I can say as much as this:
otrs 4.0 has changed a lot over 3.
This will be a new privacyidea otrs module!

Kind regards
CorneliusAm 23.02.2015 um 17:41 schrieb Cornelius Kölbel:

Good news!
I was able to reproduce the problem.
So the half way is done, now

Running a vanilla OTRS 4.0.5.

Kind regards
Cornelius

Am 23.02.2015 um 16:28 schrieb Cornelius Kölbel:

Just looking into it.

Am 23.02.2015 um 16:10 schrieb Stefan Steuer:

mhm… any idea?

On Monday, February 23, 2015 at 3:57:01 PM UTC+1, Cornelius Kölbel wrote:

Hi,

to my knowledge Logging in OTRS 3 was performed this way:

   
https://github.com/privacyidea/privacyidea/blob/master/authmodules/OTRS/privacyIDEA.pm#L36
<https://github.com/privacyidea/privacyidea/blob/master/authmodules/OTRS/privacyIDEA.pm#L36>

See:
   
http://otrs.perl-services.de/docs/otrs/rel-3_0/kernel_system_log.html
<http://otrs.perl-services.de/docs/otrs/rel-3_0/kernel_system_log.html>

But it looks like, as if it still should exist int 4:
   
http://otrs.perl-services.de/docs/otrs/rel-4_0/kernel_system_log.html
<http://otrs.perl-services.de/docs/otrs/rel-4_0/kernel_system_log.html>



Am 23.02.2015 um 15:42 schrieb Stefan Steuer:

[Mon Feb 23 15:39:03 2015] [error] [Mon Feb 23 15:39:03 2015]
-e: No LogObject! at
/opt/otrs//Kernel/System/Auth/privacyIDEA.pm line 24.\n
[Mon Feb 23 15:39:05 2015] [error] [Mon Feb 23 15:39:05 2015]
-e: No LogObject! at
/opt/otrs//Kernel/System/Auth/privacyIDEA.pm line 24.\n
[Mon Feb 23 15:41:37 2015] [error] [Mon Feb 23 15:41:37 2015]
-e: No LogObject! at
/opt/otrs//Kernel/System/Auth/privacyIDEA.pm line 24.\n


On Monday, February 23, 2015 at 3:40:45 PM UTC+1, Stefan Steuer wrote:

    Okay... i just found the issue...
    when I downloaded the file with wget he added some courios
    google content....

    Now I'll get an error 500 (apache error) which I can fix -
    hopefully ;)

-- 
You received this message because you are subscribed to the
Google Groups "privacyidea" group.
To unsubscribe from this group and stop receiving emails from
it, send an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/3bb20cb1-a0a4-4b21-b1da-d30fe0410b0f%40googlegroups.com
<https://groups.google.com/d/msgid/privacyidea/3bb20cb1-a0a4-4b21-b1da-d30fe0410b0f%40googlegroups.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout
<https://groups.google.com/d/optout>.

–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it,
send an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/447e0f2c-45a7-4a0c-8486-244281675173%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/447e0f2c-45a7-4a0c-8486-244281675173%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.
–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it,
send an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/54EB470E.4000802%40privacyidea.org
https://groups.google.com/d/msgid/privacyidea/54EB470E.4000802%40privacyidea.org?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.
–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/54EB5842.9050009%40privacyidea.org
https://groups.google.com/d/msgid/privacyidea/54EB5842.9050009%40privacyidea.org?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

Hi,

to my knowledge Logging in OTRS 3 was performed this way:

https://github.com/privacyidea/privacyidea/blob/master/authmodules/OTRS/privacyIDEA.pm#L36

See:
Perl Services - Softwareentwicklung mit Perl · ((OTRS)) Community Edition API Documentation

But it looks like, as if it still should exist int 4:
Perl Services - Softwareentwicklung mit Perl · ((OTRS)) Community Edition API Documentation 23.02.2015 um 15:42 schrieb Stefan Steuer:

[Mon Feb 23 15:39:03 2015] [error] [Mon Feb 23 15:39:03 2015] -e: No
LogObject! at /opt/otrs//Kernel/System/Auth/privacyIDEA.pm line 24.\n
[Mon Feb 23 15:39:05 2015] [error] [Mon Feb 23 15:39:05 2015] -e: No
LogObject! at /opt/otrs//Kernel/System/Auth/privacyIDEA.pm line 24.\n
[Mon Feb 23 15:41:37 2015] [error] [Mon Feb 23 15:41:37 2015] -e: No
LogObject! at /opt/otrs//Kernel/System/Auth/privacyIDEA.pm line 24.\n

On Monday, February 23, 2015 at 3:40:45 PM UTC+1, Stefan Steuer wrote:

Okay... i just found the issue...
when I downloaded the file with wget he added some courios google
content....

Now I'll get an error 500 (apache error) which I can fix -
hopefully ;)

–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/3bb20cb1-a0a4-4b21-b1da-d30fe0410b0f%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/3bb20cb1-a0a4-4b21-b1da-d30fe0410b0f%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

When I disable the site I’ll get also a blank page.
But I found the issue…

/opt/otrs/Kernel/Config.pm
$Self->{‘AuthModule’} = ‘Kernel::System::Auth::privacyIDEA’;
$Self->{‘AuthModule::privacyIDEA::URL’} =
“localhost:5001/validate/simplecheck”;

When I insert this two lines into the Config.PM I’ll get the blank page.
When delete them I’ll get the login screen.>

Hi Stefan,

…here we go.

I checked this module on my site. Please take a look, if it works for
you either.
https://github.com/privacyidea/privacyidea/blob/master/authmodules/OTRS/privacyIDEA-4_0.pm

In the header of the module you can see, how it should be configured in
Kernel/Config.pm.

