacyidea.org/getting-help/. > > > > For professional services and consultancy regarding two > factor > > authentication please visit > > https://netknights.it/en/leistungen/one-time-services/ > > > > In an enterprise environment you should get a SERVICE LEVEL > AGREEMENT > > which suites your needs for SECURITY, AVAILABILITY and > LIABILITY: > > > https://netknights.it/en/leistungen/service-level-agreements/ > > --- > > You received this message because you are subscribed to the > Google > > Groups "privacyidea" group. > > To unsubscribe from this group and stop receiving emails > from it, send > > an email to privacyidea...@googlegroups.com. > > To post to this group, send email to > priva...@googlegroups.com. > > Visit this group at > https://groups.google.com/group/privacyidea. > > To view this discussion on the web visit > > > https://groups.google.com/d/msgid/privacyidea/d68ea812-94cb-4b66-8205-30c7ea0abeb2%40googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. > > -- > Cornelius Kölbel > corneliu...@netknights.it > +49 151 2960 1417 > > NetKnights GmbH > http://www.netknights.it > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > Tel: +49 561 3166797, Fax: +49 561 3166798 > > Amtsgericht Kassel, HRB 16405 > Geschäftsführer: Cornelius Kölbel > > > -- > Please read the blog post about getting help > https://www.privacyidea.org/getting-help/. > > For professional services and consultancy regarding two factor > authentication please visit > https://netknights.it/en/leistungen/one-time-services/ > > In an enterprise environment you should get a SERVICE LEVEL AGREEMENT > which suites your needs for SECURITY, AVAILABILITY and LIABILITY: > https://netknights.it/en/leistungen/service-level-agreements/ > --- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > Visit this group at https://groups.google.com/group/privacyidea. > To view this discussion on the web visit > https://groups.google.com/d/msgid/privacyidea/b6034247-ba7d-4e6d-b5e7-a899967d1bc0%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
Please read the blog post about getting help
Getting help – privacyID3A.For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - VerschlüsselungIn an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support LevelYou received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/d9d81698-3e1e-4e37-bd78-345e0e8744da%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (836 Bytes)