One problem with PrivacyIDEA is that it exist no howto’s how to get
started. Installing guides exist and works flawless but then you are stuck.
Please create some “how to” or “getting started” guides.
These should include something like creating your first token, testing
login and maybe getting one webservice (or something) to authenticate
against PrivacyIDEA.
Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9wZ3Atc2lnbmF0dXJlOyBuYW1lPSJzaWduYXR1cmUu
YXNjIg0KQ29udGVudC1EZXNjcmlwdGlvbjogT3BlblBHUCBkaWdpdGFsIHNpZ25hdHVyZQ0KQ29u
dGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9InNpZ25hdHVyZS5hc2MiDQoN
Ci0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tDQpWZXJzaW9uOiBHbnVQRyB2MQ0KDQppUUlj
QkFFQkFnQUdCUUpWV3dMd0FBb0pFQkJoWkZVdWpZRko0eFVQLzEvUVUzQjkwenZGRzh0dlBqTDRZ
YmF4DQpBbVJPc2VQVCttVzdmWWxGNGwwV3FvVUVpdFlGSDFUZkZNQitwMmJXZVJVYmR2Zm5Zdm9U
VTZaYTdpVk5uVkwrDQpnSTdaUEF2RmJFQ2pVdis5ZXNDQnk1QVIzWVYvRXhkd20rbXVKaktNZXd5
WWtVS2VUN202K3EyQTc0VU5mTSs4DQp2Mkk4bzJBbVcwd1N3SHE2TFNmZHVveEpPUGpPWFRiem5C
LzF5OVROLzg1UDJDVjAxcEV2ME11WmRDUWxvSmxKDQovMWRLSG04NFp3WmkzTFUwNHVja3VuOXZT
NWlvUFFRTElXdDFISmErY1BxWllqS1piRzUzeStkZUhwaUJMeVlPDQp0S3Ztbm1XSi9taHo4MGRL
R0IvUS94RmwwR0RmYWpoazUxQWU3ZzRwNHYzNnZrTUV3UXh2OGNtQ2tsYkJvdDZmDQpIc2JxbzZS
ZEpWS0w5cjdTaUJkUlhhTkhOeFU2RjQ1V3VlWlEzdzZPWlNlYW5CV2d6a0VqMkYzV2d3WVJvdDRK
DQp5YTM5K3F5N2pPZ2RjUE9JT3F4SEM3eThWN1d2WmhHeEo4L0ljWTNUM1NRb0p2UVRQcVlZQnJm
cnhibFFlbGY0DQpPNzJpaXZXUlBvV0htY1ZuNlcwK0hWQjRLNW1mcUpvK3lDMG1jOTZhdWsyVUI4
Zk1DZEUwMU1qUFR2M2xaWFRNDQpxWURNVXpjelQrT3hTYTZ5TEJmd2EzMUlxTlpVaFZhM1NrVG5n
ZjBqNnNKb1JoZlRmQXJNSnUvdjRKTHFkUm82DQowOG5TdmhCSnRvMlREZFZlWEY5c05ydTVMMitD
RHc0MDZxREJ2RGhqdVA5Vk1aUVFIUnhaY2ErVFoxQlJidzhXDQpwVmQ0S3FYdWQ0TE5xc05OTm10
bA0KPU1DR0MNCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K
Great to see that a getting started guide can become reality that will
(probably) follow current version of PrivacyIDEA that howto’s around the
Internet do not.
Ticket 143 seems right, nothing to add.
I followed the installation guide found in the official documentation,
http://privacyidea.readthedocs.org/en/latest/installation/index.html. I
used the ubuntu package way with apache as webserver.
Then looking in the documendation there is no red line how to continue and
getting started. Searching on the web gives me a few options but they seems
to not be up to date. A few requires freeradius but that is not something
for a getting started guide in my option. The best I have found so far
is https://www.privacyidea.org/documentation/howtos/manage-two-factor-authentication-in-your-serverfarm-easily/
but in one of the last steps is suggest to try login
at https://your-server/auth/index but this URL does not exist. Making it
hard to test…
I do believe it should exist a simple getting started guide in the official
documendation that is kept updated as PrivacyIDEA is updated.
Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9wZ3Atc2lnbmF0dXJlOyBuYW1lPSJzaWduYXR1cmUu
YXNjIg0KQ29udGVudC1EZXNjcmlwdGlvbjogT3BlblBHUCBkaWdpdGFsIHNpZ25hdHVyZQ0KQ29u
dGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9InNpZ25hdHVyZS5hc2MiDQoN
Ci0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tDQpWZXJzaW9uOiBHbnVQRyB2MQ0KDQppUUlj
QkFFQkFnQUdCUUpWVzJnakFBb0pFQkJoWkZVdWpZRko2SklQL0E0UTVqYkpXOGozVkFtcDkxVnRN
cDRWDQpPSHpHZGFWSVVkaVp6K3FRQ2hFU2N2dVpja3VxVHp1Wm51SWY0dnFXVnpveXEvK2xKNjJq
eGQ3Y3hiYUs3OC92DQpOZVBSazd6ZFlQbEhZNjQ0OXJzRURrbWRGQkJTWXM5Y3V3aU92bTUxSFNF
QVVVdTAyUnhvZ3lKbER5VmdZZFJhDQpUeXR5WDRhUW9NNjBmOTNobm1XQUNTWXNzcUtUak9GYWpx
elhrUEJaUW1QcVJhZk15YkpGek5xckthTFBqNmZmDQpoR0NtUWs1cU5HVEdma0NnaTlrT0QvV090
dXk3L0dPdjVDbzBIL3REcHlqamJTR1pWS2RmNllxVEMySm41NTNaDQp6c29zd2pZNkR4dlFVOFZz
Mk5sWVVRWGM4WkRxUnpYT3ZIdUt5OUVYclpMTFhZMnVzVmp3Y1BzUzJXSVpKd2pBDQpiS1phV3JL
N2hoUm9OcGlRTTdNRHZENkJ2WURvaUN5Ti9USFBHWVBKLzJWQWdMOXhYN0tlaHBZeC9MWWgyT0hi
DQpoVWU4MlB0c01GNTlIRVFCUUNwc1BHMWtwK2pMSGthcUM4b01pL2hnL2s3czZ6Q3ZHa3NqbUZj
SnpGVG9lSk5GDQpWY3R4MWgrWWFtSjU0NWttUmlMcGphYkJxMlhFRElna1FEK2F2bUdrR0k3SUVx
eGRhM2lhRERrSlpkVEJuZTl5DQpPTUpZK2Ixb3BmRlNvL2lYNEFnUExzMll6ME1FMWo4VW8zUVN4
WDhGVlJFT2ZhYWc2UXB6WGU4aXpscEFvRG9sDQo3YkozWmNQYjVZekJzV2l6VFk2NlovM1pOSS9I
OU1Ea0p2M0c0QXdCQ0lFb292djFIbW9qbUdSM28zUE12UmVNDQpTU0NsSnkxMDIxYnIwT3o3dTRS
SQ0KPStvaFoNCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K
Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9wZ3Atc2lnbmF0dXJlOyBuYW1lPSJzaWduYXR1cmUu
YXNjIg0KQ29udGVudC1EZXNjcmlwdGlvbjogT3BlblBHUCBkaWdpdGFsIHNpZ25hdHVyZQ0KQ29u
dGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9InNpZ25hdHVyZS5hc2MiDQoN
Ci0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tDQpWZXJzaW9uOiBHbnVQRyB2MQ0KDQppUUlj
QkFFQkFnQUdCUUpWV3ZESkFBb0pFQkJoWkZVdWpZRkpZbTRRQU1wcGtUekRDbU5sUjFOWmkxOUt2
TXhrDQpyV1RuaUhmU1JhVzdMTUpTd3F5V0R3NFJmK0tFZE9HYXlESXgrU0FRbkM0Y1NCeHI3NkRG
OXRwSkYzUkN3UHVmDQpnQ2cwQU9YcXdVaGkzT2cxQ3pYamFvUW9iVUlSUmdMdWN3bjlhSDFkUmhs
cll0eXBqb3NhVDh1ank0SkVMYk5kDQowamdVRzlKc3ljQmtwbXZVYjBNYitHQ3JUVTI4azNiTSs1
eEV5VHhaS291MjBBbHVnbHI2NWhPT1F1NW9weUgrDQo5MWRFZjNOR1pyMUlrcm50V295emxPN2Rn
UEg0UG5XOEE4Q1c1N3dPTmg1cmNMNytkVWRZczUrM3l2eDdIdmgxDQpCcUdJMml3OXY4VFMxa1JX
