Issue with login_mode set to privacyIDEA

luca · September 4, 2018, 11:32am

Hi everyone,

my compliments and respect for the awesome product.
Actually I’m experiencing issue in privacyIDEA 2.23 WebUI authentication for users with TiQR token enrolled.
In past version was possible to insert username as login and PIN as password. After a TiQR Code was proposed to be scanned for completion of the authetication.
Actually with the latest stable version I always received Authetication failed / Authentication failure. Wrong Credential.

Auth-Failed

Here the log in debug mode, seems that the authentication is fine and the messages about Scan the QR code are in there but not present in the WebUI:

[2018-09-04 12:13:38,733][6037][140716246488960][DEBUG][privacyidea.lib.tokens.ocratoken:185] Entering is_challenge_request with arguments (<<class ‘privacyidea.lib.tokens.tiqrtoken.TiqrTokenClass’> {"‘token’": ‘<<class ‘privacyidea.models.Token’> {"‘active’": ‘True’, “‘count_window’”: ‘10’, “‘key_enc’”: "u’c6f501d81f7747ac77a87d6ac91e588030b001f62dc0fc7bed8ea1305233cf2cb1bb66869f49b7bce02aa7342d9606a5f344ef167abe612d6b6a8f39bf0031bc7c202af4823c91b2e693539e1a3c5a7cab9920349b272fd15a871ce921ecf6b07dc6b0d189b083173c08f75601d5543c5211873bf39da43684e90da069fc254d7dd87718ff087cd5032cf36166721140’", “‘pin_hash’”: “u’a5d43fa4ea5b91f407b1ea1d78a1fb90efeeeb942ec87751e7a2ea09e85af365’”, “‘so_pin’”: “u’’”, “‘user_id’”: “u’f3150715-410d-46bf-bf41-902b42b4a955’”, “‘otplen’”: ‘6’, “‘so_pin_iv’”: “u’’”, “‘serial’”: “u’TiQR00014B69’”, “‘revoked’”: ‘False’, “‘locked’”: ‘False’, “‘maxfail’”: ‘10’, “‘realm_list’”: ‘[<privacyidea.models.TokenRealm object at 0x7ffaf9d69e10>]’, “‘count’”: ‘0’, “‘pin_seed’”: “u’466115728ccab0f6516bb253bb8f796f’”, “‘sync_window’”: ‘1000’, “‘description’”: “u’’”, “‘resolver_type’”: “u’ldapresolver’”, “‘user_pin_iv’”: “u’’”, “‘user_pin’”: “u’’”, “‘rollout_state’”: “u’’”, “‘failcount’”: ‘0’, “’_sa_instance_state’”: ‘<sqlalchemy.orm.state.InstanceState object at 0x7ffaf9e5e8d0>’, “‘id’”: ‘64’, “‘resolver’”: “u’secure_qa’”, “‘key_iv’”: “u’b8449d4d0e4fb23dfa0bd6fd78d37950’”, “‘tokentype’”: “u’tiqr’”}>’, “‘init_details’”: ‘{}’, “‘type’”: “u’tiqr’”, “‘hKeyRequired’”: ‘False’, “‘auth_details’”: ‘{}’}>, u’9999’) and keywords {‘user’: User(login=u’luca’, realm=u’secure.qa’, resolver=u’secure_qa’), ‘options’: {u’username’: u’luca@secure.qa’, ‘clientip’: ‘xx.xx.xx.xx’, u’password’: u’9999’, ‘user’: User(login=u’luca’, realm=u’secure.qa’, resolver=u’secure_qa’), ‘g’: <flask.g of ‘privacyidea.app’>}}
[2018-09-04 12:13:38,734][6037][140716246488960][DEBUG][privacyidea.lib.policy:185] Entering get_action_values with arguments (<privacyidea.lib.policy.PolicyClass object at 0x7ffaff414910>, ‘otppin’) and keywords {‘realm’: u’secure.qa’, ‘client’: ‘xx.xx.xx.xx’, ‘user’: u’luca’, ‘resolver’: u’secure_qa’, ‘scope’: ‘authentication’, ‘unique’: True}
[2018-09-04 12:13:38,734][6037][140716246488960][DEBUG][privacyidea.lib.policy:185] Entering get_policies with arguments (<privacyidea.lib.policy.PolicyClass object at 0x7ffaff414910>,) and keywords {‘realm’: u’secure.qa’, ‘sort_by_priority’: True, ‘active’: True, ‘client’: ‘xx.xx.xx.xx’, ‘user’: u’luca’, ‘resolver’: u’secure_qa’, ‘action’: ‘otppin’, ‘scope’: ‘authentication’, ‘adminrealm’: None}
[2018-09-04 12:13:38,734][6037][140716246488960][DEBUG][privacyidea.lib.policy:490] Policies after matching time: [{‘time’: u’’, ‘user’: [], ‘resolver’: [], ‘active’: True, ‘adminrealm’: [], ‘condition’: 0, ‘realm’: [], ‘name’: u’hide_welcome’, ‘priority’: 1, ‘client’: [], ‘check_all_resolvers’: False, ‘action’: {u’hide_welcome_info’: True}, ‘scope’: u’webui’}, {‘time’: u’’, ‘user’: [], ‘resolver’: [u’secure_qa’], ‘active’: True, ‘adminrealm’: [], ‘condition’: 0, ‘realm’: [u’secure.qa’], ‘name’: u’webui1’, ‘priority’: 1, ‘client’: [], ‘check_all_resolvers’: False, ‘action’: {u’login_mode’: u’privacyIDEA’, u’logout_time’: u’240’}, ‘scope’: u’webui’}]
