Hi Sim,
thanks a lot for the feedback.
Kind regards
CorneliusAm Donnerstag, den 05.05.2016, 12:10 -0700 schrieb simvirus@gmail.com:
Hello Cornelius,
excuse me for delay but I was out of office.
Thank you very much to your for the quick support and fix!
I’ve performed the testing now and it works as expected.
Best Regards
Sim
On Wednesday, May 4, 2016 at 2:52:41 PM UTC+2, Cornelius Kölbel wrote:
Hello Sim,
congratulations and thanks a lot!
You found a severe bug, for wich we just released the advisory
and
fix/update.
Please read here:
https://www.privacyidea.org/bug-passonnouser-policy-allows-arbitrary-authentication/
Kind regards
Cornelius
Am Dienstag, den 03.05.2016, 05:19 -0700 schrieb
simv...@gmail.com:
> Thank you Cornelius! :-)
>
> Sim
>
>
> On Tuesday, May 3, 2016 at 2:10:41 PM UTC+2, Cornelius Kölbel wrote:
> Hi Sim,
>
> I will create a test case for this and come back to
you.
>
> Kind regards
> Cornelius
>
> Am Dienstag, den 03.05.2016, 04:46 -0700 schrieb
> simv...@gmail.com:
> > Hello Cornelius,
> > thank you for the quick reply! :-)
> >
> > The settings are real simple.
> >
> > REALMS:
> > business -> business-mysql [] (sqlresolver)
> >
> > USERS:
> > business-mysql -> sqlresolver (local DB/TABLE)
> >
> > POLICIES:
> > business_authentication -> authentication
{ "passOnNoUser":
> true,
> > "passOnNoToken": true } [ "business" ] []
[ "business-mysql"
> ] []
> >
> >
> > I've an external application (with local accounts
> user/pass)
> > For login are requested "user, password and otp
(optional)"
> > Otp will be checked outside that system
(privacyIDEA in this
> case)
> > with POST/json query (user/token).
> > I would not want to create all users in
privacyIDEA, and i
> need a
> > "true" reply for no-user (into sqlresolver) and
no-token
> (created
> > users but without OTP)
> >
> > Enabling "passOnNoUser: true" and "passOnNoToken:
true"
> privacyIDEA
> > reply:
> >
> > access granted if the user is present (ok!),
> > ERR905 if the local user is not present (why?),
> > access granted if the user is present with token
but bad
> token (why?)
> >
> > Thanks you again!
> >
> > Sim
> >
> > On Tuesday, May 3, 2016 at 1:17:33 PM UTC+2, Cornelius Kölbel wrote:
> > Hi Sim,
> >
> > can you please describe
> > - your settings,
> > - what you are doing and
> > - the effects you get in more detail?
> >
> > I don't quite get your problem.
> >
> > Thanks a lot
> > Cornelius
> >
> > Am Dienstag, den 03.05.2016, 04:12 -0700 schrieb
> > simv...@gmail.com:
> > > Hello!
> > > I'm using privacyIDEA 2.11.2.
> > >
> > > Setting passOnNoUser and passOnNoToken
this is the
> result:
> > >
> > > Reply-Message = "ERR905: The user can
not be found
> in any
> > resolver in
> > > this realm!" if the user is not
present....
> > >
> > > or
> > >
> > > Reply-Message = "privacyIDEA access
granted" also
> if the
> > user is
> > > present and has token assigned!
> > >
> > > Is it a bug?
> > > Could you help me?
> > >
> > > Regards
> > >
> > > ---
> > > Sim
> > >
> > > --
> > > Please read the blog post about getting
help
> > >
https://www.privacyidea.org/getting-help/.
