hi cornelinux and thanks for your answer,
i follow this post:
this is the log’ i`m seeing a problem:
[2021-01-25 02:22:59,844][19769][140044729173760][INFO][privacyidea.lib.user:233] user 'test100' found in resolver 'global'
[2021-01-25 02:22:59,845][19769][140044729173760][INFO][privacyidea.lib.user:234] userid resolved to '11a088d9-12a6-4aa9-9256-57bf423a80b6'
[2021-01-25 02:22:59,865][19769][140044729173760][ERROR][privacyidea.app:1892] Exception on /validate/check [GET]
Traceback (most recent call last):
File "/opt/privacyidea/lib/python3.6/site-packages/flask/app.py", line 2447, in wsgi_app
response = self.full_dispatch_request()
File "/opt/privacyidea/lib/python3.6/site-packages/flask/app.py", line 1952, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/opt/privacyidea/lib/python3.6/site-packages/flask/app.py", line 1821, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/opt/privacyidea/lib/python3.6/site-packages/flask/_compat.py", line 39, in reraise
raise value
File "/opt/privacyidea/lib/python3.6/site-packages/flask/app.py", line 1950, in full_dispatch_request
rv = self.dispatch_request()
File "/opt/privacyidea/lib/python3.6/site-packages/flask/app.py", line 1936, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/api/lib/postpolicy.py", line 108, in policy_wrapper
response = wrapped_function(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/api/lib/postpolicy.py", line 108, in policy_wrapper
response = wrapped_function(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/api/lib/postpolicy.py", line 108, in policy_wrapper
response = wrapped_function(*args, **kwds)
[Previous line repeated 8 more times]
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/api/lib/decorators.py", line 41, in function_wrapper
response = wrapped_function(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/api/lib/prepolicy.py", line 154, in policy_wrapper
return wrapped_function(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/api/lib/prepolicy.py", line 154, in policy_wrapper
return wrapped_function(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/api/lib/prepolicy.py", line 154, in policy_wrapper
return wrapped_function(*args, **kwds)
[Previous line repeated 5 more times]
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/decorators.py", line 100, in check_user_or_serial_in_request_wrapper
f_result = func(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/subscriptions.py", line 333, in check_subscription_wrapper
f_result = func(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/api/lib/prepolicy.py", line 154, in policy_wrapper
return wrapped_function(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/event.py", line 99, in event_wrapper
f_result = func(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/api/validate.py", line 396, in check
success, details = check_user_pass(user, password, options=options)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/policydecorators.py", line 93, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/policydecorators.py", line 186, in auth_cache
res, reply_dict = wrapped_function(user_object, passw, options)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/policydecorators.py", line 93, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/policydecorators.py", line 254, in auth_user_does_not_exist
return wrapped_function(user_object, passw, options)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/policydecorators.py", line 93, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/policydecorators.py", line 223, in auth_user_has_no_token
return wrapped_function(user_object, passw, options)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/policydecorators.py", line 93, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/policydecorators.py", line 355, in auth_user_timelimit
res, reply_dict = wrapped_function(user_object, passw, options)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/policydecorators.py", line 93, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/policydecorators.py", line 442, in auth_lastauth
res, reply_dict = wrapped_function(user_or_serial, passw, options)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/policydecorators.py", line 93, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/policydecorators.py", line 332, in auth_user_passthru
return wrapped_function(user_object, passw, options)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/log.py", line 155, in log_wrapper
return func(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/token.py", line 2052, in check_user_pass
allow_reset_all_tokens=True)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/log.py", line 155, in log_wrapper
return func(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/policydecorators.py", line 93, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/policydecorators.py", line 638, in reset_all_user_tokens
r = wrapped_function(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/policydecorators.py", line 93, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/challengeresponsedecorators.py", line 150, in generic_challenge_response_reset_pin
success, reply_dict = wrapped_function(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/token.py", line 2206, in check_token_list
tokenobject.authenticate(passw, user, options=options)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/decorators.py", line 45, in token_locked_wrapper
f_result = func(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/tokenclass.py", line 456, in authenticate
otp_counter = self.check_otp(otpval, options=options)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/decorators.py", line 45, in token_locked_wrapper
f_result = func(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/tokens/totptoken.py", line 360, in check_otp
symetric=True)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/log.py", line 155, in log_wrapper
return func(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/tokens/HMAC.py", line 155, in checkOtp
otpval = self.generate(c)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/tokens/HMAC.py", line 121, in generate
hmac = self.hmac(counter=counter, key=key)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/tokens/HMAC.py", line 83, in hmac
dig = self.secretObj.hmac_digest(data_input, self.hashfunc)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/crypto.py", line 128, in hmac_digest
self._setupKey_()
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/crypto.py", line 150, in _setupKey_
akey = decrypt(self.val, self.iv)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/log.py", line 155, in log_wrapper
return func(*args, **kwds)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/crypto.py", line 393, in decrypt
res = hsm.decrypt(to_bytes(enc_data), to_bytes(iv), key_id=key_id)
File "/opt/privacyidea/lib/python3.6/site-packages/privacyidea/lib/security/default.py", line 495, in decrypt
data = binascii.unhexlify(output)
binascii.Error: Non-hexadecimal digit found
You can guide me what causing this security problem?