[2018-09-04 12:13:38,734][6037][140716246488960][DEBUG][privacyidea.lib.policy:500] Policies after matching active: [{‘time’: u’’, ‘user’: [], ‘resolver’: [], ‘active’: True, ‘adminrealm’: [], ‘condition’: 0, ‘realm’: [], ‘name’: u’hide_welcome’, ‘priority’: 1, ‘client’: [], ‘check_all_resolvers’: False, ‘action’: {u’hide_welcome_info’: True}, ‘scope’: u’webui’}, {‘time’: u’’, ‘user’: [], ‘resolver’: [u’secure_qa’], ‘active’: True, ‘adminrealm’: [], ‘condition’: 0, ‘realm’: [u’secure.qa’], ‘name’: u’webui1’, ‘priority’: 1, ‘client’: [], ‘check_all_resolvers’: False, ‘action’: {u’login_mode’: u’privacyIDEA’, u’logout_time’: u’240’}, ‘scope’: u’webui’}]
[2018-09-04 12:13:38,734][6037][140716246488960][DEBUG][privacyidea.lib.policy:500] Policies after matching scope: []
[2018-09-04 12:13:38,735][6037][140716246488960][DEBUG][privacyidea.lib.policy:524] Policies after matching action: []
[2018-09-04 12:13:38,735][6037][140716246488960][DEBUG][privacyidea.lib.policy:524] Policies after matching user: []
[2018-09-04 12:13:38,735][6037][140716246488960][DEBUG][privacyidea.lib.policy:524] Policies after matching realm: []
[2018-09-04 12:13:38,735][6037][140716246488960][DEBUG][privacyidea.lib.policy:559] Policies after matching resolver: []
[2018-09-04 12:13:38,735][6037][140716246488960][DEBUG][privacyidea.lib.policy:596] Policies after matching client
[2018-09-04 12:13:38,735][6037][140716246488960][DEBUG][privacyidea.lib.policy:197] Exiting get_policies with result []
[2018-09-04 12:13:38,736][6037][140716246488960][DEBUG][privacyidea.lib.policy:197] Exiting get_action_values with result []
[2018-09-04 12:13:38,736][6037][140716246488960][DEBUG][privacyidea.models:401] we got a hashed PIN!
[2018-09-04 12:13:38,736][6037][140716246488960][DEBUG][privacyidea.lib.crypto:188] Entering hash with arguments HIDDEN and keywords HIDDEN
[2018-09-04 12:13:38,736][6037][140716246488960][DEBUG][privacyidea.lib.crypto:257] hash()
[2018-09-04 12:13:38,736][6037][140716246488960][DEBUG][privacyidea.lib.crypto:199] Exiting hash with result HIDDEN
[2018-09-04 12:13:38,737][6037][140716246488960][DEBUG][privacyidea.models:361] hPin: a5d43fa4ea5b91f407b1ea1d78a1fb90efeeeb942ec87751e7a2ea09e85af365, pin: u’9999’, seed: 466115728ccab0f6516bb253bb8f796f
[2018-09-04 12:13:38,737][6037][140716246488960][DEBUG][privacyidea.lib.tokens.ocratoken:197] Exiting is_challenge_request with result True
[2018-09-04 12:13:38,743][6037][140716246488960][DEBUG][privacyidea.lib.config:185] Entering get_from_config with arguments (‘failcounter_clear_timeout’, 0) and keywords {}
[2018-09-04 12:13:38,743][6037][140716246488960][DEBUG][privacyidea.lib.config:72] The singleton <class ‘privacyidea.lib.config.ConfigClass’> already exists.
[2018-09-04 12:13:38,746][6037][140716246488960][DEBUG][privacyidea.lib.config:197] Exiting get_from_config with result 0
[2018-09-04 12:13:38,747][6037][140716246488960][DEBUG][privacyidea.lib.config:185] Entering get_from_config with arguments (‘DefaultChallengeValidityTime’, 120) and keywords {}
[2018-09-04 12:13:38,748][6037][140716246488960][DEBUG][privacyidea.lib.config:72] The singleton <class ‘privacyidea.lib.config.ConfigClass’> already exists.
[2018-09-04 12:13:38,751][6037][140716246488960][DEBUG][privacyidea.lib.config:197] Exiting get_from_config with result 120
[2018-09-04 12:13:38,751][6037][140716246488960][DEBUG][privacyidea.lib.config:185] Entering get_from_config with arguments (u’TiqrChallengeValidityTime’, 120) and keywords {}
[2018-09-04 12:13:38,751][6037][140716246488960][DEBUG][privacyidea.lib.config:72] The singleton <class ‘privacyidea.lib.config.ConfigClass’> already exists.
[2018-09-04 12:13:38,754][6037][140716246488960][DEBUG][privacyidea.lib.config:197] Exiting get_from_config with result 120
[2018-09-04 12:13:38,754][6037][140716246488960][DEBUG][privacyidea.lib.user:185] Entering get_username with arguments (u’f3150715-410d-46bf-bf41-902b42b4a955’, u’secure_qa’) and keywords {}
[2018-09-04 12:13:38,755][6037][140716246488960][DEBUG][privacyidea.lib.config:185] Entering get_from_config with arguments (‘UserCacheExpiration’, ‘0’) and keywords {}