QVZyYUlpL0NYVFBzUjcyLzVpS2o3Nmo1MUczZmp3VVhvYUwzVkJxYzlRK2o5VjBUDQpxVXRnU2hq
V3pJT1pETXNHbTZlRi9yQUNFeThvVFBQeGJqUXJiMnV6aGdTNGxjbFNKeUQwM1Z4c2JVSmgwT0hl
DQpZZHRjT0FyVk05Vjg0T3lnZFQvSFpkRndGRE9hbUJrSkhMOWhNZDlNbnVMZVR0TTdzQVEzcmZr
WFJkSTVPZ2Q4DQpwYmhCNFZrUTFpZFkxcURGbVgzbVpzaEdrakcyK3BZalAvYzJvWWdXS256Zm8r
Y09rdVRvbkhGZmpmb2k0RW8yDQp1a2s5cTNveGh0Ymk0RjJUS3BCd0p5WVFaRktuVjBLek5rYUtT
dVZCRGJNV25hS0dpNXBwRmxQeE0wUjNmS0hkDQpMTlBzWUsrSEFFWktYUWdBU3ZER0NNTmh6L3Ez
dSttMm9MSjZnaTdHdG5YZEFGRXZxR2dPcVNhU0c3bkFoaUxTDQpuWFJRUkVNL1N2ZVhFVVFRVVJD
WQ0KPVV5YUENCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K
Hello
I have read your first step guide and I like it. Here are my comments.
3.1. Login to the Web UI
privacyIDEA has one login form for users to login and for administrators
to login.
I do not get that sentence. Does it exist two login pages or one that both
uses?
3.2. Creating your first realm
After installing ubuntu packages, useridresolver and realm is asked to be
created for you. So this instructions maybe does not always apply. Create a
note about that?
3.3. Enrolling your first token
The problem here is not the guide but how fast the user needs to be.
After the admin has enrolled a new token google authenticator should be
used. The admin has 30 seconds (!) to get up his phone, start google
authenticating app (maybe new to the admin) and scan the code.
Either increase the timeout or make instruction how to access the QRcode
again if admin has been logged out.
After all is done, applications plugins is suggested to be used which is
great. I would like to see here instructions how to get apache2 and/or
nginx to authenticate against privacyidea. That will probably be used by
many and will secure the web in a wider easier way.
Hello Nicke,
thanks a lot for your feedback.
Hello
I have read your first step guide and I like it. Here are my comments.3.1. Login to the Web UI
privacyIDEA has one login form for users to login and for
administrators to login.
I do not get that sentence. Does it exist two login pages or one that
both uses?
one that both uses.
“privacyIDEA has only one login form that is used by administrators and
normal users to login.”
3.2. Creating your first realm
After installing ubuntu packages, useridresolver and realm is asked to
be created for you. So this instructions maybe does not always apply.
Create a note about that?
In this case I do not get your point?3.3. Enrolling your first token
The problem here is not the guide but how fast the user needs to be.
After the admin has enrolled a new token google authenticator should
be used. The admin has 30 seconds (!) to get up his phone, start
google authenticating app (maybe new to the admin) and scan the code.
Either increase the timeout or make instruction how to access the
QRcode again if admin has been logged out.
So how long does it take you?
What would you suggest?
Honestly I do not want to be the default to be too long. Since only a
few people log out intentionally.
I do not like it to be 5 minutes.
And I even do not know, if I would like it to be two minutes.After all is done, applications plugins is suggested to be used which
is great. I would like to see here instructions how to get apache2
and/or nginx to authenticate against privacyidea. That will probably
be used by many and will secure the web in a wider easier way.
Thanks. I think there should be a smoother transit to the application
section.
So you want to see a setup for basic authentication with a webserver?
But you know, that in this case the OTP user is not bound to the
application user! I.e. you can take your janitors OTP token and do basic
authentication and login with the admins credentials to the
application…
What Web applications are you thinking of?
Kind regards
CorneliusAm Mittwoch, den 03.06.2015, 06:18 -0700 schrieb Nicke:
–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/ad424120-f9e6-4da7-9301-ef4968de1326%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (819 Bytes)
Hi Nicke,
refreshing to read from you. 
OK, will increase the default timeout (which is called “logout_time”) to
120s.
The point is, I really do not like the basic authentication thing, since
it is… evil. Basic authentication sends the credentials with every
request. So the auth module needs to cache the OTP value, otherwise the
next auth would not work out. Caching the authenticated state of the
user and remembering the credentials that were leading to this state.
I.e. the apache module needs some persistant data storage like
memcached… :-/
Some years ago I hacked this in C for the predecessor product and I did
not like it. It was copied from mod-auth-radius.
And it looks like, that this authentication module is gone. I have not
packed it with privacyIDEA.
Maybe today I would go with mod_python like this:
But you still have to cache the logged in state of the user in the
apache module…
So in my opinion to get the quickest success story would be to use PAM
on the local system and issue the command “login” as root and test
authentication while in the system.
