Is Privacyidea Enterprise must for windows credential provider

I’m testing Privacyidea Credential Provider but no luck. Tried different auth policy.
But always found error POST /validate/check SubscriptionError('No subscription for your client in server side
Is only Privacyidea Enterprise can work with credential provider?

Hi John,

you need to contact NetKnights to get a subscription for the credential provider.
If you want to run the Credential Provider productively, the privacyIDEA Enterprise Edition is a must - yes.

Kind regards

Disclaimer: Of course this is all open source and you could do it your own way…

Hi CorneLinux,

I am evaluating privacyidea in our environment. I already build the credential provider with VS2017. Just found that it show “SubscriptionError('No subscription for your client in server side” in my privacyidea server while RDP. No matter what auth policy i tried. I see the credential provider is triiger POST /validate/check to server. Don’t know it’s my config issues or this provider Must need to work with Enterprise edition. (I’m testing this server, don’t want to use enterprise version now)

Thanks for your information.

You need a subscription file for the credential provider.
You could install this subscription file to your current privacyIDEA server. Simple as that :wink:

Thanks Corenlinux
Your safe my time.

Hello -

I am trying to evaluate the credential provider; however the api post is failing with a 400 error code and now I am wondering if this file is valid.



POST /subscriptions/ HTTP/1.1
authorization: eyJ0eXAiOiJKV1QiLCJhbG…
content-type: application/json
content-length: 1300

“by_address”: “Ludwig-Erhard-Str. 12 / Kassel / Germany”,
“for_email”: “”,
“for_address”: " / Kassel / DE",
“level”: “privacyIDEA Credential Provider (Small Business)”,
“for_url”: “”,
“date_from”: “2020-11-30”,
“by_url”: “”,
“for_phone”: “N/A”,
“by_email”: “”,
“date_till”: “2021-12-31”,
“num_users”: 50,
“application”: “privacyIDEA-CP”,
“num_tokens”: 50,
“num_clients”: 50,
“signature”: “10026766335751403187989484907393166370083497212393672387918818602709111894901321932279104468360204436041077352037312736744900708702614022804306260817365212911951401452335106145370107416448943533849961194154840079773851648111307551970273522146482649990305889561868498674598633609034667311301688779215593647595040419468304379585164590257513395037116664414822504118672764676011004165059371195205389941223006230542261617311556787078363098047387286376817964396780120034151458967603976952906795978899747411646219900076809794279576811271694866746690572658406102641764207419544896284890032909945442598562824988871305782019009”,
“for_name”: “Dummy Customer”,
“by_phone”: “+49 561 3166 797”,
“for_comment”: "credential provider community demo. ",
“by_name”: “NetKnights GmbH”


This is the correct subscription.

“Error 400” is a bit sparse information. It should also contain an error message.
Maybe you are…

Hello -

I am using the Chrome Advanced REST Client application which does accept the JSON data with single quotes. I reformatted the sub file with double quotes as shown in my last message which the api apparently does not support and is causing the non specific 400 error code.


Finally, I don’t know the best way to report that the pi-manage script is not decoding the Auth-Token string (b’eyJ0eXAiOiJK…’) which results in a bad authorization string on Red Hat based systems running Python 3.

grep ‘print("Auth-Token:’ pi-manage.mod
#print(“Auth-Token: {0!s}”.format(token))
print(“Auth-Token: {0!s}”.format(token.decode(‘utf-8’)))


You probably have a badly formatted file when downloading it from Github.
I saw this once with a file transferred by an email client.

Is this error a result of something we might be doing wrong?

[2020-12-30 09:53:03,381][1232][140410237236992][DEBUG][privacyidea.api.subscriptions:186] Entering api_set with arguments () and keywords {}
[2020-12-30 09:53:03,387][1232][140410237236992][INFO][privacyidea.api.lib.postpolicy:189] We only sign JSON response data.
[2020-12-30 09:53:03,396][1232][140410237236992][DEBUG][privacyidea.api.before_after:100] End handling of request ‘/subscriptions/?’


There is nothing returned when uploading a subscription file. This is just an information that there was no response to be signed.