> > >
> > > For professional services and
consultancy
> regarding two
> > factor
> > > authentication please visit
> > >
>
https://netknights.it/en/leistungen/one-time-services/
> > >
> > > In an enterprise environment you should
get a
> SERVICE LEVEL
> > AGREEMENT
> > > which suites your needs for SECURITY,
AVAILABILITY
> and
> > LIABILITY:
> > >
> >
>
https://netknights.it/en/leistungen/service-level-agreements/
> > > ---
> > > You received this message because you
are
> subscribed to the
> > Google
> > > Groups "privacyidea" group.
> > > To unsubscribe from this group and stop
receiving
> emails
> > from it, send
> > > an email to
privacyidea...@googlegroups.com.
> > > To post to this group, send email to
> > priva...@googlegroups.com.
> > > Visit this group at
> >
https://groups.google.com/group/privacyidea.
> > > To view this discussion on the web
visit
> > >
> >
>
https://groups.google.com/d/msgid/privacyidea/de8f2ff8-c02e-4de9-8415-5bfb171b18c2%40googlegroups.com.
> > > For more options, visit
> https://groups.google.com/d/optout.
> >
> > --
> > Cornelius Kölbel
> > corneliu...@netknights.it
> > +49 151 2960 1417
> >
> > NetKnights GmbH
> > http://www.netknights.it
> > Landgraf-Karl-Str. 19, 34131 Kassel,
Germany
> > Tel: +49 561 3166797, Fax: +49 561
3166798
> >
> > Amtsgericht Kassel, HRB 16405
> > Geschäftsführer: Cornelius Kölbel
> >
> >
> > --
> > Please read the blog post about getting help
> > https://www.privacyidea.org/getting-help/.
> >
> > For professional services and consultancy
regarding two
> factor
> > authentication please visit
> >
https://netknights.it/en/leistungen/one-time-services/
> >
> > In an enterprise environment you should get a
SERVICE LEVEL
> AGREEMENT
> > which suites your needs for SECURITY, AVAILABILITY
and
> LIABILITY:
> >
>
https://netknights.it/en/leistungen/service-level-agreements/
> > ---
> > You received this message because you are
subscribed to the
> Google
> > Groups "privacyidea" group.
> > To unsubscribe from this group and stop receiving
emails
> from it, send
> > an email to privacyidea...@googlegroups.com.
> > To post to this group, send email to
> priva...@googlegroups.com.
> > Visit this group at
> https://groups.google.com/group/privacyidea.
> > To view this discussion on the web visit
> >
>
https://groups.google.com/d/msgid/privacyidea/d68ea812-94cb-4b66-8205-30c7ea0abeb2%40googlegroups.com.
> > For more options, visit
https://groups.google.com/d/optout.
>
> --
> Cornelius Kölbel
> corneliu...@netknights.it
> +49 151 2960 1417
>
> NetKnights GmbH
> http://www.netknights.it
> Landgraf-Karl-Str. 19, 34131 Kassel, Germany
> Tel: +49 561 3166797, Fax: +49 561 3166798
>
> Amtsgericht Kassel, HRB 16405
> Geschäftsführer: Cornelius Kölbel
>
>
> --
> Please read the blog post about getting help
> https://www.privacyidea.org/getting-help/.
>
> For professional services and consultancy regarding two
factor
> authentication please visit
> https://netknights.it/en/leistungen/one-time-services/
>
> In an enterprise environment you should get a SERVICE LEVEL
AGREEMENT
> which suites your needs for SECURITY, AVAILABILITY and
LIABILITY:
>
https://netknights.it/en/leistungen/service-level-agreements/
> ---
> You received this message because you are subscribed to the
Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails
from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to
priva...@googlegroups.com.
> Visit this group at
https://groups.google.com/group/privacyidea.
> To view this discussion on the web visit
>
https://groups.google.com/d/msgid/privacyidea/b6034247-ba7d-4e6d-b5e7-a899967d1bc0%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
–
Please read the blog post about getting help
Getting help – privacyID3A.
For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - Verschlüsselung
In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support Level
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/d9d81698-3e1e-4e37-bd78-345e0e8744da%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (836 Bytes)