Kind regards
CorneliusAm Mittwoch, den 03.06.2015, 13:08 -0700 schrieb Nicke:
3.2. Creating your first realm, yeah, you created a note there,
perfect!About the timeout. Well, at least 1 minute. I do not understand how
this short timeout you have will increase security. If the admins
computer is not safe… eeh… well, your timeout will not help the
security in my opinion.
To get out my google authenticator and scanning the qrcode took about
45 seconds. Then (not me) new users will reflect and see these cool
numbers for 30 seconds more, maybe read some more “first steps”
documentation… You timeout has already happen… irritating.About webapp. Well, am thinking about apache2 basic authentication
here. You can show how authentication and authorization can be done in
a easy way with PrivacyIDEA. That will help people (me) getting
started with good security. Then maybe it will be applied into a
webapp (wordpress etc…) but that is up to the community to write
based on your great (?) APIJust some opinions.
Thanks for the first steps guide!–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/5c699f1f-c6ff-4043-b0c7-3398868f8ef5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (819 Bytes)
3.2. Creating your first realm, yeah, you created a note there, perfect!
About the timeout. Well, at least 1 minute. I do not understand how this
short timeout you have will increase security. If the admins computer is
not safe… eeh… well, your timeout will not help the security in my
opinion.
To get out my google authenticator and scanning the qrcode took about 45
seconds. Then (not me) new users will reflect and see these cool numbers
for 30 seconds more, maybe read some more “first steps” documentation… You
timeout has already happen… irritating.
About webapp. Well, am thinking about apache2 basic authentication here.
You can show how authentication and authorization can be done in a easy way
with PrivacyIDEA. That will help people (me) getting started with good
security. Then maybe it will be applied into a webapp (wordpress etc…) but
that is up to the community to write based on your great (?) API 
Just some opinions.
Thanks for the first steps guide!
Hi Nicke,
I added some of your comments and are online, now.
https://privacyidea.readthedocs.org/en/latest/firststeps/index.html
Kind regards
CorneliusAm Mittwoch, den 03.06.2015, 15:49 +0200 schrieb Cornelius Kölbel:
Hello Nicke,
thanks a lot for your feedback.
Am Mittwoch, den 03.06.2015, 06:18 -0700 schrieb Nicke:
Hello
I have read your first step guide and I like it. Here are my comments.3.1. Login to the Web UI
privacyIDEA has one login form for users to login and for
administrators to login.
I do not get that sentence. Does it exist two login pages or one that
both uses?one that both uses.
“privacyIDEA has only one login form that is used by administrators and
normal users to login.”3.2. Creating your first realm
After installing ubuntu packages, useridresolver and realm is asked to
be created for you. So this instructions maybe does not always apply.
Create a note about that?
In this case I do not get your point?3.3. Enrolling your first token
The problem here is not the guide but how fast the user needs to be.
After the admin has enrolled a new token google authenticator should
be used. The admin has 30 seconds (!) to get up his phone, start
google authenticating app (maybe new to the admin) and scan the code.
Either increase the timeout or make instruction how to access the
QRcode again if admin has been logged out.
So how long does it take you?
What would you suggest?
Honestly I do not want to be the default to be too long. Since only a
few people log out intentionally.
I do not like it to be 5 minutes.
And I even do not know, if I would like it to be two minutes.After all is done, applications plugins is suggested to be used which
is great. I would like to see here instructions how to get apache2
and/or nginx to authenticate against privacyidea. That will probably
be used by many and will secure the web in a wider easier way.Thanks. I think there should be a smoother transit to the application
section.
So you want to see a setup for basic authentication with a webserver?
But you know, that in this case the OTP user is not bound to the
application user! I.e. you can take your janitors OTP token and do basic
authentication and login with the admins credentials to the
application…What Web applications are you thinking of?
Kind regards
Cornelius–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/ad424120-f9e6-4da7-9301-ef4968de1326%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (819 Bytes)
Ok, inspiring.
I just pushed the implementation for Apache Basic Authentication with
OTP.
This implementation uses redis to cache the login.
When the tests run successfully I will push this to the development
repository at ppa:privacyidea/privacyidea-dev.
So if you like to, you are welcome to take a look at it:
add-apt-repository ppa:privacyidea/privacyidea-dev
apt-get update
apt-get install privacyidea-apache-client
Read
http://privacyidea.readthedocs.org/en/latest/application_plugins/index.html#apache2
Kind regards
CorneliusAm Mittwoch, den 03.06.2015, 13:08 -0700 schrieb Nicke:
3.2. Creating your first realm, yeah, you created a note there,
perfect!About the timeout. Well, at least 1 minute. I do not understand how
this short timeout you have will increase security. If the admins
computer is not safe… eeh… well, your timeout will not help the
security in my opinion.
To get out my google authenticator and scanning the qrcode took about
45 seconds. Then (not me) new users will reflect and see these cool
numbers for 30 seconds more, maybe read some more “first steps”
documentation… You timeout has already happen… irritating.About webapp. Well, am thinking about apache2 basic authentication
here. You can show how authentication and authorization can be done in
a easy way with PrivacyIDEA. That will help people (me) getting
started with good security. Then maybe it will be applied into a
webapp (wordpress etc…) but that is up to the community to write
based on your great (?) APIJust some opinions.
Thanks for the first steps guide!–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/5c699f1f-c6ff-4043-b0c7-3398868f8ef5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (819 Bytes)
Hi Nicke,
thanks!
Just drop me a note if you have any questions, which will help to
improve the docs.
Kind regards
CorneliusAm Sonntag, den 07.06.2015, 12:10 -0700 schrieb Nicke:
I just want to say that it is awesome to have a apache2 module. I will
absolutely try it out on Tuesday or Wednesday the coming week.
I will report back.You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/c7a85357-88ff-4046-b96f-f8408de3f6ef%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (819 Bytes)
I just want to say that it is awesome to have a apache2 module. I will
absolutely try it out on Tuesday or Wednesday the coming week.
I will report back.
Here is one example of error when having redis = “localhost” in the config
file,
mod_wsgi (pid=4105): Exception occurred processing WSGI script
‘/usr/share/pyshared/privacyidea_apache.py’.