[2018-09-04 12:13:38,755][6037][140716246488960][DEBUG][privacyidea.lib.config:72] The singleton <class ‘privacyidea.lib.config.ConfigClass’> already exists.
[2018-09-04 12:13:38,758][6037][140716246488960][DEBUG][privacyidea.lib.config:197] Exiting get_from_config with result 0
[2018-09-04 12:13:38,758][6037][140716246488960][DEBUG][privacyidea.lib.resolver:185] Entering get_resolver_object with arguments (u’secure_qa’,) and keywords {}
[2018-09-04 12:13:38,759][6037][140716246488960][DEBUG][privacyidea.lib.resolver:185] Entering get_resolver_list with arguments () and keywords {‘filter_resolver_name’: u’secure_qa’}
[2018-09-04 12:13:38,759][6037][140716246488960][DEBUG][privacyidea.lib.config:72] The singleton <class ‘privacyidea.lib.config.ConfigClass’> already exists.
[2018-09-04 12:13:38,761][6037][140716246488960][DEBUG][privacyidea.lib.resolver:199] Exiting get_resolver_list with result HIDDEN
[2018-09-04 12:13:38,762][6037][140716246488960][DEBUG][privacyidea.lib.config:185] Entering get_resolver_list with arguments () and keywords {}
[2018-09-04 12:13:38,762][6037][140716246488960][DEBUG][privacyidea.lib.config:549] None
[2018-09-04 12:13:38,762][6037][140716246488960][DEBUG][privacyidea.lib.config:197] Exiting get_resolver_list with result set([‘privacyidea.lib.resolvers.PasswdIdResolver’, ‘privacyidea.lib.resolvers.SCIMIdResolver’, ‘privacyidea.lib.resolvers.SQLIdResolver’, ‘privacyidea.lib.resolvers.LDAPIdResolver’])
[2018-09-04 12:13:38,762][6037][140716246488960][DEBUG][privacyidea.lib.config:683] using the module list: set([‘privacyidea.lib.resolvers.PasswdIdResolver’, ‘privacyidea.lib.resolvers.SCIMIdResolver’, ‘privacyidea.lib.resolvers.SQLIdResolver’, ‘privacyidea.lib.resolvers.LDAPIdResolver’])
[2018-09-04 12:13:38,763][6037][140716246488960][DEBUG][privacyidea.lib.config:691] import module: privacyidea.lib.resolvers.PasswdIdResolver
[2018-09-04 12:13:38,763][6037][140716246488960][DEBUG][privacyidea.lib.config:691] import module: privacyidea.lib.resolvers.SCIMIdResolver
[2018-09-04 12:13:38,763][6037][140716246488960][DEBUG][privacyidea.lib.config:691] import module: privacyidea.lib.resolvers.SQLIdResolver
[2018-09-04 12:13:38,763][6037][140716246488960][DEBUG][privacyidea.lib.config:691] import module: privacyidea.lib.resolvers.LDAPIdResolver
[2018-09-04 12:13:38,763][6037][140716246488960][DEBUG][privacyidea.lib.config:503] module: <module ‘privacyidea.lib.resolvers.PasswdIdResolver’ from ‘/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/PasswdIdResolver.pyc’>
[2018-09-04 12:13:38,763][6037][140716246488960][DEBUG][privacyidea.lib.config:503] module: <module ‘privacyidea.lib.resolvers.SCIMIdResolver’ from ‘/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/SCIMIdResolver.pyc’>
[2018-09-04 12:13:38,764][6037][140716246488960][DEBUG][privacyidea.lib.config:503] module: <module ‘privacyidea.lib.resolvers.SQLIdResolver’ from ‘/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/SQLIdResolver.pyc’>
[2018-09-04 12:13:38,764][6037][140716246488960][DEBUG][privacyidea.lib.config:503] module: <module ‘privacyidea.lib.resolvers.LDAPIdResolver’ from ‘/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/LDAPIdResolver.pyc’>
[2018-09-04 12:13:38,764][6037][140716246488960][DEBUG][privacyidea.lib.resolver:197] Exiting get_resolver_object with result <privacyidea.lib.resolvers.LDAPIdResolver.IdResolver object at 0x7ffafa6a7050>
[2018-09-04 12:13:38,765][6037][140716246488960][DEBUG][privacyidea.lib.resolvers.LDAPIdResolver:205] Reading u’f3150715-410d-46bf-bf41-902b42b4a955’ from cache for ‘getUserInfo’
[2018-09-04 12:13:38,765][6037][140716246488960][DEBUG][privacyidea.lib.user:197] Exiting get_username with result luca
[2018-09-04 12:13:38,765][6037][140716246488960][DEBUG][privacyidea.lib.user:185] Entering User with arguments () and keywords {‘login’: u’luca’, ‘realm’: u’secure.qa’, ‘resolver’: u’secure_qa’}
