Missing enrollment policy for push token / Error fetching policy templates

Question
1

Hello PrivacyIDEA community,

I am facing an issue when trying to enroll push tokens.

  • When creating a push token, I receive:
missing enrollment policy for push token (push_firebase_configuration)
  • Right after, I also get:
error fetching policy templates
  • Using the CLI, pi-manage policy list shows an empty list:
# pi-manage policy list
[]

  • However, in the web UI, the policies are displayed correctly.

  • I also verified directly in the database that the policies exist:

SELECT id, name, active, scope, realm, action FROM policy;

Output from SQL for pushenroll:

id name active scope realm action
7 pushenroll 1 enrollment defrealm max_token_per_user=4, push_firebase_configuration=SP-Firebase, push_max_token_per_user=4, push_registration_url=https://192.168.1.145/ttype/push, push_ssl_verify=0, radius_max_token_per_user=4, registration_max_token_per_user=4, tokenissuer={serial}

It seems there is a mismatch between what the CLI (pi-manage) sees and what the web UI / database shows.

Questions:

  1. How can I make pi-manage recognize the existing policies?

  2. Could this mismatch be causing the “missing enrollment policy for push token (push_firebase_configuration)” error?

  3. Any tips to troubleshoot error fetching policy templates in this context?

  4. how can i resolve the issue, to be able to enroll the push token ?

Thank you in advance for your help!

policy
policy1426×667 109 KB

firebase
firebase1317×546 86.9 KB

Error Fetching Policy Templates
Error Fetching Policy Templates900×276 31.8 KB

error creating PUSH token
error creating PUSH token1077×696 76.1 KB

2

This is interesting.

Could it be, that

On the command line you are not running as root but with a less privileged user?
Running pi-manage at the command line would not necessarily use the same configuration an pi.cfg, the same data base, the same policies like you server / web interface.

Thus you would end up with no policies.