Ubuntu 18.04, PrivacyIDEA 3.3.3 - installed from repo
I am struggling with problem, that users can not issue tokens when logged in with UPN.
Error I got:
× ERR905: Cannot pass user_object as well as user, resolver, realm in policy (None, ‘user’, ‘enrollPUSH’)
Already spent 48h googling, writing there is my last chance.
Same user works fine when logged with SPN.
Logged with UPN I can delete Tokens created by same user when logged with SPN.
Tokens work fine.
I have setup with ADFS for OWA 2FA with TOTP.
Found that I can enroll tokens with LoginAttribute, that is written first in resolver config
I this is SAM, then UPN fail, if UPN, then SAM is failing.
P.S.
My mistake on original post SPN should be replaced with SAM.