[2018-09-04 12:13:38,765][6037][140716246488960][DEBUG][privacyidea.lib.config:185] Entering get_from_config with arguments (‘UserCacheExpiration’, ‘0’) and keywords {}
[2018-09-04 12:13:38,765][6037][140716246488960][DEBUG][privacyidea.lib.config:72] The singleton <class ‘privacyidea.lib.config.ConfigClass’> already exists.
[2018-09-04 12:13:38,769][6037][140716246488960][DEBUG][privacyidea.lib.config:197] Exiting get_from_config with result 0
[2018-09-04 12:13:38,769][6037][140716246488960][DEBUG][privacyidea.lib.resolver:185] Entering get_resolver_object with arguments (u’secure_qa’,) and keywords {}
[2018-09-04 12:13:38,769][6037][140716246488960][DEBUG][privacyidea.lib.resolver:185] Entering get_resolver_list with arguments () and keywords {‘filter_resolver_name’: u’secure_qa’}
[2018-09-04 12:13:38,769][6037][140716246488960][DEBUG][privacyidea.lib.config:72] The singleton <class ‘privacyidea.lib.config.ConfigClass’> already exists.
[2018-09-04 12:13:38,772][6037][140716246488960][DEBUG][privacyidea.lib.resolver:199] Exiting get_resolver_list with result HIDDEN
[2018-09-04 12:13:38,772][6037][140716246488960][DEBUG][privacyidea.lib.config:185] Entering get_resolver_list with arguments () and keywords {}
[2018-09-04 12:13:38,773][6037][140716246488960][DEBUG][privacyidea.lib.config:549] None
[2018-09-04 12:13:38,773][6037][140716246488960][DEBUG][privacyidea.lib.config:197] Exiting get_resolver_list with result set([‘privacyidea.lib.resolvers.PasswdIdResolver’, ‘privacyidea.lib.resolvers.SCIMIdResolver’, ‘privacyidea.lib.resolvers.SQLIdResolver’, ‘privacyidea.lib.resolvers.LDAPIdResolver’])
[2018-09-04 12:13:38,773][6037][140716246488960][DEBUG][privacyidea.lib.config:683] using the module list: set([‘privacyidea.lib.resolvers.PasswdIdResolver’, ‘privacyidea.lib.resolvers.SCIMIdResolver’, ‘privacyidea.lib.resolvers.SQLIdResolver’, ‘privacyidea.lib.resolvers.LDAPIdResolver’])
[2018-09-04 12:13:38,773][6037][140716246488960][DEBUG][privacyidea.lib.config:691] import module: privacyidea.lib.resolvers.PasswdIdResolver
[2018-09-04 12:13:38,773][6037][140716246488960][DEBUG][privacyidea.lib.config:691] import module: privacyidea.lib.resolvers.SCIMIdResolver
[2018-09-04 12:13:38,773][6037][140716246488960][DEBUG][privacyidea.lib.config:691] import module: privacyidea.lib.resolvers.SQLIdResolver
[2018-09-04 12:13:38,774][6037][140716246488960][DEBUG][privacyidea.lib.config:691] import module: privacyidea.lib.resolvers.LDAPIdResolver
[2018-09-04 12:13:38,774][6037][140716246488960][DEBUG][privacyidea.lib.config:503] module: <module ‘privacyidea.lib.resolvers.PasswdIdResolver’ from ‘/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/PasswdIdResolver.pyc’>
[2018-09-04 12:13:38,774][6037][140716246488960][DEBUG][privacyidea.lib.config:503] module: <module ‘privacyidea.lib.resolvers.SCIMIdResolver’ from ‘/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/SCIMIdResolver.pyc’>
[2018-09-04 12:13:38,774][6037][140716246488960][DEBUG][privacyidea.lib.config:503] module: <module ‘privacyidea.lib.resolvers.SQLIdResolver’ from ‘/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/SQLIdResolver.pyc’>
[2018-09-04 12:13:38,775][6037][140716246488960][DEBUG][privacyidea.lib.config:503] module: <module ‘privacyidea.lib.resolvers.LDAPIdResolver’ from ‘/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/LDAPIdResolver.pyc’>
[2018-09-04 12:13:38,775][6037][140716246488960][DEBUG][privacyidea.lib.resolver:197] Exiting get_resolver_object with result <privacyidea.lib.resolvers.LDAPIdResolver.IdResolver object at 0x7ffafa6a7050>
[2018-09-04 12:13:38,775][6037][140716246488960][DEBUG][privacyidea.lib.resolvers.LDAPIdResolver:205] Reading u’luca’ from cache for ‘getUserId’
[2018-09-04 12:13:38,776][6037][140716246488960][DEBUG][privacyidea.lib.resolver:185] Entering get_resolver_list with arguments () and keywords {‘filter_resolver_name’: u’secure_qa’}
[2018-09-04 12:13:38,776][6037][140716246488960][DEBUG][privacyidea.lib.config:72] The singleton <class ‘privacyidea.lib.config.ConfigClass’> already exists.