$Self->{‘AuthModule’} = ‘Kernel::System::Auth::privacyIDEA’;

$Self->{‘AuthModule::privacyIDEA::URL’} = \

“https://localhost/validate/check”;

$Self->{‘AuthModule::privacyIDEA::disableSSLCheck’} = “yes”;

Note, that you need to call /validate/check now, not simplecheck.
If you have no valid certificate you need to define anything in
disableSSLCheck, like “yes”

Kind regards
CorneliusAm 23.02.2015 um 19:48 schrieb Stefan Steuer:

oh okay

On Monday, February 23, 2015 at 6:06:57 PM UTC+1, Cornelius Kölbel wrote:

I can say as much as this:
otrs 4.0 has changed a lot over 3.
This will be a new privacyidea otrs module!

Kind regards
Cornelius

Am 23.02.2015 um 17:41 schrieb Cornelius Kölbel:

Good news!
I was able to reproduce the problem.
So the half way is done, now ;-)

Running a vanilla OTRS 4.0.5.

Kind regards
Cornelius

Am 23.02.2015 um 16:28 schrieb Cornelius Kölbel:

Just looking into it.

Am 23.02.2015 um 16:10 schrieb Stefan Steuer:

mhm... any idea?

On Monday, February 23, 2015 at 3:57:01 PM UTC+1, Cornelius Kölbel wrote:

    Hi,

    to my knowledge Logging in OTRS 3 was performed this way:

       
    https://github.com/privacyidea/privacyidea/blob/master/authmodules/OTRS/privacyIDEA.pm#L36
    <https://github.com/privacyidea/privacyidea/blob/master/authmodules/OTRS/privacyIDEA.pm#L36>

    See:
       
    http://otrs.perl-services.de/docs/otrs/rel-3_0/kernel_system_log.html
    <http://otrs.perl-services.de/docs/otrs/rel-3_0/kernel_system_log.html>

    But it looks like, as if it still should exist int 4:
       
    http://otrs.perl-services.de/docs/otrs/rel-4_0/kernel_system_log.html
    <http://otrs.perl-services.de/docs/otrs/rel-4_0/kernel_system_log.html>



    Am 23.02.2015 um 15:42 schrieb Stefan Steuer:

    [Mon Feb 23 15:39:03 2015] [error] [Mon Feb 23 15:39:03
    2015] -e: No LogObject! at
    /opt/otrs//Kernel/System/Auth/privacyIDEA.pm line 24.\n
    [Mon Feb 23 15:39:05 2015] [error] [Mon Feb 23 15:39:05
    2015] -e: No LogObject! at
    /opt/otrs//Kernel/System/Auth/privacyIDEA.pm line 24.\n
    [Mon Feb 23 15:41:37 2015] [error] [Mon Feb 23 15:41:37
    2015] -e: No LogObject! at
    /opt/otrs//Kernel/System/Auth/privacyIDEA.pm line 24.\n


    On Monday, February 23, 2015 at 3:40:45 PM UTC+1, Stefan Steuer wrote:

        Okay... i just found the issue...
        when I downloaded the file with wget he added some
        courios google content....

        Now I'll get an error 500 (apache error) which I can
        fix - hopefully ;)

    -- 
    You received this message because you are subscribed to
    the Google Groups "privacyidea" group.
    To unsubscribe from this group and stop receiving emails
    from it, send an email to privacyidea...@googlegroups.com.
    To post to this group, send email to
    priva...@googlegroups.com.
    To view this discussion on the web visit
    https://groups.google.com/d/msgid/privacyidea/3bb20cb1-a0a4-4b21-b1da-d30fe0410b0f%40googlegroups.com
    <https://groups.google.com/d/msgid/privacyidea/3bb20cb1-a0a4-4b21-b1da-d30fe0410b0f%40googlegroups.com?utm_medium=email&utm_source=footer>.
    For more options, visit https://groups.google.com/d/optout
    <https://groups.google.com/d/optout>.

-- 
You received this message because you are subscribed to the
Google Groups "privacyidea" group.
To unsubscribe from this group and stop receiving emails from
it, send an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/447e0f2c-45a7-4a0c-8486-244281675173%40googlegroups.com
<https://groups.google.com/d/msgid/privacyidea/447e0f2c-45a7-4a0c-8486-244281675173%40googlegroups.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout
<https://groups.google.com/d/optout>.

-- 
You received this message because you are subscribed to the
Google Groups "privacyidea" group.
To unsubscribe from this group and stop receiving emails from
it, send an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/54EB470E.4000802%40privacyidea.org
<https://groups.google.com/d/msgid/privacyidea/54EB470E.4000802%40privacyidea.org?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout
<https://groups.google.com/d/optout>.

-- 
You received this message because you are subscribed to the
Google Groups "privacyidea" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/54EB5842.9050009%40privacyidea.org
<https://groups.google.com/d/msgid/privacyidea/54EB5842.9050009%40privacyidea.org?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout
<https://groups.google.com/d/optout>.

–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/4b78f975-d576-46f5-bb09-d343aa754239%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/4b78f975-d576-46f5-bb09-d343aa754239%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

[Mon Feb 23 15:39:03 2015] [error] [Mon Feb 23 15:39:03 2015] -e: No
LogObject! at /opt/otrs//Kernel/System/Auth/privacyIDEA.pm line 24.\n
[Mon Feb 23 15:39:05 2015] [error] [Mon Feb 23 15:39:05 2015] -e: No
LogObject! at /opt/otrs//Kernel/System/Auth/privacyIDEA.pm line 24.\n
[Mon Feb 23 15:41:37 2015] [error] [Mon Feb 23 15:41:37 2015] -e: No
LogObject! at /opt/otrs//Kernel/System/Auth/privacyIDEA.pm line 24.\nOn Monday, February 23, 2015 at 3:40:45 PM UTC+1, Stefan Steuer wrote:

Okay… i just found the issue…
when I downloaded the file with wget he added some courios google
content…

Now I’ll get an error 500 (apache error) which I can fix - hopefully

Hi Cornelius,
so I tried to extract the parameter but every time with the same result.

Blank page and the following apache error-code:

ERROR: OTRS-CGI-98 Perl: 5.14.2 OS: linux Time: Mon Feb 23 12:55:48 2015

Message: Can’t load backend module Kernel::System::Auth::privacyIDEA!

