Debian + Error during installation

Issue solved!!! :slight_smile:

WSGIScriptAlias / /etc/privacyidea/piapp.wsgi

I can’t define another scriptalias as the root directory… :slight_smile:

This is the correct error log

Syntax error on line 1 of /etc/apache2/sites-enabled/privacyidea.conf:
Invalid command ‘WSGIPythonHome’, perhaps misspelled or defined by a module
not included in the server configuration
Action ‘configtest’ failed.
The Apache error log may have more information.
failed!

Line 1:

WSGIPythonHome /opt/privacyidea/privacyidea-venv

Hi,

this is wired.
It should not bother about the DocumentRoot.
Which URL are you calling?

Kind regards
CorneliusAm 22.02.2015 um 13:47 schrieb Stefan Steuer:

in the Privacyidea.conf you have the line with the Documentroot

 DocumentRoot /var/www

But there are no files - so the result is, when I try to open the
website with the patch which I definied in the WSGIScriptAlias I’ll
get the following error-code in the apache-log

File does not exist: /var/www/pi


You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/f159c173-f815-41c0-8bb8-0d1829fdcd45%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/f159c173-f815-41c0-8bb8-0d1829fdcd45%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

in the Privacyidea.conf you have the line with the Documentroot

 DocumentRoot /var/www

But there are no files - so the result is, when I try to open the website
with the patch which I definied in the WSGIScriptAlias I’ll get the
following error-code in the apache-log

File does not exist: /var/www/pi

Obviously this is an Apache issue.

You are writing “conf.d/orts.conf” but it looks like a “sites-available”?

If you want to run both applications on one port on one server you must
only have one VIrtualHost definition.
I.e. you need to have one link in

/etc/apache2/sites-available/

listening on port 443 with ONE certificate.

In this VirtualHost defintion you might have

WSGIScriptAlias /pi  /pathto/wsgi/scirp
ScriptAlias /otrs/ ....
Alias /otrs-web/....

Kind regards
CorneliusAm 22.02.2015 um 18:27 schrieb Stefan Steuer:

Yes - OTRS and privacyIDEA are on the same host.

apache.conf: default config.

privacyidea.conf as posted.

conf.d/otrs.conf

         # --

        # added for OTRS (http://otrs.org/)

        # --


        ScriptAlias /otrs/ "/opt/otrs/bin/cgi-bin/"

        Alias /otrs-web/ "/opt/otrs/var/httpd/htdocs/"


        <IfModule mod_perl.c>


            # Setup environment and preload modules

            Perlrequire /opt/otrs/scripts/apache2-perl-startup.pl


            # Reload Perl modules when changed on disk

            PerlModule Apache2::Reload

            PerlInitHandler Apache2::Reload


            # general mod_perl2 options

            <Location /otrs>

        #        ErrorDocument 403 /otrs/customer.pl

                ErrorDocument 403 /otrs/index.pl

                SetHandler  perl-script

                PerlResponseHandler ModPerl::Registry

                Options +ExecCGI

                PerlOptions +ParseHeaders

                PerlOptions +SetupEnv

         

         <IfModule mod_version.c>

                <IfVersion < 2.4>

                    Order allow,deny

                    Allow from all

                </IfVersion>

                <IfVersion >= 2.4>

                    Require all granted

                </IfVersion>

            </IfModule>

            <IfModule !mod_version.c>

                Order allow,deny

                Allow from all

            </IfModule>


            <IfModule mod_deflate.c>

                AddOutputFilterByType DEFLATE text/html
        text/javascript text/css text/xml application/json text/json

            </IfModule>

        </Directory>


        <Directory "/opt/otrs/var/httpd/htdocs/">

            AllowOverride None


            <IfModule mod_version.c>

                <IfVersion < 2.4>

                    Order allow,deny

                    Allow from all

                </IfVersion>

                <IfVersion >= 2.4>

                    Require all granted

                </IfVersion>

            </IfModule>

            <IfModule !mod_version.c>

                Order allow,deny

                Allow from all

            </IfModule>


            <IfModule mod_deflate.c>

                AddOutputFilterByType DEFLATE text/html
        text/javascript text/css text/xml application/json text/json