[2018-09-04 12:13:38,779][6037][140716246488960][DEBUG][privacyidea.lib.resolver:199] Exiting get_resolver_list with result HIDDEN
[2018-09-04 12:13:38,779][6037][140716246488960][DEBUG][privacyidea.lib.user:197] Exiting User with result luca.secure_qa@secure.qa
[2018-09-04 12:13:38,780][6037][140716246488960][DEBUG][privacyidea.lib.resolver:185] Entering get_resolver_object with arguments (u’secure_qa’,) and keywords {}
[2018-09-04 12:13:38,780][6037][140716246488960][DEBUG][privacyidea.lib.resolver:185] Entering get_resolver_list with arguments () and keywords {‘filter_resolver_name’: u’secure_qa’}
[2018-09-04 12:13:38,780][6037][140716246488960][DEBUG][privacyidea.lib.config:72] The singleton <class ‘privacyidea.lib.config.ConfigClass’> already exists.
[2018-09-04 12:13:38,784][6037][140716246488960][DEBUG][privacyidea.lib.resolver:199] Exiting get_resolver_list with result HIDDEN
[2018-09-04 12:13:38,784][6037][140716246488960][DEBUG][privacyidea.lib.config:185] Entering get_resolver_list with arguments () and keywords {}
[2018-09-04 12:13:38,784][6037][140716246488960][DEBUG][privacyidea.lib.config:549] None
[2018-09-04 12:13:38,784][6037][140716246488960][DEBUG][privacyidea.lib.config:197] Exiting get_resolver_list with result set([‘privacyidea.lib.resolvers.PasswdIdResolver’, ‘privacyidea.lib.resolvers.SCIMIdResolver’, ‘privacyidea.lib.resolvers.SQLIdResolver’, ‘privacyidea.lib.resolvers.LDAPIdResolver’])
[2018-09-04 12:13:38,785][6037][140716246488960][DEBUG][privacyidea.lib.config:683] using the module list: set([‘privacyidea.lib.resolvers.PasswdIdResolver’, ‘privacyidea.lib.resolvers.SCIMIdResolver’, ‘privacyidea.lib.resolvers.SQLIdResolver’, ‘privacyidea.lib.resolvers.LDAPIdResolver’])
[2018-09-04 12:13:38,785][6037][140716246488960][DEBUG][privacyidea.lib.config:691] import module: privacyidea.lib.resolvers.PasswdIdResolver
[2018-09-04 12:13:38,785][6037][140716246488960][DEBUG][privacyidea.lib.config:691] import module: privacyidea.lib.resolvers.SCIMIdResolver
[2018-09-04 12:13:38,785][6037][140716246488960][DEBUG][privacyidea.lib.config:691] import module: privacyidea.lib.resolvers.SQLIdResolver
[2018-09-04 12:13:38,785][6037][140716246488960][DEBUG][privacyidea.lib.config:691] import module: privacyidea.lib.resolvers.LDAPIdResolver
[2018-09-04 12:13:38,786][6037][140716246488960][DEBUG][privacyidea.lib.config:503] module: <module ‘privacyidea.lib.resolvers.PasswdIdResolver’ from ‘/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/PasswdIdResolver.pyc’>
[2018-09-04 12:13:38,786][6037][140716246488960][DEBUG][privacyidea.lib.config:503] module: <module ‘privacyidea.lib.resolvers.SCIMIdResolver’ from ‘/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/SCIMIdResolver.pyc’>
[2018-09-04 12:13:38,786][6037][140716246488960][DEBUG][privacyidea.lib.config:503] module: <module ‘privacyidea.lib.resolvers.SQLIdResolver’ from ‘/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/SQLIdResolver.pyc’>
[2018-09-04 12:13:38,786][6037][140716246488960][DEBUG][privacyidea.lib.config:503] module: <module ‘privacyidea.lib.resolvers.LDAPIdResolver’ from ‘/usr/lib/python2.7/dist-packages/privacyidea/lib/resolvers/LDAPIdResolver.pyc’>
[2018-09-04 12:13:38,787][6037][140716246488960][DEBUG][privacyidea.lib.resolver:197] Exiting get_resolver_object with result <privacyidea.lib.resolvers.LDAPIdResolver.IdResolver object at 0x7ffafa6a7050>
[2018-09-04 12:13:38,787][6037][140716246488960][DEBUG][privacyidea.lib.resolvers.LDAPIdResolver:205] Reading ‘f3150715-410d-46bf-bf41-902b42b4a955’ from cache for ‘getUserInfo’
[2018-09-04 12:13:38,787][6037][140716246488960][DEBUG][privacyidea.lib.config:185] Entering get_from_config with arguments (‘tiqr.serviceIdentifier’,) and keywords {}
[2018-09-04 12:13:38,787][6037][140716246488960][DEBUG][privacyidea.lib.config:72] The singleton <class ‘privacyidea.lib.config.ConfigClass’> already exists.
[2018-09-04 12:13:38,792][6037][140716246488960][DEBUG][privacyidea.lib.config:197] Exiting get_from_config with result None