RemoteAddress: xxxxx

RequestURI: /otrs/index.pl

Traceback (4946):

Module: Kernel::System::Auth::new Line: 69

Module: Kernel::System::ObjectManager::_ObjectBuild Line: 222

Module: Kernel::System::ObjectManager::Get Line: 176

Module: Kernel::System::Web::InterfaceAgent::Run Line: 721

Module:

ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler
Line: 41

Module: (eval) (v1.99) Line: 204

Module: ModPerl::RegistryCooker::run (v1.99) Line: 204

Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 170

Module: ModPerl::Registry::handler (v1.99) Line: 31

privacyidea.conf

WSGIPythonHome /opt/privacyidea/privacyidea-venv

 ServerAdmin webmaster@localhost

 # You might want to change this

 ServerName localhost

 DocumentRoot /var/www

 <Directory />

         # For Apache 2.4 you need to set this:

         # Require all granted

          Options FollowSymLinks

          AllowOverride None

 </Directory>

 # We can run several instances on different paths with different 

configurations

 WSGIScriptAlias /      /etc/privacyidea/piapp.wsgi

 #

 # The daemon is running as user 'privacyidea'

 # This user should have access to the encKey database encryption file

 WSGIDaemonProcess privacyidea processes=1 threads=15 

display-name=%{GROUP} user=privacyidea

 WSGIProcessGroup privacyidea

 WSGIPassAuthorization On

 ErrorLog /var/log/apache2/error.log

 LogLevel warn

 LogFormat "%h %l %u %t %>s \"%m %U %H\"  %b \"%{Referer}i\" 

"%{User-agent}i"" privacyIDEA

 CustomLog /var/log/apache2/ssl_access.log privacyIDEA

 #   SSL Engine Switch:

 #   Enable/Disable SSL for this virtual host.

 SSLEngine on

 #   If both key and certificate are stored in the same file, only the

 #   SSLCertificateFile directive is needed.

 SSLCertificateFile    /etc/ssl/certs/apache.pem

SSLCertificateKeyFile /etc/ssl/private/privacyideaserver.key

 <FilesMatch "\.(cgi|shtml|phtml|php)$">

         SSLOptions +StdEnvVars

 </FilesMatch>

 <Directory /usr/lib/cgi-bin>

         SSLOptions +StdEnvVars

 </Directory>

 BrowserMatch ".*MSIE.*" \

         nokeepalive ssl-unclean-shutdown \

         downgrade-1.0 force-response-1.0

–

added for OTRS (http://otrs.org/)

–

ScriptAlias /otrs/ “/opt/otrs/bin/cgi-bin/”

Alias /otrs-web/ “/opt/otrs/var/httpd/htdocs/”

conf.d/otrs.conf>

# Setup environment and preload modules

Perlrequire /opt/otrs/scripts/apache2-perl-startup.pl

# Reload Perl modules when changed on disk

PerlModule Apache2::Reload

PerlInitHandler Apache2::Reload

# general mod_perl2 options

<Location /otrs>

ErrorDocument 403 /otrs/customer.pl

    ErrorDocument 403 /otrs/index.pl

    SetHandler  perl-script

    PerlResponseHandler ModPerl::Registry

    Options +ExecCGI

    PerlOptions +ParseHeaders

    PerlOptions +SetupEnv

    <IfVersion < 2.4>

        Order allow,deny

        Allow from all

    </IfVersion>

    <IfVersion >= 2.4>

        Require all granted

    </IfVersion>

</IfModule>

<IfModule !mod_version.c>

    Order allow,deny

    Allow from all

</IfModule>

<IfModule mod_deflate.c>

    AddOutputFilterByType DEFLATE text/html text/javascript text/css 

text/xml application/json text/json

</IfModule>

<Directory “/opt/otrs/var/httpd/htdocs/”>

AllowOverride None

<IfModule mod_version.c>

    <IfVersion < 2.4>

        Order allow,deny

        Allow from all

    </IfVersion>

    <IfVersion >= 2.4>

        Require all granted

    </IfVersion>

</IfModule>

<IfModule !mod_version.c>

    Order allow,deny

    Allow from all

</IfModule>

<IfModule mod_deflate.c>

    AddOutputFilterByType DEFLATE text/html text/javascript text/css 

text/xml application/json text/json

</IfModule>

Hi Stefan,
I did not get the error. You said a white page?

Obviously your configuration did not used VirtualHosts before.

Just disable privacyidea-site and enable your old site.
How did your old site look like?

Kind regards
CorneliusAm 23.02.2015 um 14:00 schrieb Stefan Steuer:

sry wrong otrs.conf.

    <IfModule mod_perl.c>

        # Setup environment and preload modules
        Perlrequire /opt/otrs/scripts/apache2-perl-startup.pl

        # Reload Perl modules when changed on disk
        PerlModule Apache2::Reload
        PerlInitHandler Apache2::Reload

        # general mod_perl2 options
        <Location /otrs>
    #        ErrorDocument 403 /otrs/customer.pl
            ErrorDocument 403 /otrs/index.pl
            SetHandler  perl-script
            PerlResponseHandler ModPerl::Registry
            Options +ExecCGI
            PerlOptions +ParseHeaders
            PerlOptions +SetupEnv

     <IfModule mod_version.c>
            <IfVersion < 2.4>
                Order allow,deny
                Allow from all
            </IfVersion>
            <IfVersion >= 2.4>
                Require all granted
            </IfVersion>
        </IfModule>
        <IfModule !mod_version.c>
            Order allow,deny
            Allow from all
        </IfModule>

        <IfModule mod_deflate.c>
            AddOutputFilterByType DEFLATE text/html
    text/javascript text/css text/xml application/json text/json
        </IfModule>
    </Location>

    <Directory "/opt/otrs/var/httpd/htdocs/">
        AllowOverride None

        <IfModule mod_version.c>
            <IfVersion < 2.4>
                Order allow,deny
                Allow from all
            </IfVersion>
            <IfVersion >= 2.4>
                Require all granted
            </IfVersion>
        </IfModule>
        <IfModule !mod_version.c>
            Order allow,deny
            Allow from all
        </IfModule>