Traceback (most recent call last):
File “/usr/share/pyshared/privacyidea_apache.py”, line 60, in
check_password
value = rd.get(username)
File “/usr/lib/python2.7/dist-packages/redis/client.py”, line 551, in get
return self.execute_command(‘GET’, name)
File “/usr/lib/python2.7/dist-packages/redis/client.py”, line 364, in
execute_command
connection.send_command(*args)
File “/usr/lib/python2.7/dist-packages/redis/connection.py”, line 301, in
send_command
self.send_packed_command(self.pack_command(*args))
File “/usr/lib/python2.7/dist-packages/redis/connection.py”, line 283, in
send_packed_command
self.connect()
File “/usr/lib/python2.7/dist-packages/redis/connection.py”, line 231, in
connect
raise ConnectionError(self._error_message(e))
ConnectionError: Error -2 connecting “localhost”:6379. Name or service not
known.
root@files:/etc/redis# netstat -lptnu | grep 6379
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN
4052/redis-server 1
Den onsdag 10 juni 2015 kl. 11:41:38 UTC+2 skrev Nicke:>
Hi
1)
Before it was
[DEFAULT]
redis = “localhost”
privacyidea = “https://auth.example.com”
sslverify = FalseBut that created exceptions so I changed that to
[DEFAULT]
redis = localhost
privacyidea = https://auth.example.com
sslverify = False2)
Se above
It contains
mod_wsgi: requests < 1.0Den onsdag 10 juni 2015 kl. 11:31:30 UTC+2 skrev Cornelius Kölbel:
Hi Nicke,
1.) what did you remove? I did not get it in the formatting.
2.) How does your /etc/privacyidea/apache.conf looks like, now?
3.) Does you /var/log/syslog contain
“request > 1.0”
or
“request < 1.0”
Kind regards
CorneliusAm Mittwoch, den 10.06.2015, 02:18 -0700 schrieb Nicke:
You are right, it does work now. I do not know what I did wrong last
time I tried.The file /etc/privacyidea/apache.conf contains " on redis and
privacyidea value. In apache error file it complains (error) about
this so I had to remove it.
Anway, I still can not get this to work, I getmod_wsgi (pid=4105): Exception occurred processing WSGI script
‘/usr/share/pyshared/privacyidea_apache.py’.
Traceback (most recent call last):
File “/usr/share/pyshared/privacyidea_apache.py”, line 81, in
check_password
if json_response.get(“result”, {}).get(“value”):
AttributeError: ‘function’ object has no attribute ‘get’
mod_wsgi (pid=4105): Exception occurred processing WSGI script
‘/usr/share/pyshared/privacyidea_apache.py’., referer:
https://subdomain.example.com/
Traceback (most recent call last):, referer:
https://subdomain.example.com/
File “/usr/share/pyshared/privacyidea_apache.py”, line 81, in
check_password, referer: https://subdomain.example.com/
if json_response.get(“result”, {}).get(“value”):, referer:
https://subdomain.example.com/
AttributeError: ‘function’ object has no attribute ‘get’, referer:
https://subdomain.example.com/Den onsdag 10 juni 2015 kl. 10:43:28 UTC+2 skrev Cornelius Kölbel:
Hi Nicke,it does. Did you run an apt-get update? Kind regards Cornelius Am Mittwoch, den 10.06.2015, 01:30 -0700 schrieb Nicke: > For me to be able to test this it would be good if > privacyidea-apache-client exist in the dev repository on launchpad. > > > add-apt-repository ppa:privacyidea/privacyidea-dev > apt-get update > apt-get install privacyidea-apache-client > .. does not work on Ubuntu 14.04 because privacyidea-apache-client is > missing. > -- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > To view this discussion on the web visit >> For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
To view this discussion on the web visitFor more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
corneliu…@netknights.it
+49 151 2960 1417NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
Hi,
I am sorry. On what system are you running?
(I would like to try running request 2.x)
Probably there is an exception where it should not be.
Could you please use the attached file, restart apache and take a look
at the syslog again.
Thx and kind regards
CorneliusAm Mittwoch, den 10.06.2015, 02:41 -0700 schrieb Nicke:
Hi
1)
Before it was
[DEFAULT]
redis = “localhost”
privacyidea = “https://auth.example.com”
sslverify = FalseBut that created exceptions so I changed that to
[DEFAULT]
redis = localhost
privacyidea = https://auth.example.com
sslverify = False
Se above
It contains
mod_wsgi: requests < 1.0Den onsdag 10 juni 2015 kl. 11:31:30 UTC+2 skrev Cornelius Kölbel:
Hi Nicke,1.) what did you remove? I did not get it in the formatting. 2.) How does your /etc/privacyidea/apache.conf looks like, now? 3.) Does you /var/log/syslog contain "request > 1.0" or "request < 1.0" Kind regards Cornelius Am Mittwoch, den 10.06.2015, 02:18 -0700 schrieb Nicke: > You are right, it does work now. I do not know what I did wrong last > time I tried. > > > The file /etc/privacyidea/apache.conf contains " on redis and > privacyidea value. In apache error file it complains (error) about > this so I had to remove it. > Anway, I still can not get this to work, I get > > > mod_wsgi (pid=4105): Exception occurred processing WSGI script > '/usr/share/pyshared/privacyidea_apache.py'. > Traceback (most recent call last): > File "/usr/share/pyshared/privacyidea_apache.py", line 81, in > check_password > if json_response.get("result", {}).get("value"): > AttributeError: 'function' object has no attribute 'get' > mod_wsgi (pid=4105): Exception occurred processing WSGI script > '/usr/share/pyshared/privacyidea_apache.py'., referer: > https://subdomain.example.com/ > Traceback (most recent call last):, referer: > https://subdomain.example.com/ > File "/usr/share/pyshared/privacyidea_apache.py", line 81, in > check_password, referer: https://subdomain.example.com/ > if json_response.get("result", {}).get("value"):, referer: > https://subdomain.example.com/ > AttributeError: 'function' object has no attribute 'get', referer: > https://subdomain.example.com/ > > > > > > > Den onsdag 10 juni 2015 kl. 10:43:28 UTC+2 skrev Cornelius Kölbel: > Hi Nicke, > > it does. > Did you run an apt-get update? > > Kind regards > Cornelius > > Am Mittwoch, den 10.06.2015, 01:30 -0700 schrieb Nicke: > > For me to be able to test this it would be good if > > privacyidea-apache-client exist in the dev repository on > launchpad. > > > > > > add-apt-repository ppa:privacyidea/privacyidea-dev > > apt-get update > > apt-get install privacyidea-apache-client > > .. does not work on Ubuntu 14.04 because > privacyidea-apache-client is > > missing. > > -- > > You received this message because you are subscribed to the > Google > > Groups "privacyidea" group. > > To unsubscribe from this group and stop receiving emails > from it, send > > an email to privacyidea...@googlegroups.com. > > To post to this group, send email to > priva...@googlegroups.com. > > To view this discussion on the web visit > > > https://groups.google.com/d/msgid/privacyidea/ac3b3d13-3fed-4d19-98f8-cd038d5d4ceb%40googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. > > -- > Cornelius Kölbel > corneliu...@netknights.it > +49 151 2960 1417 > > NetKnights GmbH > http://www.netknights.it > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > Tel: +49 561 3166797, Fax: +49 561 3166798 > > Amtsgericht Kassel, HRB 16405 > Geschäftsführer: Cornelius Kölbel > > > -- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/privacyidea/55416469-bde4-4e6f-bbbc-8462b4e1da1b%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/bfc540e9-7e7a-4524-ace6-f207dab1730a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
privacyidea_apache.py (3.93 KB)
signature.asc (819 Bytes)
For me to be able to test this it would be good if
privacyidea-apache-client exist in the dev repository on launchpad.
add-apt-repository ppa:privacyidea/privacyidea-dev
apt-get update
apt-get install privacyidea-apache-client
… does not work on Ubuntu 14.04 because privacyidea-apache-client is
missing.