[2018-09-04 12:13:38,792][6037][140716246488960][DEBUG][privacyidea.models:185] Entering init with arguments (<privacyidea.models.Challenge object at 0x7ffaf9e4e310>, u’TiQR00014B69’) and keywords {‘challenge’: ‘0846445280’, ‘session’: None, ‘data’: None, ‘validitytime’: 120, ‘transaction_id’: None}
[2018-09-04 12:13:38,793][6037][140716246488960][DEBUG][privacyidea.models:197] Exiting init with result None
[2018-09-04 12:13:38,919][6037][140716246488960][DEBUG][privacyidea.lib.token:197] Exiting check_token_list with result (False, {‘attributes’: {‘hideResponseInput’: True, ‘poll’: True, ‘value’: u’tiqrauth://luca_secure.qa@org.privacyidea/07157763190327469959/0846445280’, ‘img’: ‘data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZoAAAGaAQAAAAAefbjOAAADH0lEQVR4nO2bTY60NhCGn4qReglSDjBHgRvkSFEfKTfAR5kDfBJejuTWm4VtYGa+zaQV+q+86AbDI7lEyVV+yzbx4xb/+DkDDjnkkEMOOeTQc0JWW4dNyYxoHWbWQbQOSO2F6SbDc+h4aJQkLaDzEGR/K8OoXB7aRJAk6TN03PAcOg7q6n8aYPwHbNTFFC1kRQu53JLAIOTDh+fQ4VD35V5x+IWNAkaBIHxfn965TQ5dA331CMb3DpEGgJCN/lf3zSXu3CaHroGaR/SCEhx6QZxChjQY6xyxd4s7t8mhayD2GSNBjMvvftoLoyTNd26TQ9dAZY7YJgDFIQB9RqTW93mGuHubHLoesilV2YFxuVjtAzT3HwZcDFJX+h7EJoeuh+JbxiaAaGbEt48iSVV/obrKQ9nk0FVQ6tD5TariVOrQ2WruadO2Dn0kmxz6YVvziFwECEhWRAmR/sw2Cow+d4pvH6ajh+fQ4VBZa2gmSFqCJGU091XFLk+1QHkgX2u8CtR/tMQhnQQE6Wwn2UTNMYlDKLcPY5ND/wVa9YggzQD0kuY+fxIqeqn8uB7x9FALBOWb532flGFc1rJn37rdI54ZqlPB2L4+47J5RJ0tKDOIzxEvAa2ZJRSlsuaY7fEqYDfPcY94FShIc+qKC9gEaAZqRrEENZnqRsNz6ChoXV+2haeUqRlFcQbqlUeNF4TSScQBNKeTaiGjl6T3jq3g8Vg2OfTDtt8xE//KGJxkdfvUpVO0dS/dLYbn0OHQ1/0RNXQslByzCJclYCzBo8YLQDvtoelSmapGLdQ8YlyCK1SvArU5os9tpbm6RdEodsKl1zVeAdqrUTvFod/Oa9RYsTmIe8QLQNuZrtLG93qcqwaR1JVK142G59Dx0FhECdB5oHz9qksBu4LHfJvhOXR8XWOhVbUWWsAoovbaeo8aLwnFoV5I68b8rQ528+E59H9DX890GdSzfetVJg6LDC7t5Tu3yaFroH1NUy1qlCKXthM8Taby1efzQ78/01Vav22cgLYEdY94cujbmS7In2+Dthd8L7ZDDjnkkEMOObS1fwFQQ3RbQf7NCwAAAABJRU5ErkJggg==’}, ‘multi_challenge’: [{‘attributes’: {‘hideResponseInput’: True, ‘poll’: True, ‘value’: u’tiqrauth://luca_secure.qa@org.privacyidea/07157763190327469959/0846445280’, ‘img’: ‘data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZoAAAGaAQAAAAAefbjOAAADH0lEQVR4nO2bTY60NhCGn4qReglSDjBHgRvkSFEfKTfAR5kDfBJejuTWm4VtYGa+zaQV+q+86AbDI7lEyVV+yzbx4xb/+DkDDjnkkEMOOeTQc0JWW4dNyYxoHWbWQbQOSO2F6SbDc+h4aJQkLaDzEGR/K8OoXB7aRJAk6TN03PAcOg7q6n8aYPwHbNTFFC1kRQu53JLAIOTDh+fQ4VD35V5x+IWNAkaBIHxfn965TQ5dA331CMb3DpEGgJCN/lf3zSXu3CaHroGaR/SCEhx6QZxChjQY6xyxd4s7t8mhayD2GSNBjMvvftoLoyTNd26TQ9dAZY7YJgDFIQB9RqTW93mGuHubHLoesilV2YFxuVjtAzT3HwZcDFJX+h7EJoeuh+JbxiaAaGbEt48iSVV/obrKQ9nk0FVQ6tD5TariVOrQ2WruadO2Dn0kmxz6YVvziFwECEhWRAmR/sw2Cow+d4pvH6ajh+fQ4VBZa2gmSFqCJGU091XFLk+1QHkgX2u8CtR/tMQhnQQE6Wwn2UTNMYlDKLcPY5ND/wVa9YggzQD0kuY+fxIqeqn8uB7x9FALBOWb532flGFc1rJn37rdI54ZqlPB2L4+47J5RJ0tKDOIzxEvAa2ZJRSlsuaY7fEqYDfPcY94FShIc+qKC9gEaAZqRrEENZnqRsNz6ChoXV+2haeUqRlFcQbqlUeNF4TSScQBNKeTaiGjl6T3jq3g8Vg2OfTDtt8xE//KGJxkdfvUpVO0dS/dLYbn0OHQ1/0RNXQslByzCJclYCzBo8YLQDvtoelSmapGLdQ8YlyCK1SvArU5os9tpbm6RdEodsKl1zVeAdqrUTvFod/Oa9RYsTmIe8QLQNuZrtLG93qcqwaR1JVK142G59Dx0FhECdB5oHz9qksBu4LHfJvhOXR8XWOhVbUWWsAoovbaeo8aLwnFoV5I68b8rQ528+E59H9DX890GdSzfetVJg6LDC7t5Tu3yaFroH1NUy1qlCKXthM8Taby1efzQ78/01Vav22cgLYEdY94cujbmS7In2+Dthd8L7ZDDjnkkEMOObS1fwFQQ3RbQf7NCwAAAABJRU5ErkJggg==’}, ‘serial’: u’TiQR00014B69’, ‘transaction_id’: u’07157763190327469959’}], ‘transaction_id’: u’07157763190327469959’, ‘message’: u’Please scan the QR Code’, ‘serial’: u’TiQR00014B69’})