            </IfModule>


            # Make sure CSS and JS files are read as UTF8 by the
        browsers.

            AddCharset UTF-8 .css

            AddCharset UTF-8 .js


            # Set explicit mime type for woff fonts since it is
        relatively new and apache may not know about it.

            AddType application/font-woff .woff


        </Directory>


        <IfModule mod_headers.c>

            # Cache css-cache for 30 days

            <Directory
        "/opt/otrs/var/httpd/htdocs/skins/*/*/css-cache">

                <FilesMatch "\.(css|CSS)$">

                    Header set Cache-Control "max-age=2592000
        must-revalidate"

            <FilesMatch "\.(css|CSS)$">

                Header set Cache-Control "max-age=2592000
    must-revalidate"

            </FilesMatch>

        </Directory>


        # Cache css thirdparty for 4 hours, including icon fonts

        <Directory
    "/opt/otrs/var/httpd/htdocs/skins/*/*/css/thirdparty">

            <FilesMatch "\.(css|CSS|woff|svg)$">

                Header set Cache-Control "max-age=14400
    must-revalidate"

            </FilesMatch>

        </Directory>


        # Cache js-cache for 30 days

        <Directory "/opt/otrs/var/httpd/htdocs/js/js-cache">

            <FilesMatch "\.(js|JS)$">

                Header set Cache-Control "max-age=2592000
    must-revalidate"

            </FilesMatch>

        </Directory>


        # Cache js thirdparty for 4 hours

        <Directory "/opt/otrs/var/httpd/htdocs/js/thirdparty/">

            <FilesMatch "\.(js|JS)$">

                Header set Cache-Control "max-age=14400
    must-revalidate"

            </FilesMatch>

        </Directory>

    </IfModule>


    # Limit the number of requests per child to avoid excessive
    memory usage

    MaxRequestsPerChild 4000


You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/e4be1154-3c3e-4f55-b37a-b713fe8891e2%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/e4be1154-3c3e-4f55-b37a-b713fe8891e2%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

This is my privacyidea.conf - site is enabled.

WSGIPythonHome /opt/privacyidea/privacyidea-venv/

ServerAdmin webmaster@localhost
# You might want to change this
ServerName localhost

 DocumentRoot /var/www
 <Directory />
         # For Apache 2.4 you need to set this:
         # Require all granted
         Options FollowSymLinks
         AllowOverride None
 </Directory>

 # We can run several instances on different paths with different 

configurations
WSGIScriptAlias /pi/ /etc/privacyidea/piapp.wsgi#
# The daemon is running as user ‘privacyidea’
# This user should have access to the encKey database encryption file
WSGIDaemonProcess privacyidea processes=1 threads=15
display-name=%{GROUP} user=privacyidea
WSGIProcessGroup privacyidea
WSGIPassAuthorization On

 ErrorLog /var/log/apache2/error.log

 LogLevel warn
 LogFormat "%h %l %u %t %>s \"%m %U %H\"  %b \"%{Referer}i\" 

“%{User-agent}i”" privacyIDEA
CustomLog /var/log/apache2/ssl_access.log privacyIDEA

 #   SSL Engine Switch:
 #   Enable/Disable SSL for this virtual host.
 SSLEngine off

 #   If both key and certificate are stored in the same file, only the
 #   SSLCertificateFile directive is needed.

SSLCertificateFile /etc/ssl/certs/privacyideaserver.pem

SSLCertificateKeyFile /etc/ssl/private/privacyideaserver.key

 <FilesMatch "\.(cgi|shtml|phtml|php)$">
         SSLOptions +StdEnvVars
 </FilesMatch>
 <Directory /usr/lib/cgi-bin>
         SSLOptions +StdEnvVars
 </Directory>
 BrowserMatch ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

I just checked,

You must not use

“require all granted”, since probably you are running apache 2.2

The other stuff should work, so we need to check your apache config.

Kind regards
CorneliusAm 22.02.2015 um 13:47 schrieb Stefan Steuer:

in the Privacyidea.conf you have the line with the Documentroot

 DocumentRoot /var/www

But there are no files - so the result is, when I try to open the
website with the patch which I definied in the WSGIScriptAlias I’ll
get the following error-code in the apache-log

File does not exist: /var/www/pi


You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/f159c173-f815-41c0-8bb8-0d1829fdcd45%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/f159c173-f815-41c0-8bb8-0d1829fdcd45%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

Hi Stefan,

it depends on how you configured the apache vhost.
The URL is determined by the WSGIScriptAlias in your config.
I.e. be default it is /, but you could set it to any other path.

