Hi dears,
recently, i installed PI V3.6 on Debian GNU/Linux 11 and the the PI running inside docker container, my issue is when i generate a registration code for “usertest” in ldap resolver, i can’t login to the privacy idea with the “usertest” and with the registration code the error is: Authentication failed. Authentication failure. Wrong credentials. my policies as below:
1- scope: user | action: enrollHOTP": true
2- scope: webui | action: login_mode": "privacyIDEA
3- scope: authentication | action: otppin: none
I don’t know what is the issue and how can i resolve it?
Basically your policies look like as if a user can login with one of his tokens without any PIN to the WebUI.
This means the user should be able to only login with his reg code.
You first check should always go to the audit log. There you can also see, which policies were actually applied for the /auth request.
I resolved it thanks!
How did you resolve it?
Other might benefit from this information.
I don’t know, but when i create another policy with:
scope: user | action: enrollTOTP": true
it worked.
Thank you for your response. However, it does not sound sensible, why this should have solved your problem. Probably it was another aspect.