[2018-09-04 12:13:38,920][6037][140716246488960][DEBUG][privacyidea.lib.token:197] Exiting check_user_pass with result (False, {‘attributes’: {‘hideResponseInput’: True, ‘poll’: True, ‘value’: u’tiqrauth://luca_secure.qa@org.privacyidea/07157763190327469959/0846445280’, ‘img’: ‘data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZoAAAGaAQAAAAAefbjOAAADH0lEQVR4nO2bTY60NhCGn4qReglSDjBHgRvkSFEfKTfAR5kDfBJejuTWm4VtYGa+zaQV+q+86AbDI7lEyVV+yzbx4xb/+DkDDjnkkEMOOeTQc0JWW4dNyYxoHWbWQbQOSO2F6SbDc+h4aJQkLaDzEGR/K8OoXB7aRJAk6TN03PAcOg7q6n8aYPwHbNTFFC1kRQu53JLAIOTDh+fQ4VD35V5x+IWNAkaBIHxfn965TQ5dA331CMb3DpEGgJCN/lf3zSXu3CaHroGaR/SCEhx6QZxChjQY6xyxd4s7t8mhayD2GSNBjMvvftoLoyTNd26TQ9dAZY7YJgDFIQB9RqTW93mGuHubHLoesilV2YFxuVjtAzT3HwZcDFJX+h7EJoeuh+JbxiaAaGbEt48iSVV/obrKQ9nk0FVQ6tD5TariVOrQ2WruadO2Dn0kmxz6YVvziFwECEhWRAmR/sw2Cow+d4pvH6ajh+fQ4VBZa2gmSFqCJGU091XFLk+1QHkgX2u8CtR/tMQhnQQE6Wwn2UTNMYlDKLcPY5ND/wVa9YggzQD0kuY+fxIqeqn8uB7x9FALBOWb532flGFc1rJn37rdI54ZqlPB2L4+47J5RJ0tKDOIzxEvAa2ZJRSlsuaY7fEqYDfPcY94FShIc+qKC9gEaAZqRrEENZnqRsNz6ChoXV+2haeUqRlFcQbqlUeNF4TSScQBNKeTaiGjl6T3jq3g8Vg2OfTDtt8xE//KGJxkdfvUpVO0dS/dLYbn0OHQ1/0RNXQslByzCJclYCzBo8YLQDvtoelSmapGLdQ8YlyCK1SvArU5os9tpbm6RdEodsKl1zVeAdqrUTvFod/Oa9RYsTmIe8QLQNuZrtLG93qcqwaR1JVK142G59Dx0FhECdB5oHz9qksBu4LHfJvhOXR8XWOhVbUWWsAoovbaeo8aLwnFoV5I68b8rQ528+E59H9DX890GdSzfetVJg6LDC7t5Tu3yaFroH1NUy1qlCKXthM8Taby1efzQ78/01Vav22cgLYEdY94cujbmS7In2+Dthd8L7ZDDjnkkEMOObS1fwFQQ3RbQf7NCwAAAABJRU5ErkJggg==’}, ‘multi_challenge’: [{‘attributes’: {‘hideResponseInput’: True, ‘poll’: True, ‘value’: u’tiqrauth://luca_secure.qa@org.privacyidea/07157763190327469959/0846445280’, ‘img’: ‘data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZoAAAGaAQAAAAAefbjOAAADH0lEQVR4nO2bTY60NhCGn4qReglSDjBHgRvkSFEfKTfAR5kDfBJejuTWm4VtYGa+zaQV+q+86AbDI7lEyVV+yzbx4xb/+DkDDjnkkEMOOeTQc0JWW4dNyYxoHWbWQbQOSO2F6SbDc+h4aJQkLaDzEGR/K8OoXB7aRJAk6TN03PAcOg7q6n8aYPwHbNTFFC1kRQu53JLAIOTDh+fQ4VD35V5x+IWNAkaBIHxfn965TQ5dA331CMb3DpEGgJCN/lf3zSXu3CaHroGaR/SCEhx6QZxChjQY6xyxd4s7t8mhayD2GSNBjMvvftoLoyTNd26TQ9dAZY7YJgDFIQB9RqTW93mGuHubHLoesilV2YFxuVjtAzT3HwZcDFJX+h7EJoeuh+JbxiaAaGbEt48iSVV/obrKQ9nk0FVQ6tD5TariVOrQ2WruadO2Dn0kmxz6YVvziFwECEhWRAmR/sw2Cow+d4pvH6ajh+fQ4VBZa2gmSFqCJGU091XFLk+1QHkgX2u8CtR/tMQhnQQE6Wwn2UTNMYlDKLcPY5ND/wVa9YggzQD0kuY+fxIqeqn8uB7x9FALBOWb532flGFc1rJn37rdI54ZqlPB2L4+47J5RJ0tKDOIzxEvAa2ZJRSlsuaY7fEqYDfPcY94FShIc+qKC9gEaAZqRrEENZnqRsNz6ChoXV+2haeUqRlFcQbqlUeNF4TSScQBNKeTaiGjl6T3jq3g8Vg2OfTDtt8xE//KGJxkdfvUpVO0dS/dLYbn0OHQ1/0RNXQslByzCJclYCzBo8YLQDvtoelSmapGLdQ8YlyCK1SvArU5os9tpbm6RdEodsKl1zVeAdqrUTvFod/Oa9RYsTmIe8QLQNuZrtLG93qcqwaR1JVK142G59Dx0FhECdB5oHz9qksBu4LHfJvhOXR8XWOhVbUWWsAoovbaeo8aLwnFoV5I68b8rQ528+E59H9DX890GdSzfetVJg6LDC7t5Tu3yaFroH1NUy1qlCKXthM8Taby1efzQ78/01Vav22cgLYEdY94cujbmS7In2+Dthd8L7ZDDjnkkEMOObS1fwFQQ3RbQf7NCwAAAABJRU5ErkJggg==’}, ‘serial’: u’TiQR00014B69’, ‘transaction_id’: u’07157763190327469959’}], ‘transaction_id’: u’07157763190327469959’, ‘message’: u’Please scan the QR Code’, ‘serial’: u’TiQR00014B69’})
[2018-09-04 12:13:38,920][6037][140716246488960][DEBUG][privacyidea.lib.policy:185] Entering get_action_values with arguments (<privacyidea.lib.policy.PolicyClass object at 0x7ffaff414910>,) and keywords {‘realm’: u’secure.qa’, ‘client’: ‘xx.xx.xx.xx’, ‘user’: u’luca’, ‘resolver’: u’secure_qa’, ‘action’: ‘auth_max_success’, ‘scope’: ‘authorization’, ‘unique’: True}
[2018-09-04 12:13:38,921][6037][140716246488960][DEBUG][privacyidea.lib.policy:185] Entering get_policies with arguments (<privacyidea.lib.policy.PolicyClass object at 0x7ffaff414910>,) and keywords {‘realm’: u’secure.qa’, ‘sort_by_priority’: True, ‘active’: True, ‘client’: ‘xx.xx.xx.xx’, ‘user’: u’luca’, ‘resolver’: u’secure_qa’, ‘action’: ‘auth_max_success’, ‘scope’: ‘authorization’, ‘adminrealm’: None}
[2018-09-04 12:13:38,921][6037][140716246488960][DEBUG][privacyidea.lib.policy:490] Policies after matching time: [{‘time’: u’’, ‘user’: [], ‘resolver’: [], ‘active’: True, ‘adminrealm’: [], ‘condition’: 0, ‘realm’: [], ‘name’: u’hide_welcome’, ‘priority’: 1, ‘client’: [], ‘check_all_resolvers’: False, ‘action’: {u’hide_welcome_info’: True}, ‘scope’: u’webui’}, {‘time’: u’’, ‘user’: [], ‘resolver’: [u’secure_qa’], ‘active’: True, ‘adminrealm’: [], ‘condition’: 0, ‘realm’: [u’secure.qa’], ‘name’: u’webui1’, ‘priority’: 1, ‘client’: [], ‘check_all_resolvers’: False, ‘action’: {u’login_mode’: u’privacyIDEA’, u’logout_time’: u’240’}, ‘scope’: u’webui’}]
