I want to integrate privacyIDEA in Keycloak.
Keycloak is installed and I can authenticate from Nextcloud against it.
I installed the privacyIDEA Plugin in Keycloak following this documentation
https : // www .privacyidea .org/versatile-2fa-single-sign-on-with-keycloak-and-privacyidea/
When I now login in Nextcloud I klick on ‘login with keycloak’ and enter username and passwort. Then I get a new Screen to enter the OTP.
After entering the OTP I get ‘Authentication failed.’
In the Keycloak log I see
2021-06-19 14:09:38,522 INFO [org.privacyidea.authenticator.PrivacyIDEAAuthenticator] (OkHttp http ://mfa .domain .tld/...) /validate/check:
{
"id": 1,
"jsonrpc": "2.0",
"result": {
"error": {
"code": 905,
"message": "ERR905: You need to specify a serial or a user."
},
"status": false
},
"time": 1624111778.4443033,
"version": "privacyIDEA 3.5.1",
"signature": "rsa_sha256_pss:9a56b7..."
}
In the Apache log on the privacyIDEA server I get
400 "GET /validate/check HTTP/1.1" 762 "-" "privacyIDEA-Keycloak"
Te following test is running with success:
https: //mfa. domain. tld/validate/check?user=username&pass=otp
One strange thing I recognized:
Even if I enter a not existing URL in the privacyIDEA configuration in Keycloak (like xxx.foo.bar) I get the log entry with http : //mfa. domain.tld
My question is.
Why is a serial or a user missing?