Well, but you are totally right. This is a very important thing to
improve the error message. In this case thank you very much for this
experience and the input.
Hi
Now when I have slept for a while I look with new eyes on the problem
and see directly that am doing it wrong. My privacyidea host is not
auth.example.com but aaa.example.com. So embarrassing.
Your basic auth client works great.
The only thing I believe you can improve is the error message for the
next m****n that tries to authenticate against wrong URL.
Truly sorry for taking up your time.
Den onsdag 10 juni 2015 kl. 14:26:44 UTC+2 skrev Cornelius Kölbel:
Hi Nicke,
no. You indeed need no quotes.
The interesting line is
ValueError("No JSON object could be decoded")
I.e. the url you requested, did not respond as expected.
Can you see this /validate/check request in the Audit log in
the web UI?
What does it say there?
Kind regards
Cornelius
Am Mittwoch, den 10.06.2015, 04:34 -0700 schrieb Nicke:
> Yeah, you are right, access right errors. Am a little tired
so did not
> pay attention enough.
>
>
> So here is the output now,
> Jun 10 12:57:50 files mod_wsgi: Reading configuration
> https://auth.example.com, localhost, False
> Jun 10 12:57:50 files mod_wsgi: Authentication with
> https://auth.example.com, localhost, False
> Jun 10 12:57:50 files mod_wsgi: requests < 1.0
> Jun 10 12:57:50 files mod_wsgi: Traceback (most recent call
> last):#012 File
"/usr/share/pyshared/privacyidea_apache.py", line 75,
> in check_password#012 json_response =
response.json()#012 File
> "/usr/lib/python2.7/dist-packages/requests/models.py", line
741, in
> json#012 return json.loads(self.text, **kwargs)#012
File
> "/usr/lib/python2.7/json/__init__.py", line 338, in
loads#012
> return _default_decoder.decode(s)#012 File
> "/usr/lib/python2.7/json/decoder.py", line 366, in
decode#012 obj,
> end = self.raw_decode(s, idx=_w(s, 0).end())#012 File
> "/usr/lib/python2.7/json/decoder.py", line 384, in
raw_decode#012
> raise ValueError("No JSON object could be
decoded")#012ValueError: No
> JSON object could be decoded
>
>
> When having privacyidea = "https://auth.example.com"
> in /etc/privacyidea/apache.conf
> mod_wsgi (pid=4865): Exception occurred processing WSGI
script
> '/usr/share/pyshared/privacyidea_apache.py'.
> Traceback (most recent call last):
> File "/usr/share/pyshared/privacyidea_apache.py", line
72, in
> check_password
> verify=SSLVERIFY)
> File "/usr/lib/python2.7/dist-packages/requests/api.py",
line 88,
> in post
> return request('post', url, data=data, **kwargs)
> File "/usr/lib/python2.7/dist-packages/requests/api.py",
line 44,
> in request
> return session.request(method=method, url=url,
**kwargs)
> File
"/usr/lib/python2.7/dist-packages/requests/sessions.py", line
> 455, in request
> resp = self.send(prep, **send_kwargs)
> File
"/usr/lib/python2.7/dist-packages/requests/sessions.py", line
> 553, in send
> adapter = self.get_adapter(url=request.url)
> File
"/usr/lib/python2.7/dist-packages/requests/sessions.py", line
> 598, in get_adapter
> raise InvalidSchema("No connection adapters were found
for '%s'"
> % url)
> InvalidSchema: No connection adapters were found for
> '"https://auth.example.com"/validate/check'
>
>
> mod_wsgi (pid=4865): Exception occurred processing WSGI
script
> '/usr/share/pyshared/privacyidea_apache.py'., referer:
> https://subdomain.example.com/
> Traceback (most recent call last):, referer:
> https://subdomain.example.com/
> File "/usr/share/pyshared/privacyidea_apache.py", line
72, in
> check_password, referer: https://subdomain.example.com/
> verify=SSLVERIFY), referer:
https://subdomain.example.com/
> File "/usr/lib/python2.7/dist-packages/requests/api.py",
line 88,
> in post, referer: https://subdomain.example.com/
> return request('post', url, data=data, **kwargs),
referer:
> https://subdomain.example.com/
> File "/usr/lib/python2.7/dist-packages/requests/api.py",
line 44,
> in request, referer: https://subdomain.example.com/
> return session.request(method=method, url=url,
**kwargs),
> referer: https://subdomain.example.com/
> File
"/usr/lib/python2.7/dist-packages/requests/sessions.py", line
> 455, in request, referer: https://subdomain.example.com/
> resp = self.send(prep, **send_kwargs), referer:
> https://subdomain.example.com/
> File
"/usr/lib/python2.7/dist-packages/requests/sessions.py", line
> 553, in send, referer: https://subdomain.example.com/
> adapter = self.get_adapter(url=request.url), referer:
> https://subdomain.example.com/
> File
"/usr/lib/python2.7/dist-packages/requests/sessions.py", line
> 598, in get_adapter, referer:
https://subdomain.example.com/
> raise InvalidSchema("No connection adapters were found
for '%s'"
> % url), referer: https://subdomain.example.com/
> InvalidSchema: No connection adapters were found for
> '"https://auth.example.com"/validate/check', referer:
> https://subdomain.example.com/
>
>
> When having privacyidea = https://auth.example.com
> in /etc/privacyidea/apache.conf
>
> mod_wsgi (pid=4865): Exception occurred processing WSGI
script
> '/usr/share/pyshared/privacyidea_apache.py'.