        <IfModule mod_deflate.c>
            AddOutputFilterByType DEFLATE text/html
    text/javascript text/css text/xml application/json text/json
        </IfModule>
           AddOutputFilterByType DEFLATE text/html text/javascript
    text/css text/xml application/json text/json
        </IfModule>

        # Make sure CSS and JS files are read as UTF8 by the browsers.
        AddCharset UTF-8 .css
        AddCharset UTF-8 .js

        # Set explicit mime type for woff fonts since it is
    relatively new and apache may not know about it.
        AddType application/font-woff .woff

    </Directory>

    <IfModule mod_headers.c>
        # Cache css-cache for 30 days
        <Directory "/opt/otrs/var/httpd/htdocs/skins/*/*/css-cache">
            <FilesMatch "\.(css|CSS)$">
                Header set Cache-Control "max-age=2592000
    must-revalidate"
            <FilesMatch "\.(css|CSS)$">
                Header set Cache-Control "max-age=2592000
    must-revalidate"
            </FilesMatch>
                    </FilesMatch>
        </Directory>

        # Cache css thirdparty for 4 hours, including icon fonts
        <Directory
    "/opt/otrs/var/httpd/htdocs/skins/*/*/css/thirdparty">
            <FilesMatch "\.(css|CSS|woff|svg)$">
                Header set Cache-Control "max-age=14400
    must-revalidate"
            </FilesMatch>
        </Directory>

        # Cache js-cache for 30 days
        <Directory "/opt/otrs/var/httpd/htdocs/js/js-cache">
            <FilesMatch "\.(js|JS)$">
                Header set Cache-Control "max-age=2592000
    must-revalidate"
            </FilesMatch>
        </Directory>

        # Cache js thirdparty for 4 hours
        <Directory "/opt/otrs/var/httpd/htdocs/js/thirdparty/">
            <FilesMatch "\.(js|JS)$">
                Header set Cache-Control "max-age=14400
    must-revalidate"
            </FilesMatch>
        </Directory>
    </IfModule>

    # Limit the number of requests per child to avoid excessive
    memory usage
    MaxRequestsPerChild 4000

–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/05128820-c30e-4ede-88d8-52e2ebf95e11%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/05128820-c30e-4ede-88d8-52e2ebf95e11%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

Good news!
I was able to reproduce the problem.
So the half way is done, now

Running a vanilla OTRS 4.0.5.

Kind regards
CorneliusAm 23.02.2015 um 16:28 schrieb Cornelius Kölbel:

Just looking into it.

Am 23.02.2015 um 16:10 schrieb Stefan Steuer:

mhm… any idea?

On Monday, February 23, 2015 at 3:57:01 PM UTC+1, Cornelius Kölbel wrote:

Hi,

to my knowledge Logging in OTRS 3 was performed this way:

   
https://github.com/privacyidea/privacyidea/blob/master/authmodules/OTRS/privacyIDEA.pm#L36
<https://github.com/privacyidea/privacyidea/blob/master/authmodules/OTRS/privacyIDEA.pm#L36>

See:
   
http://otrs.perl-services.de/docs/otrs/rel-3_0/kernel_system_log.html
<http://otrs.perl-services.de/docs/otrs/rel-3_0/kernel_system_log.html>

But it looks like, as if it still should exist int 4:
   
http://otrs.perl-services.de/docs/otrs/rel-4_0/kernel_system_log.html
<http://otrs.perl-services.de/docs/otrs/rel-4_0/kernel_system_log.html>



Am 23.02.2015 um 15:42 schrieb Stefan Steuer:

[Mon Feb 23 15:39:03 2015] [error] [Mon Feb 23 15:39:03 2015]
-e: No LogObject! at
/opt/otrs//Kernel/System/Auth/privacyIDEA.pm line 24.\n
[Mon Feb 23 15:39:05 2015] [error] [Mon Feb 23 15:39:05 2015]
-e: No LogObject! at
/opt/otrs//Kernel/System/Auth/privacyIDEA.pm line 24.\n
[Mon Feb 23 15:41:37 2015] [error] [Mon Feb 23 15:41:37 2015]
-e: No LogObject! at
/opt/otrs//Kernel/System/Auth/privacyIDEA.pm line 24.\n


On Monday, February 23, 2015 at 3:40:45 PM UTC+1, Stefan Steuer wrote:

    Okay... i just found the issue...
    when I downloaded the file with wget he added some courios
    google content....

    Now I'll get an error 500 (apache error) which I can fix -
    hopefully ;)

-- 
You received this message because you are subscribed to the
Google Groups "privacyidea" group.
To unsubscribe from this group and stop receiving emails from
it, send an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/3bb20cb1-a0a4-4b21-b1da-d30fe0410b0f%40googlegroups.com
<https://groups.google.com/d/msgid/privacyidea/3bb20cb1-a0a4-4b21-b1da-d30fe0410b0f%40googlegroups.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout
<https://groups.google.com/d/optout>.

–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it,
send an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/447e0f2c-45a7-4a0c-8486-244281675173%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/447e0f2c-45a7-4a0c-8486-244281675173%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.
–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/54EB470E.4000802%40privacyidea.org
https://groups.google.com/d/msgid/privacyidea/54EB470E.4000802%40privacyidea.org?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

sry wrong otrs.conf.