:o)
Great!
Well, but you are totally right. This is a very important thing to
improve the error message. In this case thank you very much for this
experience and the input.
Will be taken care of!
Kind regards
CorneliusAm Mittwoch, den 10.06.2015, 05:35 -0700 schrieb Nicke:
Hi
Now when I have slept for a while I look with new eyes on the problem
and see directly that am doing it wrong. My privacyidea host is not
auth.example.com but aaa.example.com. So embarrassing.
Your basic auth client works great.
The only thing I believe you can improve is the error message for the
next m****n that tries to authenticate against wrong URL.Truly sorry for taking up your time.
Den onsdag 10 juni 2015 kl. 14:26:44 UTC+2 skrev Cornelius Kölbel:
Hi Nicke, no. You indeed need no quotes. The interesting line is ValueError("No JSON object could be decoded") I.e. the url you requested, did not respond as expected. Can you see this /validate/check request in the Audit log in the web UI? What does it say there? Kind regards Cornelius Am Mittwoch, den 10.06.2015, 04:34 -0700 schrieb Nicke: > Yeah, you are right, access right errors. Am a little tired so did not > pay attention enough. > > > So here is the output now, > Jun 10 12:57:50 files mod_wsgi: Reading configuration > https://auth.example.com, localhost, False > Jun 10 12:57:50 files mod_wsgi: Authentication with > https://auth.example.com, localhost, False > Jun 10 12:57:50 files mod_wsgi: requests < 1.0 > Jun 10 12:57:50 files mod_wsgi: Traceback (most recent call > last):#012 File "/usr/share/pyshared/privacyidea_apache.py", line 75, > in check_password#012 json_response = response.json()#012 File > "/usr/lib/python2.7/dist-packages/requests/models.py", line 741, in > json#012 return json.loads(self.text, **kwargs)#012 File > "/usr/lib/python2.7/json/__init__.py", line 338, in loads#012 > return _default_decoder.decode(s)#012 File > "/usr/lib/python2.7/json/decoder.py", line 366, in decode#012 obj, > end = self.raw_decode(s, idx=_w(s, 0).end())#012 File > "/usr/lib/python2.7/json/decoder.py", line 384, in raw_decode#012 > raise ValueError("No JSON object could be decoded")#012ValueError: No > JSON object could be decoded > > > When having privacyidea = "https://auth.example.com" > in /etc/privacyidea/apache.conf > mod_wsgi (pid=4865): Exception occurred processing WSGI script > '/usr/share/pyshared/privacyidea_apache.py'. > Traceback (most recent call last): > File "/usr/share/pyshared/privacyidea_apache.py", line 72, in > check_password > verify=SSLVERIFY) > File "/usr/lib/python2.7/dist-packages/requests/api.py", line 88, > in post > return request('post', url, data=data, **kwargs) > File "/usr/lib/python2.7/dist-packages/requests/api.py", line 44, > in request > return session.request(method=method, url=url, **kwargs) > File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line > 455, in request > resp = self.send(prep, **send_kwargs) > File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line > 553, in send > adapter = self.get_adapter(url=request.url) > File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line > 598, in get_adapter > raise InvalidSchema("No connection adapters were found for '%s'" > % url) > InvalidSchema: No connection adapters were found for > '"https://auth.example.com"/validate/check' > > > mod_wsgi (pid=4865): Exception occurred processing WSGI script > '/usr/share/pyshared/privacyidea_apache.py'., referer: > https://subdomain.example.com/ > Traceback (most recent call last):, referer: > https://subdomain.example.com/ > File "/usr/share/pyshared/privacyidea_apache.py", line 72, in > check_password, referer: https://subdomain.example.com/ > verify=SSLVERIFY), referer: https://subdomain.example.com/ > File "/usr/lib/python2.7/dist-packages/requests/api.py", line 88, > in post, referer: https://subdomain.example.com/ > return request('post', url, data=data, **kwargs), referer: > https://subdomain.example.com/ > File "/usr/lib/python2.7/dist-packages/requests/api.py", line 44, > in request, referer: https://subdomain.example.com/ > return session.request(method=method, url=url, **kwargs), > referer: https://subdomain.example.com/ > File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line > 455, in request, referer: https://subdomain.example.com/ > resp = self.send(prep, **send_kwargs), referer: > https://subdomain.example.com/ > File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line > 553, in send, referer: https://subdomain.example.com/ > adapter = self.get_adapter(url=request.url), referer: > https://subdomain.example.com/ > File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line > 598, in get_adapter, referer: https://subdomain.example.com/ > raise InvalidSchema("No connection adapters were found for '%s'" > % url), referer: https://subdomain.example.com/ > InvalidSchema: No connection adapters were found for > '"https://auth.example.com"/validate/check', referer: > https://subdomain.example.com/ > > > When having privacyidea = https://auth.example.com > in /etc/privacyidea/apache.conf > > mod_wsgi (pid=4865): Exception occurred processing WSGI script > '/usr/share/pyshared/privacyidea_apache.py'. > Traceback (most recent call last): > File "/usr/share/pyshared/privacyidea_apache.py", line 83, in > check_password > if json_response.get("result", {}).get("value"): > AttributeError: 'function' object has no attribute 'get' > > > mod_wsgi (pid=4865): Exception occurred processing WSGI script > '/usr/share/pyshared/privacyidea_apache.py'., referer: > https://subdomain.example.com/ > Traceback (most recent call last):, referer: > https://subdomain.example.com/ > File "/usr/share/pyshared/privacyidea_apache.py", line 83, in > check_password, referer: https://subdomain.example.com/ > if json_response.get("result", {}).get("value"):, referer: > https://subdomain.example.com/ > AttributeError: 'function' object has no attribute 'get', referer: > https://subdomain.example.com/ > > > > > > > Den onsdag 10 juni 2015 kl. 12:48:34 UTC+2 skrev Cornelius Kölbel: > Hi, > > please check the access right of > /usr/share/pyshared/privacyidea_apache.py > > The apache user should be able to read it. > Should be 644. > > Kind regards > Cornelius > > > Am Mittwoch, den 10.06.2015, 03:15 -0700 schrieb Nicke: > > Am running Ubuntu 14.04.2 on the client machine having > > privacyidea-apache-client installed, this is called > > "subdomain.example.com". > > Authentication server is another host running the same > system. This > > machine is called "auth.example.com". > > > > > > Here is the