Hello,
I follow your instructions about how to migrate linotp tokens to privacyidea.
I did it and I’m seeing all the tokens in the token list.
The problem is when I’m trying to test token i’m getting “500 internal server error”.
Any idea?
Hi @Light,
welcome here. Good decision to get rid of LinOTP. After all this was a great software years ago but did not develop a lot anymore. (just my 2 cents)
I will give you hints, not complete instructions. I will do no support request here. I do not have to earn any karma points anymore
Maybe someone else will…
My goal is, that you are able to you solve your problem yourself!
When you encounter a “500 internal server error” there is a problem in the execution of the code.
So in this case you will always have to take a look at the privacyidea.log and most probably also at the webserver log.
PS: which instruction did you follow? It always helps to link what you did!
hi cornelinux and thanks for your answer,
i follow this post:
this is the log’ i`m seeing a problem:
[2021-01-25 02:22:59,844][19769][140044729173760][INFO][privacyidea.lib.user:233] user 'test100' found in resolver 'global'
[2021-01-25 02:22:59,845][19769][140044729173760][INFO][privacyidea.lib.user:234] userid resolved to '11a088d9-12a6-4aa9-9256-57bf423a80b6'
[2021-01-25 02:22:59,865][19769][140044729173760][ERROR][privacyidea.app:1892] Exception on /validate/check [GET]
Traceback (most recent call last):
File "/opt/privacyidea/lib/python3.6/site-packages/flask/app.py", line 2447, in wsgi_app
response = self.full_dispatch_request()
File "/opt/privacyidea/lib/python3.6/site-packages/flask/app.py", line 1952, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/opt/privacyidea/lib/python3.6/site-packages/flask/app.py", line 1821, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/opt/privacyidea/lib/python3.6/site-packages/flask/_compat.py", line 39, in reraise
raise value
File "/opt/privacyidea/lib/python3.6/site-packages/flask/app.py", line 1950, in full_dispatch_request
rv = self.dispatch_request()
File "/opt/privacyidea/lib/python3.6/site-packages/flask/app.py", line 1936, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/api/lib/postpolicy.py", line 108, in policy_wrapper
response = wrapped_function(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/api/lib/postpolicy.py", line 108, in policy_wrapper
response = wrapped_function(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/api/lib/postpolicy.py", line 108, in policy_wrapper
response = wrapped_function(*args, **kwds)
[Previous line repeated 8 more times]
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/api/lib/decorators.py", line 41, in function_wrapper
response = wrapped_function(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/api/lib/prepolicy.py", line 154, in policy_wrapper
return wrapped_function(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/api/lib/prepolicy.py", line 154, in policy_wrapper
return wrapped_function(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/api/lib/prepolicy.py", line 154, in policy_wrapper
return wrapped_function(*args, **kwds)
[Previous line repeated 5 more times]
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/decorators.py", line 100, in check_user_or_serial_in_request_wrapper
f_result = func(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/subscriptions.py", line 333, in check_subscription_wrapper
f_result = func(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/api/lib/prepolicy.py", line 154, in policy_wrapper
return wrapped_function(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/event.py", line 99, in event_wrapper
f_result = func(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/api/validate.py", line 396, in check
success, details = check_user_pass(user, password, options=options)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/policydecorators.py", line 93, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/policydecorators.py", line 186, in auth_cache
res, reply_dict = wrapped_function(user_object, passw, options)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/policydecorators.py", line 93, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/policydecorators.py", line 254, in auth_user_does_not_exist
return wrapped_function(user_object, passw, options)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/policydecorators.py", line 93, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/policydecorators.py", line 223, in auth_user_has_no_token
return wrapped_function(user_object, passw, options)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/policydecorators.py", line 93, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/policydecorators.py", line 355, in auth_user_timelimit
res, reply_dict = wrapped_function(user_object, passw, options)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/policydecorators.py", line 93, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/policydecorators.py", line 442, in auth_lastauth
res, reply_dict = wrapped_function(user_or_serial, passw, options)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/policydecorators.py", line 93, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/policydecorators.py", line 332, in auth_user_passthru
return wrapped_function(user_object, passw, options)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/log.py", line 155, in log_wrapper
return func(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/token.py", line 2052, in check_user_pass
allow_reset_all_tokens=True)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/log.py", line 155, in log_wrapper
return func(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/policydecorators.py", line 93, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/policydecorators.py", line 638, in reset_all_user_tokens
r = wrapped_function(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/policydecorators.py", line 93, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/challengeresponsedecorators.py", line 150, in generic_challenge_response_reset_pin
success, reply_dict = wrapped_function(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/token.py", line 2206, in check_token_list
tokenobject.authenticate(passw, user, options=options)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/decorators.py", line 45, in token_locked_wrapper
f_result = func(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/tokenclass.py", line 456, in authenticate
otp_counter = self.check_otp(otpval, options=options)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/decorators.py", line 45, in token_locked_wrapper
f_result = func(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/tokens/totptoken.py", line 360, in check_otp
symetric=True)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/log.py", line 155, in log_wrapper
return func(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/tokens/HMAC.py", line 155, in checkOtp
otpval = self.generate(c)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/tokens/HMAC.py", line 121, in generate
hmac = self.hmac(counter=counter, key=key)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/tokens/HMAC.py", line 83, in hmac
dig = self.secretObj.hmac_digest(data_input, self.hashfunc)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/crypto.py", line 128, in hmac_digest
self._setupKey_()
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/crypto.py", line 150, in _setupKey_
akey = decrypt(self.val, self.iv)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/log.py", line 155, in log_wrapper
return func(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/crypto.py", line 393, in decrypt
res = hsm.decrypt(to_bytes(enc_data), to_bytes(iv), key_id=key_id)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/security/default.py", line 495, in decrypt
data = binascii.unhexlify(output)
binascii.Error: Non-hexadecimal digit found
You can guide me what causing this security problem?
You get and error of unallowed characters during decrypt.
The seeds of the tokens are stored in an encrypted way in the database.
This is also true for LinOTP.
So you are either not using the same encryption key in privacyIDEA like in LinOTP or you have not reencrypted the data.
Having deeper knowledge either in LinOTP or in privacyIDEA helps a lot with this migration.
Ok i did it!!! Thanks.
The problem was with the enckey.
Now another question, now i have one privacyidea with linotp totp tokens i just migrated and another privacyidea with totp tokens.
Can i merge them to one server or i can’t because enckey is different?