>>

# Setup environment and preload modules
Perlrequire /opt/otrs/scripts/apache2-perl-startup.pl

# Reload Perl modules when changed on disk
PerlModule Apache2::Reload
PerlInitHandler Apache2::Reload

# general mod_perl2 options
<Location /otrs>

ErrorDocument 403 /otrs/customer.pl

    ErrorDocument 403 /otrs/index.pl
    SetHandler  perl-script
    PerlResponseHandler ModPerl::Registry
    Options +ExecCGI
    PerlOptions +ParseHeaders
    PerlOptions +SetupEnv

Order allow,deny Allow from all = 2.4> Require all granted Order allow,deny Allow from all

<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/javascript text/css 

text/xml application/json text/json

<Directory “/opt/otrs/var/httpd/htdocs/”>
AllowOverride None

<IfModule mod_version.c>
    <IfVersion < 2.4>
        Order allow,deny
        Allow from all
    </IfVersion>
    <IfVersion >= 2.4>
        Require all granted
    </IfVersion>
</IfModule>
<IfModule !mod_version.c>
    Order allow,deny
    Allow from all
</IfModule>

<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/javascript text/css 

text/xml application/json text/json

AddOutputFilterByType DEFLATE text/html text/javascript text/css
text/xml application/json text/json

# Make sure CSS and JS files are read as UTF8 by the browsers.
AddCharset UTF-8 .css
AddCharset UTF-8 .js

# Set explicit mime type for woff fonts since it is relatively new 

and apache may not know about it.
AddType application/font-woff .woff

# Cache css-cache for 30 days Header set Cache-Control "max-age=2592000 must-revalidate" Header set Cache-Control "max-age=2592000 must-revalidate"

# Cache css thirdparty for 4 hours, including icon fonts
<Directory "/opt/otrs/var/httpd/htdocs/skins/*/*/css/thirdparty">
    <FilesMatch "\.(css|CSS|woff|svg)$">
        Header set Cache-Control "max-age=14400 must-revalidate"
    </FilesMatch>
</Directory>

# Cache js-cache for 30 days
<Directory "/opt/otrs/var/httpd/htdocs/js/js-cache">
    <FilesMatch "\.(js|JS)$">
        Header set Cache-Control "max-age=2592000 must-revalidate"
    </FilesMatch>
</Directory>

# Cache js thirdparty for 4 hours
<Directory "/opt/otrs/var/httpd/htdocs/js/thirdparty/">
    <FilesMatch "\.(js|JS)$">
        Header set Cache-Control "max-age=14400 must-revalidate"
    </FilesMatch>
</Directory>

Limit the number of requests per child to avoid excessive memory usage

MaxRequestsPerChild 4000

oh okay :(On Monday, February 23, 2015 at 6:06:57 PM UTC+1, Cornelius Kölbel wrote:

I can say as much as this:
otrs 4.0 has changed a lot over 3.
This will be a new privacyidea otrs module!

Kind regards
Cornelius

Am 23.02.2015 um 17:41 schrieb Cornelius Kölbel:

Good news!
I was able to reproduce the problem.
So the half way is done, now

Running a vanilla OTRS 4.0.5.

Kind regards
Cornelius

Am 23.02.2015 um 16:28 schrieb Cornelius Kölbel:

Just looking into it.

Am 23.02.2015 um 16:10 schrieb Stefan Steuer:

mhm… any idea?

On Monday, February 23, 2015 at 3:57:01 PM UTC+1, Cornelius Kölbel wrote:

Hi,

to my knowledge Logging in OTRS 3 was performed this way:

https://github.com/privacyidea/privacyidea/blob/master/authmodules/OTRS/privacyIDEA.pm#L36

See:
Perl Services - Softwareentwicklung mit Perl · ((OTRS)) Community Edition API Documentation

But it looks like, as if it still should exist int 4:
Perl Services - Softwareentwicklung mit Perl · ((OTRS)) Community Edition API Documentation

Am 23.02.2015 um 15:42 schrieb Stefan Steuer:

[Mon Feb 23 15:39:03 2015] [error] [Mon Feb 23 15:39:03 2015] -e: No
LogObject! at /opt/otrs//Kernel/System/Auth/privacyIDEA.pm line 24.\n
[Mon Feb 23 15:39:05 2015] [error] [Mon Feb 23 15:39:05 2015] -e: No
LogObject! at /opt/otrs//Kernel/System/Auth/privacyIDEA.pm line 24.\n
[Mon Feb 23 15:41:37 2015] [error] [Mon Feb 23 15:41:37 2015] -e: No
LogObject! at /opt/otrs//Kernel/System/Auth/privacyIDEA.pm line 24.\n

On Monday, February 23, 2015 at 3:40:45 PM UTC+1, Stefan Steuer wrote:

Okay… i just found the issue…
when I downloaded the file with wget he added some courios google
content…

Now I’ll get an error 500 (apache error) which I can fix - hopefully

–
You received this message because you are subscribed to the Google Groups
“privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/3bb20cb1-a0a4-4b21-b1da-d30fe0410b0f%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/3bb20cb1-a0a4-4b21-b1da-d30fe0410b0f%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

–
You received this message because you are subscribed to the Google Groups
“privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/447e0f2c-45a7-4a0c-8486-244281675173%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/447e0f2c-45a7-4a0c-8486-244281675173%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

–
You received this message because you are subscribed to the Google Groups
“privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/54EB470E.4000802%40privacyidea.org
https://groups.google.com/d/msgid/privacyidea/54EB470E.4000802%40privacyidea.org?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

–
You received this message because you are subscribed to the Google Groups
“privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/54EB5842.9050009%40privacyidea.org
https://groups.google.com/d/msgid/privacyidea/54EB5842.9050009%40privacyidea.org?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

mhm… any idea?On Monday, February 23, 2015 at 3:57:01 PM UTC+1, Cornelius Kölbel wrote:

Hi,

to my knowledge Logging in OTRS 3 was performed this way:

https://github.com/privacyidea/privacyidea/blob/master/authmodules/OTRS/privacyIDEA.pm#L36

See:
Perl Services - Softwareentwicklung mit Perl · ((OTRS)) Community Edition API Documentation

But it looks like, as if it still should exist int 4:
Perl Services - Softwareentwicklung mit Perl · ((OTRS)) Community Edition API Documentation

Am 23.02.2015 um 15:42 schrieb Stefan Steuer:

[Mon Feb 23 15:39:03 2015] [error] [Mon Feb 23 15:39:03 2015] -e: No
LogObject! at /opt/otrs//Kernel/System/Auth/privacyIDEA.pm line 24.\n
[Mon Feb 23 15:39:05 2015] [error] [Mon Feb 23 15:39:05 2015] -e: No
LogObject! at /opt/otrs//Kernel/System/Auth/privacyIDEA.pm line 24.\n
[Mon Feb 23 15:41:37 2015] [error] [Mon Feb 23 15:41:37 2015] -e: No
LogObject! at /opt/otrs//Kernel/System/Auth/privacyIDEA.pm line 24.\n

On Monday, February 23, 2015 at 3:40:45 PM UTC+1, Stefan Steuer wrote:

Okay… i just found the issue…
when I downloaded the file with wget he added some courios google
content…

Now I’ll get an error 500 (apache error) which I can fix - hopefully

–
You received this message because you are subscribed to the Google Groups
“privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/3bb20cb1-a0a4-4b21-b1da-d30fe0410b0f%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/3bb20cb1-a0a4-4b21-b1da-d30fe0410b0f%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

OK, I was not aware, that you already activated the privacyIDEA module
in OTRS.