> Traceback (most recent call last):
> File "/usr/share/pyshared/privacyidea_apache.py", line
83, in
> check_password
> if json_response.get("result", {}).get("value"):
> AttributeError: 'function' object has no attribute 'get'
>
>
> mod_wsgi (pid=4865): Exception occurred processing WSGI
script
> '/usr/share/pyshared/privacyidea_apache.py'., referer:
> https://subdomain.example.com/
> Traceback (most recent call last):, referer:
> https://subdomain.example.com/
> File "/usr/share/pyshared/privacyidea_apache.py", line
83, in
> check_password, referer: https://subdomain.example.com/
> if json_response.get("result", {}).get("value"):,
referer:
> https://subdomain.example.com/
> AttributeError: 'function' object has no attribute 'get',
referer:
> https://subdomain.example.com/
>
>
>
>
>
>
> Den onsdag 10 juni 2015 kl. 12:48:34 UTC+2 skrev Cornelius
Kölbel:
> Hi,
>
> please check the access right of
> /usr/share/pyshared/privacyidea_apache.py
>
> The apache user should be able to read it.
> Should be 644.
>
> Kind regards
> Cornelius
>
>
> Am Mittwoch, den 10.06.2015, 03:15 -0700 schrieb
Nicke:
> > Am running Ubuntu 14.04.2 on the client machine
having
> > privacyidea-apache-client installed, this is
called
> > "subdomain.example.com".
> > Authentication server is another host running the
same
> system. This
> > machine is called "auth.example.com".
> >
> >
> > Here is the only output with your new file,
> > [Wed Jun 10 12:12:19.064834 2015] [:error] [pid
4728:tid
> > 139652069586688] (13)Permission denied: [client
> > 2a02:xxx:0:10:cccc:97fc:6f52:b703:36240] mod_wsgi
> (pid=4728,
> > process='', application=''): Call to fopen()
failed for
> > '/usr/share/pyshared/privacyidea_apache.py'.
> > [Wed Jun 10 12:12:19.250990 2015] [:error] [pid
4728:tid
> > 139652052801280] (13)Permission denied: [client
> > 2a02:xxx:0:10:cccc:97fc:6f52:b703:36241] mod_wsgi
> (pid=4728,
> > process='', application=''): Call to fopen()
failed for
> > '/usr/share/pyshared/privacyidea_apache.py'.,
referer:
> > https://subdomain.example.com/
> >
> >
> >
> > Den onsdag 10 juni 2015 kl. 12:02:52 UTC+2 skrev
Cornelius
> Kölbel:
> > Hi,
> >
> > I am sorry. On what system are you
running?
> > (I would like to try running request 2.x)
> >
> > Probably there is an exception where it
should not
> be.
> > Could you please use the attached file,
restart
> apache and
> > take a look
> > at the syslog again.