[2018-09-04 12:13:38,921][6037][140716246488960][DEBUG][privacyidea.lib.policy:500] Policies after matching active: [{‘time’: u’’, ‘user’: [], ‘resolver’: [], ‘active’: True, ‘adminrealm’: [], ‘condition’: 0, ‘realm’: [], ‘name’: u’hide_welcome’, ‘priority’: 1, ‘client’: [], ‘check_all_resolvers’: False, ‘action’: {u’hide_welcome_info’: True}, ‘scope’: u’webui’}, {‘time’: u’’, ‘user’: [], ‘resolver’: [u’secure_qa’], ‘active’: True, ‘adminrealm’: [], ‘condition’: 0, ‘realm’: [u’secure.qa’], ‘name’: u’webui1’, ‘priority’: 1, ‘client’: [], ‘check_all_resolvers’: False, ‘action’: {u’login_mode’: u’privacyIDEA’, u’logout_time’: u’240’}, ‘scope’: u’webui’}]
[2018-09-04 12:13:38,921][6037][140716246488960][DEBUG][privacyidea.lib.policy:500] Policies after matching scope: []
[2018-09-04 12:13:38,921][6037][140716246488960][DEBUG][privacyidea.lib.policy:524] Policies after matching action: []
[2018-09-04 12:13:38,922][6037][140716246488960][DEBUG][privacyidea.lib.policy:524] Policies after matching user: []
[2018-09-04 12:13:38,922][6037][140716246488960][DEBUG][privacyidea.lib.policy:524] Policies after matching realm: []
[2018-09-04 12:13:38,922][6037][140716246488960][DEBUG][privacyidea.lib.policy:559] Policies after matching resolver: []
[2018-09-04 12:13:38,922][6037][140716246488960][DEBUG][privacyidea.lib.policy:596] Policies after matching client
[2018-09-04 12:13:38,922][6037][140716246488960][DEBUG][privacyidea.lib.policy:197] Exiting get_policies with result []
[2018-09-04 12:13:38,922][6037][140716246488960][DEBUG][privacyidea.lib.policy:197] Exiting get_action_values with result []
[2018-09-04 12:13:38,923][6037][140716246488960][DEBUG][privacyidea.lib.policy:185] Entering get_action_values with arguments (<privacyidea.lib.policy.PolicyClass object at 0x7ffaff414910>,) and keywords {‘realm’: u’secure.qa’, ‘client’: ‘xx.xx.xx.xx’, ‘user’: u’luca’, ‘resolver’: u’secure_qa’, ‘action’: ‘auth_max_fail’, ‘scope’: ‘authorization’, ‘unique’: True}
[2018-09-04 12:13:38,923][6037][140716246488960][DEBUG][privacyidea.lib.policy:185] Entering get_policies with arguments (<privacyidea.lib.policy.PolicyClass object at 0x7ffaff414910>,) and keywords {‘realm’: u’secure.qa’, ‘sort_by_priority’: True, ‘active’: True, ‘client’: ‘xx.xx.xx.xx’, ‘user’: u’luca’, ‘resolver’: u’secure_qa’, ‘action’: ‘auth_max_fail’, ‘scope’: ‘authorization’, ‘adminrealm’: None}
[2018-09-04 12:13:38,923][6037][140716246488960][DEBUG][privacyidea.lib.policy:490] Policies after matching time: [{‘time’: u’’, ‘user’: [], ‘resolver’: [], ‘active’: True, ‘adminrealm’: [], ‘condition’: 0, ‘realm’: [], ‘name’: u’hide_welcome’, ‘priority’: 1, ‘client’: [], ‘check_all_resolvers’: False, ‘action’: {u’hide_welcome_info’: True}, ‘scope’: u’webui’}, {‘time’: u’’, ‘user’: [], ‘resolver’: [u’secure_qa’], ‘active’: True, ‘adminrealm’: [], ‘condition’: 0, ‘realm’: [u’secure.qa’], ‘name’: u’webui1’, ‘priority’: 1, ‘client’: [], ‘check_all_resolvers’: False, ‘action’: {u’login_mode’: u’privacyIDEA’, u’logout_time’: u’240’}, ‘scope’: u’webui’}]
[2018-09-04 12:13:38,923][6037][140716246488960][DEBUG][privacyidea.lib.policy:500] Policies after matching active: [{‘time’: u’’, ‘user’: [], ‘resolver’: [], ‘active’: True, ‘adminrealm’: [], ‘condition’: 0, ‘realm’: [], ‘name’: u’hide_welcome’, ‘priority’: 1, ‘client’: [], ‘check_all_resolvers’: False, ‘action’: {u’hide_welcome_info’: True}, ‘scope’: u’webui’}, {‘time’: u’’, ‘user’: [], ‘resolver’: [u’secure_qa’], ‘active’: True, ‘adminrealm’: [], ‘condition’: 0, ‘realm’: [u’secure.qa’], ‘name’: u’webui1’, ‘priority’: 1, ‘client’: [], ‘check_all_resolvers’: False, ‘action’: {u’login_mode’: u’privacyIDEA’, u’logout_time’: u’240’}, ‘scope’: u’webui’}]

Many thanks for the eventual support and Best Regards,
Luca

plettich · September 5, 2018, 9:25am

Hi Luca,

it looks like the challenge-response authentication at the webUI is broken.
I’ve added issue #1216 in github.
Thanks for reporting it.

Regards
Paul

luca · September 5, 2018, 9:47am

Hi Paul,

many thanks for your quick response.
I will take a look on the evolution of this issue.

Regards,
Luca