So you need to change this to the correct URL - I think in your case it
might be:

https://localhost/pi/validate/simplecheck

Kind regards
CorneliusAm 23.02.2015 um 14:11 schrieb Stefan Steuer:

When I disable the site I’ll get also a blank page.
But I found the issue…

/opt/otrs/Kernel/Config.pm
$Self->{‘AuthModule’} = ‘Kernel::System::Auth::privacyIDEA’;
$Self->{‘AuthModule::privacyIDEA::URL’} =
“localhost:5001/validate/simplecheck”;

When I insert this two lines into the Config.PM I’ll get the blank
page. When delete them I’ll get the login screen.

–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/4a20ad4b-36b7-44c9-a66e-450b88d90694%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/4a20ad4b-36b7-44c9-a66e-450b88d90694%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

Okay… i just found the issue…
when I downloaded the file with wget he added some courios google
content…

Now I’ll get an error 500 (apache error) which I can fix - hopefully

So i created a HOTP.

Set Pin to “123456”
Scan the barcode.
Go to test test line

Enter 123456 and the token out of the google auth.

Wrong OTP.On Tuesday, February 24, 2015 at 11:09:23 AM UTC+1, Cornelius Kölbel wrote:

I am a bit concerned - what was it, that you were able to authenticate to
OTRS with the wrong password?

You may want to check your OTP at the privacyIDEA ui first.
I recommend starting with eventbase OTP, since there are less things to go
wrong

If you go to the token details you can:

• reset the OTP PIN and
• you have the action “Test token”.
  You can enter the OTP PIN and the OTP value there and click “test token”.

Kind regards
Cornelius

Am 24.02.2015 um 10:40 schrieb Stefan Steuer:

I’m sorry but now I’m not able to login (with the old and new file)

…arghhhhh…

Attached you’ll find the screenshots of my configuration.

Apache error code is:

can not authenticate: wrong otp pin

–
You received this message because you are subscribed to the Google Groups
“privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/fad8de45-acb9-4e3b-af0b-0c0623bb76c0%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/fad8de45-acb9-4e3b-af0b-0c0623bb76c0%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

You can create an enrollment policy with the parameter.
7.5. Enrollment policies — privacyIDEA 3.8 documentation 24.02.2015 um 17:01 schrieb Stefan Steuer:

Is it possible to deliver some more informations with the QR-Code?
e.g. username instead the ID and Systemname?

screenshot attached

On Tuesday, February 24, 2015 at 4:40:13 PM UTC+1, Stefan Steuer wrote:

ok great.

On Tuesday, February 24, 2015 at 4:32:40 PM UTC+1, Cornelius Kölbel wrote:

    Hi Stefan,

    I wonder what got mixed up there.

    You can login with only that what I call the OTP value by
    1. either setting the OTP PIN = "" (oups I think you can not
    do this via the web ui)
    2. or you define a policy like this...



    Kind regards
    Cornelius

    Am 24.02.2015 um 16:09 schrieb Stefan Steuer:

    One last question ;)

    Is it possible to login with the OTP/google auth-code without
    the pin?



    On Tuesday, February 24, 2015 at 4:04:15 PM UTC+1, Stefan Steuer wrote:

        After I reinstall Privacyidea ... it works..... :)
        Thank you for the great support!

        I'll install the PI on saturday/sunday on my productive
        enviroment and give you a feedback!

    -- 
    You received this message because you are subscribed to the
    Google Groups "privacyidea" group.
    To unsubscribe from this group and stop receiving emails from
    it, send an email to privacyidea...@googlegroups.com.
    To post to this group, send email to priva...@googlegroups.com.
    To view this discussion on the web visit
    https://groups.google.com/d/msgid/privacyidea/03b4f9b5-a358-437f-9a2e-6c673fc904e0%40googlegroups.com
    <https://groups.google.com/d/msgid/privacyidea/03b4f9b5-a358-437f-9a2e-6c673fc904e0%40googlegroups.com?utm_medium=email&utm_source=footer>.
    For more options, visit https://groups.google.com/d/optout
    <https://groups.google.com/d/optout>.

–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/bf08862a-1606-4cb5-8f13-967d07968612%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/bf08862a-1606-4cb5-8f13-967d07968612%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

so I deleted all policies: same result with both.

64bit wheezyOn Tuesday, February 24, 2015 at 1:35:53 PM UTC+1, Cornelius Kölbel wrote:

I remember you had a strange policy with no meaning.
Please delete the policy.
(Delete all policies!)

Obviously the wheezy package is not stable in your case.
Is it a 32bit or 64bit system?

As a last resort, you should remove the package and install via pip.

Kind regards
Cornelius

Is it possible to deliver some more informations with the QR-Code?
e.g. username instead the ID and Systemname?

screenshot attachedOn Tuesday, February 24, 2015 at 4:40:13 PM UTC+1, Stefan Steuer wrote:

ok great.

On Tuesday, February 24, 2015 at 4:32:40 PM UTC+1, Cornelius Kölbel wrote:

Hi Stefan,

I wonder what got mixed up there.

You can login with only that what I call the OTP value by

1. either setting the OTP PIN = “” (oups I think you can not do this via
   the web ui)
2. or you define a policy like this…

Kind regards
Cornelius

Am 24.02.2015 um 16:09 schrieb Stefan Steuer:

One last question

Is it possible to login with the OTP/google auth-code without the pin?