only output with your new file, > > [Wed Jun 10 12:12:19.064834 2015] [:error] [pid 4728:tid > > 139652069586688] (13)Permission denied: [client > > 2a02:xxx:0:10:cccc:97fc:6f52:b703:36240] mod_wsgi > (pid=4728, > > process='', application=''): Call to fopen() failed for > > '/usr/share/pyshared/privacyidea_apache.py'. > > [Wed Jun 10 12:12:19.250990 2015] [:error] [pid 4728:tid > > 139652052801280] (13)Permission denied: [client > > 2a02:xxx:0:10:cccc:97fc:6f52:b703:36241] mod_wsgi > (pid=4728, > > process='', application=''): Call to fopen() failed for > > '/usr/share/pyshared/privacyidea_apache.py'., referer: > > https://subdomain.example.com/ > > > > > > > > Den onsdag 10 juni 2015 kl. 12:02:52 UTC+2 skrev Cornelius > Kölbel: > > Hi, > > > > I am sorry. On what system are you running? > > (I would like to try running request 2.x) > > > > Probably there is an exception where it should not > be. > > Could you please use the attached file, restart > apache and > > take a look > > at the syslog again. > > > > Thx and kind regards > > Cornelius > > > > Am Mittwoch, den 10.06.2015, 02:41 -0700 schrieb > Nicke: > > > Hi > > > 1) > > > Before it was > > > [DEFAULT] > > > redis = "localhost" > > > privacyidea = "https://auth.example.com" > > > sslverify = False > > > > > > > > > But that created exceptions so I changed that to > > > [DEFAULT] > > > redis = localhost > > > privacyidea = https://auth.example.com > > > sslverify = False > > > > > > > > > 2) > > > Se above > > > > > > > > > 3) > > > It contains > > > mod_wsgi: requests < 1.0 > > > > > > > > > > > > Den onsdag 10 juni 2015 kl. 11:31:30 UTC +2 skrev > Cornelius > > Kölbel: > > > Hi Nicke, > > > > > > 1.) what did you remove? I did not get it > in the > > formatting. > > > > > > 2.) How does > your /etc/privacyidea/apache.conf looks > > like, > > > now? > > > > > > 3.) Does you /var/log/syslog contain > > > > > > "request > 1.0" > > > > > > or > > > > > > "request < 1.0" > > > > > > > > > Kind regards > > > Cornelius > > > > > > Am Mittwoch, den 10.06.2015, 02:18 -0700 schrieb > > Nicke: > > > > You are right, it does work now. I do > not know > > what I did > > > wrong last > > > > time I tried. > > > > > > > > > > > > The file /etc/privacyidea/apache.conf > contains " > > on redis > > > and > > > > privacyidea value. In apache error file > it > > complains (error) > > > about > > > > this so I had to remove it. > > > > Anway, I still can not get this to work, > I get > > > > > > > > > > > > mod_wsgi (pid=4105): Exception > occurred > > processing WSGI > > > script > > > > > '/usr/share/pyshared/privacyidea_apache.py'. > > > > Traceback (most recent call last): > > > > File > > "/usr/share/pyshared/privacyidea_apache.py", line > > > 81, in > > > > check_password > > > > if json_response.get("result", > > {}).get("value"): > > > > AttributeError: 'function' object has > no > > attribute 'get' > > > > mod_wsgi (pid=4105): Exception > occurred > > processing WSGI > > > script > > > > > '/usr/share/pyshared/privacyidea_apache.py'., > > referer: > > > > https://subdomain.example.com/ > > > > Traceback (most recent call last):, > referer: > > > > https://subdomain.example.com/ > > > > File > > "/usr/share/pyshared/privacyidea_apache.py", line > > > 81, in > > > > check_password, referer: > > https://subdomain.example.com/ > > > > if json_response.get("result", > > {}).get("value"):, > > > referer: > > > > https://subdomain.example.com/ > > > > AttributeError: 'function' object has > no > > attribute 'get', > > > referer: > > > > https://subdomain.example.com/ > > > > > > > > > > > > > > > > > > > > > > > > > > > > Den onsdag 10 juni 2015 kl. 10:43:28 UTC > +2 skrev > > Cornelius > > > Kölbel: > > > > Hi Nicke, > > > > > > > > it does. > > > > Did you run an apt-get update? > > > > > > > > Kind regards > > > > Cornelius > > > > > > > > Am Mittwoch, den 10.06.2015, 01:30 -0700 schrieb > > > Nicke: > > > > > For me to be able to test this > it would > > be good > > > if > > > > > privacyidea-apache-client > exist in the > > dev > > > repository on > > > > launchpad. > > > > > > > > > > > > > > > add-apt-repository > > > ppa:privacyidea/privacyidea-dev > > > > > apt-get update > > > > > apt-get install > > privacyidea-apache-client > > > > > .. does not work on Ubuntu > 14.04 > > because > > > > privacyidea-apache-client is > > > > > missing. > > > > > -- > > > > > You received this message > because you > > are > > > subscribed to the > > > > Google > > > > > Groups "privacyidea" group. > > > > > To unsubscribe from this group > and stop > > receiving > > > emails > > > > from it, send > > > > > an email to > > privacyidea...@googlegroups.com. > > > > > To post to this group, send > email to > > > > priva...@googlegroups.com. > > > > > To view this discussion on the > web > > visit > > > > > > > > > > > > > > > https://groups.google.com/d/msgid/privacyidea/ac3b3d13-3fed-4d19-98f8-cd038d5d4ceb%40googlegroups.com. > > > > > For more options, visit > > > https://groups.google.com/d/optout. > > > > > > > > -- > > > > Cornelius Kölbel > > > > corneliu...@netknights.it > > > > +49 151 2960 1417 > > > > > > > > NetKnights GmbH > > > > http://www.netknights.it > > > > Landgraf-Karl-Str. 19, 34131 > Kassel, > > Germany > > > > Tel: +49 561 3166797, Fax: +49 > 561 > > 3166798 > > > > > > > > Amtsgericht Kassel, HRB 16405 > > > > Geschäftsführer: Cornelius > Kölbel > > > > > > > > > > > > -- > > > > You received this message because you > are > > subscribed to the > > > Google > > > > Groups "privacyidea" group. > > > > To unsubscribe from this group and stop > receiving > > emails > > > from it, send > > > > an email to > privacyidea...@googlegroups.com. > > > > To post to this group, send email to > > > priva...@googlegroups.com. > > > > To view this discussion on the web > visit > > > > > > > > > > https://groups.google.com/d/msgid/privacyidea/55416469-bde4-4e6f-bbbc-8462b4e1da1b%40googlegroups.com. > > > > For more options, visit > > https://groups.google.com/d/optout. > > > > > > -- > > > Cornelius Kölbel > > > corneliu...@netknights.it > > > +49 151 2960 1417 > > > > > > NetKnights GmbH > > > http://www.netknights.it > > > Landgraf-Karl-Str. 19, 34131 Kassel, > Germany > > > Tel: +49 561 3166797, Fax: +49 561 > 3166798 > > > > > > Amtsgericht Kassel, HRB 16405 > > > Geschäftsführer: Cornelius Kölbel > > > > > > > > > -- > > > You received this message because you are > subscribed to the > > Google > > > Groups "privacyidea" group. > > > To unsubscribe from this group and stop receiving > emails > > from it, send > > > an email to privacyidea...