> >
> > Thx and kind regards
> > Cornelius
> >
> > Am Mittwoch, den 10.06.2015, 02:41 -0700 schrieb
> Nicke:
> > > Hi
> > > 1)
> > > Before it was
> > > [DEFAULT]
> > > redis = "localhost"
> > > privacyidea =
"https://auth.example.com"
> > > sslverify = False
> > >
> > >
> > > But that created exceptions so I changed
that to
> > > [DEFAULT]
> > > redis = localhost
> > > privacyidea = https://auth.example.com
> > > sslverify = False
> > >
> > >
> > > 2)
> > > Se above
> > >
> > >
> > > 3)
> > > It contains
> > > mod_wsgi: requests < 1.0
> > >
> > >
> > >
> > > Den onsdag 10 juni 2015 kl. 11:31:30 UTC
+2 skrev
> Cornelius
> > Kölbel:
> > > Hi Nicke,
> > >
> > > 1.) what did you remove? I did
not get it
> in the
> > formatting.
> > >
> > > 2.) How does
> your /etc/privacyidea/apache.conf looks
> > like,
> > > now?
> > >
> > > 3.) Does you /var/log/syslog
contain
> > >
> > > "request > 1.0"
> > >
> > > or
> > >
> > > "request < 1.0"
> > >
> > >
> > > Kind regards
> > > Cornelius
> > >
> > > Am Mittwoch, den 10.06.2015, 02:18 -0700 schrieb
> > Nicke:
> > > > You are right, it does work
now. I do
> not know
> > what I did
> > > wrong last
> > > > time I tried.
> > > >
> > > >
> > > > The
file /etc/privacyidea/apache.conf
> contains "
> > on redis
> > > and
> > > > privacyidea value. In apache
error file
> it
> > complains (error)
> > > about
> > > > this so I had to remove it.
> > > > Anway, I still can not get
this to work,
> I get
> > > >
> > > >
> > > > mod_wsgi (pid=4105):
Exception
> occurred
> > processing WSGI
> > > script
> > > >
> '/usr/share/pyshared/privacyidea_apache.py'.
> > > > Traceback (most recent call
last):
> > > > File
> >
"/usr/share/pyshared/privacyidea_apache.py", line
> > > 81, in
> > > > check_password
> > > > if
json_response.get("result",
> > {}).get("value"):
> > > > AttributeError: 'function'
object has
> no
> > attribute 'get'
> > > > mod_wsgi (pid=4105):
Exception
> occurred
> > processing WSGI
> > > script
> > > >
> '/usr/share/pyshared/privacyidea_apache.py'.,
> > referer:
> > > >
https://subdomain.example.com/
> > > > Traceback (most recent call
last):,
> referer:
> > > >
https://subdomain.example.com/
> > > > File
> >
"/usr/share/pyshared/privacyidea_apache.py", line
> > > 81, in
> > > > check_password, referer:
> > https://subdomain.example.com/
> > > > if
json_response.get("result",
> > {}).get("value"):,
> > > referer:
> > > >
https://subdomain.example.com/
> > > > AttributeError: 'function'
object has
> no
> > attribute 'get',
> > > referer:
> > > >
https://subdomain.example.com/
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Den onsdag 10 juni 2015 kl.
10:43:28 UTC
> +2 skrev
> > Cornelius
> > > Kölbel:
> > > > Hi Nicke,
> > > >
> > > > it does.
> > > > Did you run an apt-get
update?
> > > >
> > > > Kind regards
> > > > Cornelius
> > > >
> > > > Am Mittwoch, den 10.06.2015, 01:30 -0700 schrieb
> > > Nicke:
> > > > > For me to be able to
test this
> it would
> > be good
> > > if
> > > > >
privacyidea-apache-client
> exist in the
> > dev
> > > repository on
> > > > launchpad.
> > > > >
> > > > >
> > > > >
add-apt-repository
> > > ppa:privacyidea/privacyidea-dev
> > > > > apt-get
update
> > > > > apt-get
install
> > privacyidea-apache-client
> > > > > .. does not work on
Ubuntu
> 14.04
> > because
> > > >
privacyidea-apache-client is
> > > > > missing.
> > > > > --
> > > > > You received this
message
> because you
> > are
> > > subscribed to the
> > > > Google
> > > > > Groups "privacyidea"
group.
> > > > > To unsubscribe from
this group
> and stop
> > receiving
> > > emails
> > > > from it, send
> > > > > an email to
> > privacyidea...@googlegroups.com.
> > > > > To post to this
group, send
> email to
> > > >
priva...@googlegroups.com.
> > > > > To view this
discussion on the
> web
> > visit
> > > > >
> > > >
> > >
> >
>
https://groups.google.com/d/msgid/privacyidea/ac3b3d13-3fed-4d19-98f8-cd038d5d4ceb%40googlegroups.com.