Kind regards
CorneliusAm 22.02.2015 um 11:49 schrieb Stefan Steuer:

Hi,
you should add to the manual, that the user has to add the
directory /var/log/privacyidea/ manually.

What is the url for the admin control panel after I installed the
package successful?

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/60b6c40f-c38a-40f0-af55-23f5995c2d8b%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/60b6c40f-c38a-40f0-af55-23f5995c2d8b%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

he last problem is that I’ll get a blank page while opening the otrs-login
screen.

Apache error log:

ERROR: OTRS-CGI-98 Perl: 5.14.2 OS: linux Time: Sun Feb 22 17:10:33 2015
Message: Can’t load backend module Kernel::System::Auth::privacyIDEA!
RemoteAddress: xxx
RequestURI: /otrs/index.pl
Traceback (5256):
Module: Kernel::System::Auth::new Line: 69
Module: Kernel::System::ObjectManager::_ObjectBuild Line: 222
Module: Kernel::System::ObjectManager::Get Line: 176
Module: Kernel::System::Web::InterfaceAgent::Run Line: 721
Module:
ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler
Line: 41
Module: (eval) (v1.99) Line: 204
Module: ModPerl::RegistryCooker::run (v1.99) Line: 204
Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 170
Module: ModPerl::Registry::handler (v1.99) Line: 31

Config.pm> $Self->{‘AuthModule’} = ‘Kernel::System::Auth::privacyIDEA’;

$Self->{‘AuthModule::privacyIDEA::URL’} = "

http://localhost:5001/validate/simplecheck";

Obviously your apache configuration is interfering.

As mentioned, I assume, that your are running OTRS in the same Apache host?
How does your apache config look like?

Then you need to run privacyIDEA with the wsgiscript alias. Otherwise
the path /otrs/index.pl would be grapped by the WSGI script.

Kind regards
COrneliusAm 22.02.2015 um 18:03 schrieb Stefan Steuer:

any idea regarding the blank otrs login screen?

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/5f29a27e-3c5a-4195-ab4c-84134a328b3b%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/5f29a27e-3c5a-4195-ab4c-84134a328b3b%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

When you need an access to my test enviroment - I can send you the
credentials via pnOn Sunday, February 22, 2015 at 2:42:54 PM UTC+1, Cornelius Kölbel wrote:

You should specify

WSGIScriptAlias /pi /etc…

(without a trailing slash - otherwise you need to call explicitly
https://yourmachine/pi/)

But on top of this it looks like, that little error found its way back in,
when specifying a path at the WSGIScriptAlias.

I need to look into it.

Kind regards
Cornelius

Am 22.02.2015 um 14:34 schrieb Stefan Steuer:

This is my privacyidea.conf - site is enabled.

WSGIPythonHome /opt/privacyidea/privacyidea-venv/

ServerAdmin webmaster@localhost
# You might want to change this
ServerName localhost

  DocumentRoot /var/www
 <Directory />
         # For Apache 2.4 you need to set this:
         # Require all granted
         Options FollowSymLinks
         AllowOverride None
 </Directory>

  # We can run several instances on different paths with different 

configurations
WSGIScriptAlias /pi/ /etc/privacyidea/piapp.wsgi
#
# The daemon is running as user ‘privacyidea’
# This user should have access to the encKey database encryption file
WSGIDaemonProcess privacyidea processes=1 threads=15
display-name=%{GROUP} user=privacyidea
WSGIProcessGroup privacyidea
WSGIPassAuthorization On

  ErrorLog /var/log/apache2/error.log

  LogLevel warn
 LogFormat "%h %l %u %t %>s \"%m %U %H\"  %b \"%{Referer}i\" 

“%{User-agent}i”" privacyIDEA
CustomLog /var/log/apache2/ssl_access.log privacyIDEA

  #   SSL Engine Switch:
 #   Enable/Disable SSL for this virtual host.
 SSLEngine off

  #   If both key and certificate are stored in the same file, only 

the
# SSLCertificateFile directive is needed.