@googlegroups.com. > > > To post to this group, send email to > > priva...@googlegroups.com. > > > To view this discussion on the web visit > > > > > > https://groups.google.com/d/msgid/privacyidea/bfc540e9-7e7a-4524-ace6-f207dab1730a%40googlegroups.com. > > > For more options, visit > https://groups.google.com/d/optout. > > > > -- > > Cornelius Kölbel > > corneliu...@netknights.it > > +49 151 2960 1417 > > > > NetKnights GmbH > > http://www.netknights.it > > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > > Tel: +49 561 3166797, Fax: +49 561 3166798 > > > > Amtsgericht Kassel, HRB 16405 > > Geschäftsführer: Cornelius Kölbel > > > > > > -- > > You received this message because you are subscribed to the > Google > > Groups "privacyidea" group. > > To unsubscribe from this group and stop receiving emails > from it, send > > an email to privacyidea...@googlegroups.com. > > To post to this group, send email to > priva...@googlegroups.com. > > To view this discussion on the web visit > > > https://groups.google.com/d/msgid/privacyidea/140accd8-8d81-4840-a2b0-dad6e4639ccd%40googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. > > -- > Cornelius Kölbel > corneliu...@netknights.it > +49 151 2960 1417 > > NetKnights GmbH > http://www.netknights.it > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > Tel: +49 561 3166797, Fax: +49 561 3166798 > > Amtsgericht Kassel, HRB 16405 > Geschäftsführer: Cornelius Kölbel > > > -- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/privacyidea/fd2dc6ce-260c-4214-8ab2-6f58c3532b8d%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/7a0acb0e-1762-44de-8184-78188c50e6db%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (819 Bytes)
Am running Ubuntu 14.04.2 on the client machine having
privacyidea-apache-client installed, this is called “subdomain.example.com”.
Authentication server is another host running the same system. This machine
is called “auth.example.com”.
Here is the only output with your new file,
[Wed Jun 10 12:12:19.064834 2015] [:error] [pid 4728:tid 139652069586688] (
13)Permission denied: [client 2a02:xxx:0:10:cccc:97fc:6f52:b703:36240]
mod_wsgi (pid=4728, process=‘’, application=‘’): Call to fopen() failed for
‘/usr/share/pyshared/privacyidea_apache.py’.
[Wed Jun 10 12:12:19.250990 2015] [:error] [pid 4728:tid 139652052801280] (
13)Permission denied: [client 2a02:xxx:0:10:cccc:97fc:6f52:b703:36241]
mod_wsgi (pid=4728, process=‘’, application=‘’): Call to fopen() failed for
‘/usr/share/pyshared/privacyidea_apache.py’., referer: https:
//subdomain.example.com/
Den onsdag 10 juni 2015 kl. 12:02:52 UTC+2 skrev Cornelius Kölbel:>
Hi,
I am sorry. On what system are you running?
(I would like to try running request 2.x)Probably there is an exception where it should not be.
Could you please use the attached file, restart apache and take a look
at the syslog again.Thx and kind regards
CorneliusAm Mittwoch, den 10.06.2015, 02:41 -0700 schrieb Nicke:
Hi
1)
Before it was
[DEFAULT]
redis = “localhost”
privacyidea = “https://auth.example.com”
sslverify = FalseBut that created exceptions so I changed that to
[DEFAULT]
redis = localhost
privacyidea = https://auth.example.com
sslverify = False
Se above
It contains
mod_wsgi: requests < 1.0Den onsdag 10 juni 2015 kl. 11:31:30 UTC+2 skrev Cornelius Kölbel:
Hi Nicke,1.) what did you remove? I did not get it in the formatting. 2.) How does your /etc/privacyidea/apache.conf looks like, now? 3.) Does you /var/log/syslog contain "request > 1.0" or "request < 1.0" Kind regards Cornelius Am Mittwoch, den 10.06.2015, 02:18 -0700 schrieb Nicke: > You are right, it does work now. I do not know what I did wrong last > time I tried. > > > The file /etc/privacyidea/apache.conf contains " on redis and > privacyidea value. In apache error file it complains (error) about > this so I had to remove it. > Anway, I still can not get this to work, I get > > > mod_wsgi (pid=4105): Exception occurred processing WSGI script > '/usr/share/pyshared/privacyidea_apache.py'. > Traceback (most recent call last): > File "/usr/share/pyshared/privacyidea_apache.py", line 81, in > check_password > if json_response.get("result", {}).get("value"): > AttributeError: 'function' object has no attribute 'get' > mod_wsgi (pid=4105): Exception occurred processing WSGI script > '/usr/share/pyshared/privacyidea_apache.py'., referer: > https://subdomain.example.com/ > Traceback (most recent call last):, referer: > https://subdomain.example.com/ > File "/usr/share/pyshared/privacyidea_apache.py", line 81, in > check_password, referer: https://subdomain.example.com/ > if json_response.get("result", {}).get("value"):, referer: > https://subdomain.example.com/ > AttributeError: 'function' object has no attribute 'get', referer: > https://subdomain.example.com/ > > > > > > > Den onsdag 10 juni 2015 kl. 10:43:28 UTC+2 skrev Cornelius Kölbel: > Hi Nicke, > > it does. > Did you run an apt-get update? > > Kind regards > Cornelius > > Am Mittwoch, den 10.06.2015, 01:30 -0700 schrieb Nicke: > > For me to be able to test this it would be good if > > privacyidea-apache-client exist in the dev repository on > launchpad. > > > > > > add-apt-repository ppa:privacyidea/privacyidea-dev > > apt-get update > > apt-get install privacyidea-apache-client > > .. does not work on Ubuntu 14.04 because > privacyidea-apache-client is > > missing. > > -- > > You received this message because you are subscribed to the > Google > > Groups "privacyidea" group. > > To unsubscribe from this group and stop receiving emails > from it, send > > an email to privacyidea...@googlegroups.com. > > To post to this group, send email to > priva...@googlegroups.com. > > To view this discussion on the web visit > > >> > For more options, visit https://groups.google.com/d/optout. > > -- > Cornelius Kölbel > corneliu...@netknights.it > +49 151 2960 1417 > > NetKnights GmbH > http://www.netknights.it > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > Tel: +49 561 3166797, Fax: +49 561 3166798 > > Amtsgericht Kassel, HRB 16405 > Geschäftsführer: Cornelius Kölbel > > > -- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > To view this discussion on the web visit >> For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visitFor more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
corneliu…@netknights.it <javascript:>
+49 151 2960 1417NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
Hi,
please check the access right of
/usr/share/pyshared/privacyidea_apache.py
The apache user should be able to read it.