> > > > > For more options,
visit
> > >
https://groups.google.com/d/optout.
> > > >
> > > > --
> > > > Cornelius Kölbel
> > > >
corneliu...@netknights.it
> > > > +49 151 2960 1417
> > > >
> > > > NetKnights GmbH
> > > >
http://www.netknights.it
> > > > Landgraf-Karl-Str. 19,
34131
> Kassel,
> > Germany
> > > > Tel: +49 561 3166797,
Fax: +49
> 561
> > 3166798
> > > >
> > > > Amtsgericht Kassel,
HRB 16405
> > > > Geschäftsführer:
Cornelius
> Kölbel
> > > >
> > > >
> > > > --
> > > > You received this message
because you
> are
> > subscribed to the
> > > Google
> > > > Groups "privacyidea" group.
> > > > To unsubscribe from this group
and stop
> receiving
> > emails
> > > from it, send
> > > > an email to
> privacyidea...@googlegroups.com.
> > > > To post to this group, send
email to
> > > priva...@googlegroups.com.
> > > > To view this discussion on the
web
> visit
> > > >
> > >
> >
>
https://groups.google.com/d/msgid/privacyidea/55416469-bde4-4e6f-bbbc-8462b4e1da1b%40googlegroups.com.
> > > > For more options, visit
> > https://groups.google.com/d/optout.
> > >
> > > --
> > > Cornelius Kölbel
> > > corneliu...@netknights.it
> > > +49 151 2960 1417
> > >
> > > NetKnights GmbH
> > > http://www.netknights.it
> > > Landgraf-Karl-Str. 19, 34131
Kassel,
> Germany
> > > Tel: +49 561 3166797, Fax: +49
561
> 3166798
> > >
> > > Amtsgericht Kassel, HRB 16405
> > > Geschäftsführer: Cornelius
Kölbel
> > >
> > >
> > > --
> > > You received this message because you
are
> subscribed to the
> > Google
> > > Groups "privacyidea" group.
> > > To unsubscribe from this group and stop
receiving
> emails
> > from it, send
> > > an email to
privacyidea...@googlegroups.com.
> > > To post to this group, send email to
> > priva...@googlegroups.com.
> > > To view this discussion on the web
visit
> > >
> >
>
https://groups.google.com/d/msgid/privacyidea/bfc540e9-7e7a-4524-ace6-f207dab1730a%40googlegroups.com.
> > > For more options, visit
> https://groups.google.com/d/optout.
> >
> > --
> > Cornelius Kölbel
> > corneliu...@netknights.it
> > +49 151 2960 1417
> >
> > NetKnights GmbH
> > http://www.netknights.it
> > Landgraf-Karl-Str. 19, 34131 Kassel,
Germany
> > Tel: +49 561 3166797, Fax: +49 561
3166798
> >
> > Amtsgericht Kassel, HRB 16405
> > Geschäftsführer: Cornelius Kölbel
> >
> >
> > --
> > You received this message because you are
subscribed to the
> Google
> > Groups "privacyidea" group.
> > To unsubscribe from this group and stop receiving
emails
> from it, send
> > an email to privacyidea...@googlegroups.com.
> > To post to this group, send email to
> priva...@googlegroups.com.
> > To view this discussion on the web visit
> >
>
https://groups.google.com/d/msgid/privacyidea/140accd8-8d81-4840-a2b0-dad6e4639ccd%40googlegroups.com.
> > For more options, visit
https://groups.google.com/d/optout.
>
> --
> Cornelius Kölbel
> corneliu...@netknights.it
> +49 151 2960 1417
>
> NetKnights GmbH
> http://www.netknights.it
> Landgraf-Karl-Str. 19, 34131 Kassel, Germany
> Tel: +49 561 3166797, Fax: +49 561 3166798
>
> Amtsgericht Kassel, HRB 16405
> Geschäftsführer: Cornelius Kölbel
>
>
> --
> You received this message because you are subscribed to the
Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails
from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to
priva...@googlegroups.com.
> To view this discussion on the web visit
>
https://groups.google.com/d/msgid/privacyidea/fd2dc6ce-260c-4214-8ab2-6f58c3532b8d%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/7a0acb0e-1762-44de-8184-78188c50e6db%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.