SSLCertificateFile /etc/ssl/certs/privacyideaserver.pem

SSLCertificateKeyFile /etc/ssl/private/privacyideaserver.key

  <FilesMatch "\.(cgi|shtml|phtml|php)$">
         SSLOptions +StdEnvVars
 </FilesMatch>
 <Directory /usr/lib/cgi-bin>
         SSLOptions +StdEnvVars
 </Directory>
 BrowserMatch ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0


You received this message because you are subscribed to the Google Groups
"privacyidea" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/7157c04d-df2b-4381-ad72-5c9392fade91%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/7157c04d-df2b-4381-ad72-5c9392fade91%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

oh you’re right :slight_smile:
So i enabled the site and tried to reload the apache2… failed.

apache2 errorlog:

[Sun Feb 22 11:47:51 2015] [error] [client ] File does not exist:
/var/www/privacyidea
[Sun Feb 22 11:47:52 2015] [error] [client ] File does not exist:
/var/www/favicon.ico
[Sun Feb 22 11:53:23 2015] [error] [client ] File does not exist:
/var/www/privacyidea
[Sun Feb 22 11:53:27 2015] [error] [client ] File does not exist:
/var/www/pi
[Sun Feb 22 11:54:40 2015] [error] [client ] File does not exist:
/var/www/privacyidea-venv
[Sun Feb 22 13:14:15 2015] [error] [client ] File does not exist:
/var/www/productionOn Sunday, February 22, 2015 at 1:09:22 PM UTC+1, Cornelius Kölbel wrote:

Hi Stefan,

it depends on how you configured the apache vhost.
The URL is determined by the WSGIScriptAlias in your config.
I.e. be default it is /, but you could set it to any other path.

Kind regards
Cornelius

Am 22.02.2015 um 11:49 schrieb Stefan Steuer:

Hi,
you should add to the manual, that the user has to add the directory
/var/log/privacyidea/ manually.

What is the url for the admin control panel after I installed the
package successful?

You received this message because you are subscribed to the Google Groups
"privacyidea" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/60b6c40f-c38a-40f0-af55-23f5995c2d8b%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/60b6c40f-c38a-40f0-af55-23f5995c2d8b%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

You should specify

WSGIScriptAlias /pi /etc…

(without a trailing slash - otherwise you need to call explicitly
https://yourmachine/pi/)

But on top of this it looks like, that little error found its way back
in, when specifying a path at the WSGIScriptAlias.

I need to look into it.

Kind regards
CorneliusAm 22.02.2015 um 14:34 schrieb Stefan Steuer:

This is my privacyidea.conf - site is enabled.

WSGIPythonHome /opt/privacyidea/privacyidea-venv/

ServerAdmin webmaster@localhost
# You might want to change this
ServerName localhost

 DocumentRoot /var/www
 <Directory />
         # For Apache 2.4 you need to set this:
         # Require all granted
         Options FollowSymLinks
         AllowOverride None
 </Directory>

 # We can run several instances on different paths with different

configurations
WSGIScriptAlias /pi/ /etc/privacyidea/piapp.wsgi
#
# The daemon is running as user ‘privacyidea’
# This user should have access to the encKey database encryption file
WSGIDaemonProcess privacyidea processes=1 threads=15
display-name=%{GROUP} user=privacyidea
WSGIProcessGroup privacyidea
WSGIPassAuthorization On

 ErrorLog /var/log/apache2/error.log

 LogLevel warn
 LogFormat "%h %l %u %t %>s \"%m %U %H\"  %b \"%{Referer}i\"

“%{User-agent}i”" privacyIDEA
CustomLog /var/log/apache2/ssl_access.log privacyIDEA

 #   SSL Engine Switch:
 #   Enable/Disable SSL for this virtual host.
 SSLEngine off

 #   If both key and certificate are stored in the same file, only the
 #   SSLCertificateFile directive is needed.

SSLCertificateFile /etc/ssl/certs/privacyideaserver.pem

SSLCertificateKeyFile /etc/ssl/private/privacyideaserver.key

 <FilesMatch "\.(cgi|shtml|phtml|php)$">
         SSLOptions +StdEnvVars
 </FilesMatch>
 <Directory /usr/lib/cgi-bin>
         SSLOptions +StdEnvVars
 </Directory>
 BrowserMatch ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0


You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/7157c04d-df2b-4381-ad72-5c9392fade91%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/7157c04d-df2b-4381-ad72-5c9392fade91%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

Thanks, done.
Kind regards
CorneliusAm 22.02.2015 um 11:41 schrieb Stefan Steuer:

Hi,
I received the following error-code while the command

pi-manage.py createdb

(privacyidea-venv)root@mfaotrs:/# pi-manage.py createdb
The configuration name is: production
Additional configuration can be read from the file
/etc/privacyidea/pi.cfg
Traceback (most recent call last):
  File "/opt/privacyidea/privacyidea-venv/bin/pi-manage.py", line
44, in <module>
    app = create_app(config_name='production')
  File
"/opt/privacyidea/privacyidea-venv/local/lib/python2.7/site-packages/privacyidea/app.py",
line 109, in create_app
    maxBytes=10000000)
  File "/usr/lib/python2.7/logging/handlers.py", line 117, in
__init__
    BaseRotatingHandler.__init__(self, filename, mode, encoding,
delay)
  File "/usr/lib/python2.7/logging/handlers.py", line 64, in __init__
    logging.FileHandler.__init__(self, filename, mode, encoding,
delay)
  File "/usr/lib/python2.7/logging/__init__.py", line 901, in
__init__
    StreamHandler.__init__(self, self._open())
  File "/usr/lib/python2.7/logging/__init__.py", line 924, in _open
    stream = open(self.baseFilename, self.mode)
IOError: [Errno 2] No such file or directory:
'/var/log/privacyidea/privacyidea.log'


You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/4ee67a90-62c9-44b9-8f22-d3ffcd8a5d50%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/4ee67a90-62c9-44b9-8f22-d3ffcd8a5d50%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

Yes - OTRS and privacyIDEA are on the same host.

apache.conf: default config.

privacyidea.conf as posted.

conf.d/otrs.conf

–>>

added for OTRS (http://otrs.org/)

ScriptAlias /otrs/ “/opt/otrs/bin/cgi-bin/”

Alias /otrs-web/ “/opt/otrs/var/httpd/htdocs/”

# Setup environment and preload modules
Perlrequire /opt/otrs/scripts/apache2-perl-startup.pl
# Reload Perl modules when changed on disk
PerlModule Apache2::Reload

PerlInitHandler Apache2::Reload
# general mod_perl2 options
<Location /otrs>

ErrorDocument 403 /otrs/customer.pl

    ErrorDocument 403 /otrs/index.pl

    SetHandler  perl-script

    PerlResponseHandler ModPerl::Registry

    Options +ExecCGI

    PerlOptions +ParseHeaders

    PerlOptions +SetupEnv
    <IfVersion < 2.4>

        Order allow,deny

        Allow from all

    </IfVersion>

    <IfVersion >= 2.4>

        Require all granted

    </IfVersion>

</IfModule>

<IfModule !mod_version.c>

    Order allow,deny

    Allow from all

</IfModule>
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/javascript text/css 

text/xml application/json text/json

</IfModule>

<Directory “/opt/otrs/var/httpd/htdocs/”>

AllowOverride None
<IfModule mod_version.c>
    <IfVersion < 2.4>

        Order allow,deny

        Allow from all

    </IfVersion>

    <IfVersion >= 2.4>

        Require all granted

    </IfVersion>

</IfModule>

<IfModule !mod_version.c>

    Order allow,deny

    Allow from all

</IfModule>
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/javascript text/css 

text/xml application/json text/json

</IfModule>
# Make sure CSS and JS files are read as UTF8 by the browsers.
AddCharset UTF-8 .css

AddCharset UTF-8 .js
# Set explicit mime type for woff fonts since it is relatively new 

and apache may not know about it.

AddType application/font-woff .woff
# Cache css-cache for 30 days

<Directory "/opt/otrs/var/httpd/htdocs/skins/*/*/css-cache">

    <FilesMatch "\.(css|CSS)$">

        Header set Cache-Control "max-age=2592000 must-revalidate"

    <FilesMatch "\.(css|CSS)$">
        Header set Cache-Control "max-age=2592000 must-revalidate"

    </FilesMatch>

</Directory>
# Cache css thirdparty for 4 hours, including icon fonts
<Directory "/opt/otrs/var/httpd/htdocs/skins/*/*/css/thirdparty">

    <FilesMatch "\.(css|CSS|woff|svg)$">

        Header set Cache-Control "max-age=14400 must-revalidate"

    </FilesMatch>

</Directory>
# Cache js-cache for 30 days
<Directory "/opt/otrs/var/httpd/htdocs/js/js-cache">

    <FilesMatch "\.(js|JS)$">

        Header set Cache-Control "max-age=2592000 must-revalidate"

    </FilesMatch>

</Directory>
# Cache js thirdparty for 4 hours
<Directory "/opt/otrs/var/httpd/htdocs/js/thirdparty/">

    <FilesMatch "\.(js|JS)$">

        Header set Cache-Control "max-age=14400 must-revalidate"

    </FilesMatch>

</Directory>

Limit the number of requests per child to avoid excessive memory usage

MaxRequestsPerChild 4000

The OTRS Error log is empty.
only in the apache log are entriesOn Monday, February 23, 2015 at 2:54:44 PM UTC+1, Cornelius Kölbel wrote:

What does the OTRS error log say?