Should be 644.
Kind regards
CorneliusAm Mittwoch, den 10.06.2015, 03:15 -0700 schrieb Nicke:
Am running Ubuntu 14.04.2 on the client machine having
privacyidea-apache-client installed, this is called
“subdomain.example.com”.
Authentication server is another host running the same system. This
machine is called “auth.example.com”.Here is the only output with your new file,
[Wed Jun 10 12:12:19.064834 2015] [:error] [pid 4728:tid
139652069586688] (13)Permission denied: [client
2a02:xxx:0:10:cccc:97fc:6f52:b703:36240] mod_wsgi (pid=4728,
process=‘’, application=‘’): Call to fopen() failed for
‘/usr/share/pyshared/privacyidea_apache.py’.
[Wed Jun 10 12:12:19.250990 2015] [:error] [pid 4728:tid
139652052801280] (13)Permission denied: [client
2a02:xxx:0:10:cccc:97fc:6f52:b703:36241] mod_wsgi (pid=4728,
process=‘’, application=‘’): Call to fopen() failed for
‘/usr/share/pyshared/privacyidea_apache.py’., referer:
https://subdomain.example.com/Den onsdag 10 juni 2015 kl. 12:02:52 UTC+2 skrev Cornelius Kölbel:
Hi,I am sorry. On what system are you running? (I would like to try running request 2.x) Probably there is an exception where it should not be. Could you please use the attached file, restart apache and take a look at the syslog again. Thx and kind regards Cornelius Am Mittwoch, den 10.06.2015, 02:41 -0700 schrieb Nicke: > Hi > 1) > Before it was > [DEFAULT] > redis = "localhost" > privacyidea = "https://auth.example.com" > sslverify = False > > > But that created exceptions so I changed that to > [DEFAULT] > redis = localhost > privacyidea = https://auth.example.com > sslverify = False > > > 2) > Se above > > > 3) > It contains > mod_wsgi: requests < 1.0 > > > > Den onsdag 10 juni 2015 kl. 11:31:30 UTC+2 skrev Cornelius Kölbel: > Hi Nicke, > > 1.) what did you remove? I did not get it in the formatting. > > 2.) How does your /etc/privacyidea/apache.conf looks like, > now? > > 3.) Does you /var/log/syslog contain > > "request > 1.0" > > or > > "request < 1.0" > > > Kind regards > Cornelius > > Am Mittwoch, den 10.06.2015, 02:18 -0700 schrieb Nicke: > > You are right, it does work now. I do not know what I did > wrong last > > time I tried. > > > > > > The file /etc/privacyidea/apache.conf contains " on redis > and > > privacyidea value. In apache error file it complains (error) > about > > this so I had to remove it. > > Anway, I still can not get this to work, I get > > > > > > mod_wsgi (pid=4105): Exception occurred processing WSGI > script > > '/usr/share/pyshared/privacyidea_apache.py'. > > Traceback (most recent call last): > > File "/usr/share/pyshared/privacyidea_apache.py", line > 81, in > > check_password > > if json_response.get("result", {}).get("value"): > > AttributeError: 'function' object has no attribute 'get' > > mod_wsgi (pid=4105): Exception occurred processing WSGI > script > > '/usr/share/pyshared/privacyidea_apache.py'., referer: > > https://subdomain.example.com/ > > Traceback (most recent call last):, referer: > > https://subdomain.example.com/ > > File "/usr/share/pyshared/privacyidea_apache.py", line > 81, in > > check_password, referer: https://subdomain.example.com/ > > if json_response.get("result", {}).get("value"):, > referer: > > https://subdomain.example.com/ > > AttributeError: 'function' object has no attribute 'get', > referer: > > https://subdomain.example.com/ > > > > > > > > > > > > > > Den onsdag 10 juni 2015 kl. 10:43:28 UTC+2 skrev Cornelius > Kölbel: > > Hi Nicke, > > > > it does. > > Did you run an apt-get update? > > > > Kind regards > > Cornelius > > > > Am Mittwoch, den 10.06.2015, 01:30 -0700 schrieb > Nicke: > > > For me to be able to test this it would be good > if > > > privacyidea-apache-client exist in the dev > repository on > > launchpad. > > > > > > > > > add-apt-repository > ppa:privacyidea/privacyidea-dev > > > apt-get update > > > apt-get install privacyidea-apache-client > > > .. does not work on Ubuntu 14.04 because > > privacyidea-apache-client is > > > missing. > > > -- > > > You received this message because you are > subscribed to the > > Google > > > Groups "privacyidea" group. > > > To unsubscribe from this group and stop receiving > emails > > from it, send > > > an email to privacyidea...@googlegroups.com. > > > To post to this group, send email to > > priva...@googlegroups.com. > > > To view this discussion on the web visit > > > > > > https://groups.google.com/d/msgid/privacyidea/ac3b3d13-3fed-4d19-98f8-cd038d5d4ceb%40googlegroups.com. > > > For more options, visit > https://groups.google.com/d/optout. > > > > -- > > Cornelius Kölbel > > corneliu...@netknights.it > > +49 151 2960 1417 > > > > NetKnights GmbH > > http://www.netknights.it > > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > > Tel: +49 561 3166797, Fax: +49 561 3166798 > > > > Amtsgericht Kassel, HRB 16405 > > Geschäftsführer: Cornelius Kölbel > > > > > > -- > > You received this message because you are subscribed to the > Google > > Groups "privacyidea" group. > > To unsubscribe from this group and stop receiving emails > from it, send > > an email to privacyidea...@googlegroups.com. > > To post to this group, send email to > priva...@googlegroups.com. > > To view this discussion on the web visit > > > https://groups.google.com/d/msgid/privacyidea/55416469-bde4-4e6f-bbbc-8462b4e1da1b%40googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. > > -- > Cornelius Kölbel > corneliu...@netknights.it > +49 151 2960 1417 > > NetKnights GmbH > http://www.netknights.it > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > Tel: +49 561 3166797, Fax: +49 561 3166798 > > Amtsgericht Kassel, HRB 16405 > Geschäftsführer: Cornelius Kölbel > > > -- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/privacyidea/bfc540e9-7e7a-4524-ace6-f207dab1730a%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/140accd8-8d81-4840-a2b0-dad6e4639ccd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (819 Bytes)