Is Privacyidea Enterprise must for windows credential provider

John.Chung · September 23, 2018, 7:03am

Hi
I’m testing Privacyidea Credential Provider but no luck. Tried different auth policy.
But always found error POST /validate/check SubscriptionError('No subscription for your client in server side
Is only Privacyidea Enterprise can work with credential provider?
Thanks.

cornelinux · September 23, 2018, 9:40am

Hi John,

you need to contact NetKnights to get a subscription for the credential provider.
If you want to run the Credential Provider productively, the privacyIDEA Enterprise Edition is a must - yes.

Kind regards
Cornelius

Disclaimer: Of course this is all open source and you could do it your own way…

John.Chung · September 23, 2018, 2:51pm

Hi CorneLinux,

I am evaluating privacyidea in our environment. I already build the credential provider with VS2017. Just found that it show “SubscriptionError('No subscription for your client in server side” in my privacyidea server while RDP. No matter what auth policy i tried. I see the credential provider is triiger POST /validate/check to server. Don’t know it’s my config issues or this provider Must need to work with Enterprise edition. (I’m testing this server, don’t want to use enterprise version now)

Thanks for your information.

cornelinux · September 23, 2018, 4:22pm

You need a subscription file for the credential provider.
You could install this subscription file to your current privacyIDEA server. Simple as that

John.Chung · September 24, 2018, 2:49am

Thanks Corenlinux
Your safe my time.

ramsayj74 · December 29, 2020, 3:23am

Hello -

I am trying to evaluate the credential provider; however the api post is failing with a 400 error code and now I am wondering if this file is valid.

2021-12-31_Dummy.Customer_privacyIDEA-CP.sub

======

POST /subscriptions/ HTTP/1.1
HOST: abc.university.edu
authorization: eyJ0eXAiOiJKV1QiLCJhbG…
content-type: application/json
content-length: 1300

{
“by_address”: “Ludwig-Erhard-Str. 12 / Kassel / Germany”,
“for_email”: “info@netknights.it”,
“for_address”: " / Kassel / DE",
“level”: “privacyIDEA Credential Provider (Small Business)”,
“for_url”: “http://www.netknights.it”,
“date_from”: “2020-11-30”,
“by_url”: “https://netknights.it”,
“for_phone”: “N/A”,
“by_email”: “support@netknights.it”,
“date_till”: “2021-12-31”,
“num_users”: 50,
“application”: “privacyIDEA-CP”,
“num_tokens”: 50,
“num_clients”: 50,
“signature”: “10026766335751403187989484907393166370083497212393672387918818602709111894901321932279104468360204436041077352037312736744900708702614022804306260817365212911951401452335106145370107416448943533849961194154840079773851648111307551970273522146482649990305889561868498674598633609034667311301688779215593647595040419468304379585164590257513395037116664414822504118672764676011004165059371195205389941223006230542261617311556787078363098047387286376817964396780120034151458967603976952906795978899747411646219900076809794279576811271694866746690572658406102641764207419544896284890032909945442598562824988871305782019009”,
“for_name”: “Dummy Customer”,
“by_phone”: “+49 561 3166 797”,
“for_comment”: "credential provider community demo. ",
“by_name”: “NetKnights GmbH”
}

Thanks,
-Jeff

cornelinux · December 29, 2020, 8:15am

This is the correct subscription.

“Error 400” is a bit sparse information. It should also contain an error message.
Maybe you are…

ramsayj74 · December 29, 2020, 1:07pm

Hello -

I am using the Chrome Advanced REST Client application which does accept the JSON data with single quotes. I reformatted the sub file with double quotes as shown in my last message which the api apparently does not support and is causing the non specific 400 error code.

Finally, I don’t know the best way to report that the pi-manage script is not decoding the Auth-Token string (b’eyJ0eXAiOiJK…’) which results in a bad authorization string on Red Hat based systems running Python 3.

grep ‘print("Auth-Token:’ pi-manage.mod
#print(“Auth-Token: {0!s}”.format(token))
print(“Auth-Token: {0!s}”.format(token.decode(‘utf-8’)))

Thanks,
-Jeff

cornelinux · December 29, 2020, 4:11pm

You probably have a badly formatted file when downloading it from Github.
I saw this once with a file transferred by an email client.

ramsayj74 · December 30, 2020, 2:55pm

Is this error a result of something we might be doing wrong?

[2020-12-30 09:53:03,381][1232][140410237236992][DEBUG][privacyidea.api.subscriptions:186] Entering api_set with arguments () and keywords {}
[2020-12-30 09:53:03,387][1232][140410237236992][INFO][privacyidea.api.lib.postpolicy:189] We only sign JSON response data.
[2020-12-30 09:53:03,396][1232][140410237236992][DEBUG][privacyidea.api.before_after:100] End handling of request ‘/subscriptions/?’

-Jeff

plettich · January 15, 2021, 1:59pm

There is nothing returned when uploading a subscription file. This is just an information that there was no response to be signed.