And I think otrs writes to the apache error log, can you see anything
there?

Kind regards
Cornelius

Am 23.02.2015 um 14:52 schrieb Stefan Steuer:

Same result.
I think that the auth/privacyidea.pm is not compatible with OTRS4

On Monday, February 23, 2015 at 2:28:02 PM UTC+1, Cornelius Kölbel wrote:

OK, I was not aware, that you already activated the privacyIDEA module
in OTRS.

So you need to change this to the correct URL - I think in your case it
might be:

https://localhost/pi/validate/simplecheck

Kind regards
Cornelius


You received this message because you are subscribed to the Google Groups
"privacyidea" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/deaa6563-7427-4405-bbcb-487acfaac18f%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/deaa6563-7427-4405-bbcb-487acfaac18f%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

What does the OTRS error log say?

And I think otrs writes to the apache error log, can you see anything there?

Kind regards
CorneliusAm 23.02.2015 um 14:52 schrieb Stefan Steuer:

Same result.
I think that the auth/privacyidea.pm is not compatible with OTRS4

On Monday, February 23, 2015 at 2:28:02 PM UTC+1, Cornelius Kölbel wrote:

OK, I was not aware, that you already activated the privacyIDEA
module in OTRS.

So you need to change this to the correct URL - I think in your
case it might be:

    https://localhost/pi/validate/simplecheck
<https://localhost/pi/validate/simplecheck>

Kind regards
Cornelius


You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/deaa6563-7427-4405-bbcb-487acfaac18f%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/deaa6563-7427-4405-bbcb-487acfaac18f%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

Same result.
I think that the auth/privacyidea.pm is not compatible with OTRS4On Monday, February 23, 2015 at 2:28:02 PM UTC+1, Cornelius Kölbel wrote:

OK, I was not aware, that you already activated the privacyIDEA module in
OTRS.

So you need to change this to the correct URL - I think in your case it
might be:

https://localhost/pi/validate/simplecheck

Kind regards
Cornelius

now I’d input the two lines into the /opt/otrs/Kernel/Config/Default.pm

result: blank page

Apache Error log:

[Mon Feb 23 15:18:50 2015] privacyIDEA.pm: Bareword found where operator
expected at /opt/otrs//Kernel/System/Auth/privacyIDEA.pm line 5, near ““en"
class”
[Mon Feb 23 15:18:50 2015] privacyIDEA.pm: (Missing operator before
class?)
[Mon Feb 23 15:18:50 2015] privacyIDEA.pm: Bareword found where operator
expected at /opt/otrs//Kernel/System/Auth/privacyIDEA.pm line 12, near
"privacyidea”
[Mon Feb 23 15:18:50 2015] privacyIDEA.pm: (Missing operator before
privacyidea?)
ERROR: OTRS-CGI-98 Perl: 5.14.2 OS: linux Time: Mon Feb 23 15:18:50 2015

Message: Unrecognized character \xC2; marked by <-- HERE after at master
<-- HERE near column 49 at /opt/otrs//Kernel/System/Auth/privacyIDEA.pm
line 12.

RemoteAddress: xxxxxx
RequestURI: /otrs/index.pl

Traceback (5403):
Module: Kernel::System::Auth::new Line: 69
Module: Kernel::System::ObjectManager::_ObjectBuild Line: 222
Module: Kernel::System::ObjectManager::Get Line: 176
Module: Kernel::System::Web::InterfaceAgent::Run Line: 721
Module:
ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler
Line: 41
Module: (eval) (v1.99) Line: 204
Module: ModPerl::RegistryCooker::run (v1.99) Line: 204
Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 170
Module: ModPerl::Registry::handler (v1.99) Line: 31

ERROR: OTRS-CGI-98 Perl: 5.14.2 OS: linux Time: Mon Feb 23 15:18:50 2015

Message: Can’t load backend module Kernel::System::Auth::privacyIDEA!