On Tuesday, February 24, 2015 at 4:04:15 PM UTC+1, Stefan Steuer wrote:

After I reinstall Privacyidea … it works…
Thank you for the great support!

I’ll install the PI on saturday/sunday on my productive enviroment and
give you a feedback!

 -- 

You received this message because you are subscribed to the Google Groups
“privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/03b4f9b5-a358-437f-9a2e-6c673fc904e0%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/03b4f9b5-a358-437f-9a2e-6c673fc904e0%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

screen.png944×872 49.6 KB

One last question

Is it possible to login with the OTP/google auth-code without the pin?On Tuesday, February 24, 2015 at 4:04:15 PM UTC+1, Stefan Steuer wrote:

After I reinstall Privacyidea … it works…
Thank you for the great support!

I’ll install the PI on saturday/sunday on my productive enviroment and
give you a feedback!

Please also take a look at /var/log/privacyidea/privacyidea.logAm 24.02.2015 um 12:10 schrieb Cornelius Kölbel:

It seems to me that the wheezy package is not playing that well. I can
not see these issues on another distribution.

Can you please:

1. install python-virtualenv
   apt-get install python-virtualenv
   and restart the webserver

2. create a useridresolver of /etc/passwd and create a realm with this
   resolver.
   enroll a new token to a user from passwd, to see if this is
   somehow linked to the sqlusers…

Kind regards
Cornelius

Am 24.02.2015 um 11:18 schrieb Stefan Steuer:

So i created a HOTP.

Set Pin to “123456”
Scan the barcode.
Go to test test line

Enter 123456 and the token out of the google auth.

Wrong OTP.

On Tuesday, February 24, 2015 at 11:09:23 AM UTC+1, Cornelius Kölbel wrote:

I am a bit concerned - what was it, that you were able to
authenticate to OTRS with the wrong password?

You may want to check your OTP at the privacyIDEA ui first.
I recommend starting with eventbase OTP, since there are less
things to go wrong ;-)

If you go to the token details you can:

* reset the OTP PIN and
* you have the action "Test token".
You can enter the OTP PIN and the OTP value there and click "test
token".

Kind regards
Cornelius

Am 24.02.2015 um 10:40 schrieb Stefan Steuer:

    I'm sorry but now I'm not able to login (with the old and
    new file) .....arghhhhh...

Attached you'll find the screenshots of my configuration.

Apache error code is: 

        can not authenticate: wrong otp pin



 
-- 
You received this message because you are subscribed to the
Google Groups "privacyidea" group.
To unsubscribe from this group and stop receiving emails from
it, send an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/fad8de45-acb9-4e3b-af0b-0c0623bb76c0%40googlegroups.com
<https://groups.google.com/d/msgid/privacyidea/fad8de45-acb9-4e3b-af0b-0c0623bb76c0%40googlegroups.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout
<https://groups.google.com/d/optout>.

–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it,
send an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/97ec5a7b-ed4f-46fa-a9dc-3961839ee76a%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/97ec5a7b-ed4f-46fa-a9dc-3961839ee76a%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.
–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/54EC5C19.9090903%40privacyidea.org
https://groups.google.com/d/msgid/privacyidea/54EC5C19.9090903%40privacyidea.org?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

Hi Stefan,

I assume there is a difference between perl on ubuntu 14.04 and debian
wheezy as far as the interpretation of true and false is concerned.

Could you please try the attached module (rename it) and then take a
look at the apache error log:

Mine looks like this:

Message: {
“detail”: {
“message”: “wrong otp value”,
“serial”: “OATH0000FB1E”,
“type”: “hotp”
},
“id”: 1,
“jsonrpc”: “2.0”,
“result”: {
“status”: true,
“value”: false
},
“version”: “privacyIDEA 2.1dev0”
}

RemoteAddress: 127.0.0.1
RequestURI: /otrs/index.pl

Traceback (18793):
Module: Kernel::System::Auth::privacyIDEA::Auth Line: 128
Module: Kernel::System::Auth::Auth Line: 142
Module: Kernel::System::Web::InterfaceAgent::Run Line: 242
Module:
ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler
Line: 41
Module: (eval) (v1.99) Line: 206
Module: ModPerl::RegistryCooker::run (v1.99) Line: 206
Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 172
Module: ModPerl::Registry::handler (v1.99) Line: 31

ERROR: OTRS-CGI-56 Perl: 5.18.2 OS: linux Time: Tue Feb 24 09:26:18 2015

Message: result is: 0

The API result contains “value”: false if the authentication failed.
If your perl things of “false” as a string, it will let the user in.

My Perl interprets “false” as False and this is why the
Message: result is: 0

So the question, what your Message: result looks like.

Kind regards
CorneliusAm 24.02.2015 um 08:09 schrieb Stefan Steuer:

Hi Cornelius,
I think that there is a big bug or a wrong config of my site

Now I’ll get the login screen but…

e.g. my credentials are M.Mustermann and the pw testpassword123!

But now I’m able to login with any password e.g. M.Mustermann
kfgafasdasd or M.Mustermann and twfnaedsf

On Monday, February 23, 2015 at 11:04:12 PM UTC+1, Cornelius Kölbel wrote:

Hi Stefan,

...here we go.

I checked this module on my site. Please take a look, if it works
for you either.
https://github.com/privacyidea/privacyidea/blob/master/authmodules/OTRS/privacyIDEA-4_0.pm
<https://github.com/privacyidea/privacyidea/blob/master/authmodules/OTRS/privacyIDEA-4_0.pm>

In the header of the module you can see, how it should be
configured in Kernel/Config.pm.

# $Self->{'AuthModule'} = 'Kernel::System::Auth::privacyIDEA';

# $Self->{'AuthModule::privacyIDEA::URL'} = \
# "https://localhost/validate/check"
<https://localhost/validate/check>;

# $Self->{'AuthModule::privacyIDEA::disableSSLCheck'} = "yes";


Note, that you need to call /validate/check now, not simplecheck.
If you have no valid certificate you need to define anything in
disableSSLCheck, like "yes" ;-)

Kind regards
Cornelius

Am 23.02.2015 um 19:48 schrieb Stefan Steuer:

oh okay :(

On Monday, February 23, 2015 at 6:06:57 PM UTC+1, Cornelius Kölbel wrote:

    I can say as much as this:
    otrs 4.0 has changed a lot over 3.
    This will be a new privacyidea otrs module!

    Kind regards
    Cornelius

    Am 23.02.2015 um 17:41 schrieb Cornelius Kölbel:

    Good news!
    I was able to reproduce the problem.
    So the half way is done, now ;-)

    Running a vanilla OTRS 4.0.5.

    Kind regards
    Cornelius

    Am 23.02.2015 um 16:28 schrieb Cornelius Kölbel:

    Just looking into it.

    Am 23.02.2015 um 16:10 schrieb Stefan Steuer:

    mhm... any idea?

    On Monday, February 23, 2015 at 3:57:01 PM UTC+1, Cornelius Kölbel wrote:

        Hi,

        to my knowledge Logging in OTRS 3 was performed this way:

           
        https://github.com/privacyidea/privacyidea/blob/master/authmodules/OTRS/privacyIDEA.pm#L36
        <https://github.com/privacyidea/privacyidea/blob/master/authmodules/OTRS/privacyIDEA.pm#L36>

        See:
           
        http://otrs.perl-services.de/docs/otrs/rel-3_0/kernel_system_log.html
        <http://otrs.perl-services.de/docs/otrs/rel-3_0/kernel_system_log.html>

        But it looks like, as if it still should exist int 4:
           
        http://otrs.perl-services.de/docs/otrs/rel-4_0/kernel_system_log.html
        <http://otrs.perl-services.de/docs/otrs/rel-4_0/kernel_system_log.html>



        Am 23.02.2015 um 15:42 schrieb Stefan Steuer:

        [Mon Feb 23 15:39:03 2015] [error] [Mon Feb 23
        15:39:03 2015] -e: No LogObject! at
        /opt/otrs//Kernel/System/Auth/privacyIDEA.pm line 24.\n
        [Mon Feb 23 15:39:05 2015] [error] [Mon Feb 23
        15:39:05 2015] -e: No LogObject! at
        /opt/otrs//Kernel/System/Auth/privacyIDEA.pm line 24.\n
        [Mon Feb 23 15:41:37 2015] [error] [Mon Feb 23
        15:41:37 2015] -e: No LogObject! at
        /opt/otrs//Kernel/System/Auth/privacyIDEA.pm line 24.\n


        On Monday, February 23, 2015 at 3:40:45 PM UTC+1, Stefan Steuer wrote:

            Okay... i just found the issue...
            when I downloaded the file with wget he added
            some courios google content....

            Now I'll get an error 500 (apache error) which I
            can fix - hopefully ;)

        -- 
        You received this message because you are subscribed
        to the Google Groups "privacyidea" group.
        To unsubscribe from this group and stop receiving
        emails from it, send an email to
        privacyidea...@googlegroups.com.
        To post to this group, send email to
        priva...@googlegroups.com.
        To view this discussion on the web visit
        https://groups.google.com/d/msgid/privacyidea/3bb20cb1-a0a4-4b21-b1da-d30fe0410b0f%40googlegroups.com
        <https://groups.google.com/d/msgid/privacyidea/3bb20cb1-a0a4-4b21-b1da-d30fe0410b0f%40googlegroups.com?utm_medium=email&utm_source=footer>.
        For more options, visit
        https://groups.google.com/d/optout
        <https://groups.google.com/d/optout>.

    -- 
    You received this message because you are subscribed to
    the Google Groups "privacyidea" group.
    To unsubscribe from this group and stop receiving emails
    from it, send an email to privacyidea...@googlegroups.com.
    To post to this group, send email to
    priva...@googlegroups.com.
    To view this discussion on the web visit
    https://groups.google.com/d/msgid/privacyidea/447e0f2c-45a7-4a0c-8486-244281675173%40googlegroups.com
    <https://groups.google.com/d/msgid/privacyidea/447e0f2c-45a7-4a0c-8486-244281675173%40googlegroups.com?utm_medium=email&utm_source=footer>.
    For more options, visit https://groups.google.com/d/optout
    <https://groups.google.com/d/optout>.

    -- 
    You received this message because you are subscribed to the
    Google Groups "privacyidea" group.
    To unsubscribe from this group and stop receiving emails
    from it, send an email to privacyidea...@googlegroups.com.
    To post to this group, send email to priva...@googlegroups.com.
    To view this discussion on the web visit
    https://groups.google.com/d/msgid/privacyidea/54EB470E.4000802%40privacyidea.org
    <https://groups.google.com/d/msgid/privacyidea/54EB470E.4000802%40privacyidea.org?utm_medium=email&utm_source=footer>.
    For more options, visit https://groups.google.com/d/optout
    <https://groups.google.com/d/optout>.

    -- 
    You received this message because you are subscribed to the
    Google Groups "privacyidea" group.
    To unsubscribe from this group and stop receiving emails
    from it, send an email to privacyidea...@googlegroups.com.
    To post to this group, send email to priva...@googlegroups.com.
    To view this discussion on the web visit
    https://groups.google.com/d/msgid/privacyidea/54EB5842.9050009%40privacyidea.org
    <https://groups.google.com/d/msgid/privacyidea/54EB5842.9050009%40privacyidea.org?utm_medium=email&utm_source=footer>.
    For more options, visit https://groups.google.com/d/optout
    <https://groups.google.com/d/optout>.

-- 
You received this message because you are subscribed to the
Google Groups "privacyidea" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/4b78f975-d576-46f5-bb09-d343aa754239%40googlegroups.com
<https://groups.google.com/d/msgid/privacyidea/4b78f975-d576-46f5-bb09-d343aa754239%40googlegroups.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout
<https://groups.google.com/d/optout>.

–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/c6347ac0-b939-4b8a-93a9-4a783d9c8eec%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/c6347ac0-b939-4b8a-93a9-4a783d9c8eec%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

privacyIDEA-4_0.pm (4.41 KB)