RemoteAddress: xxxx
RequestURI: /otrs/index.pl

Traceback (5403):
Module: Kernel::System::Auth::new Line: 69
Module: Kernel::System::ObjectManager::_ObjectBuild Line: 222
Module: Kernel::System::ObjectManager::Get Line: 176
Module: Kernel::System::Web::InterfaceAgent::Run Line: 721
Module:
ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler
Line: 41
Module: (eval) (v1.99) Line: 204
Module: ModPerl::RegistryCooker::run (v1.99) Line: 204
Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 170
Module: ModPerl::Registry::handler (v1.99) Line: 31On Monday, February 23, 2015 at 3:04:44 PM UTC+1, Stefan Steuer wrote:

The OTRS Error log is empty.
only in the apache log are entries

On Monday, February 23, 2015 at 2:54:44 PM UTC+1, Cornelius Kölbel wrote:

What does the OTRS error log say?

And I think otrs writes to the apache error log, can you see anything
there?

Kind regards
Cornelius

Am 23.02.2015 um 14:52 schrieb Stefan Steuer:

Same result.
I think that the auth/privacyidea.pm is not compatible with OTRS4

On Monday, February 23, 2015 at 2:28:02 PM UTC+1, Cornelius Kölbel wrote:

OK, I was not aware, that you already activated the privacyIDEA module
in OTRS.

So you need to change this to the correct URL - I think in your case it
might be:

https://localhost/pi/validate/simplecheck

Kind regards
Cornelius


You received this message because you are subscribed to the Google Groups
"privacyidea" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/deaa6563-7427-4405-bbcb-487acfaac18f%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/deaa6563-7427-4405-bbcb-487acfaac18f%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

Just looking into it.Am 23.02.2015 um 16:10 schrieb Stefan Steuer:

mhm… any idea?

On Monday, February 23, 2015 at 3:57:01 PM UTC+1, Cornelius Kölbel wrote:

Hi,

to my knowledge Logging in OTRS 3 was performed this way:

   
https://github.com/privacyidea/privacyidea/blob/master/authmodules/OTRS/privacyIDEA.pm#L36
<https://github.com/privacyidea/privacyidea/blob/master/authmodules/OTRS/privacyIDEA.pm#L36>

See:
   
http://otrs.perl-services.de/docs/otrs/rel-3_0/kernel_system_log.html
<http://otrs.perl-services.de/docs/otrs/rel-3_0/kernel_system_log.html>

But it looks like, as if it still should exist int 4:
   
http://otrs.perl-services.de/docs/otrs/rel-4_0/kernel_system_log.html
<http://otrs.perl-services.de/docs/otrs/rel-4_0/kernel_system_log.html>



Am 23.02.2015 um 15:42 schrieb Stefan Steuer:
[Mon Feb 23 15:39:03 2015] [error] [Mon Feb 23 15:39:03 2015] -e:
No LogObject! at /opt/otrs//Kernel/System/Auth/privacyIDEA.pm
line 24.\n
[Mon Feb 23 15:39:05 2015] [error] [Mon Feb 23 15:39:05 2015] -e:
No LogObject! at /opt/otrs//Kernel/System/Auth/privacyIDEA.pm
line 24.\n
[Mon Feb 23 15:41:37 2015] [error] [Mon Feb 23 15:41:37 2015] -e:
No LogObject! at /opt/otrs//Kernel/System/Auth/privacyIDEA.pm
line 24.\n


On Monday, February 23, 2015 at 3:40:45 PM UTC+1, Stefan Steuer wrote:

    Okay... i just found the issue...
    when I downloaded the file with wget he added some courios
    google content....

    Now I'll get an error 500 (apache error) which I can fix -
    hopefully ;)

-- 
You received this message because you are subscribed to the
Google Groups "privacyidea" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/3bb20cb1-a0a4-4b21-b1da-d30fe0410b0f%40googlegroups.com
<https://groups.google.com/d/msgid/privacyidea/3bb20cb1-a0a4-4b21-b1da-d30fe0410b0f%40googlegroups.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout
<https://groups.google.com/d/optout>.


You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/447e0f2c-45a7-4a0c-8486-244281675173%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/447e0f2c-45a7-4a0c-8486-244281675173%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.