Owncloud 8.2.1 and Privacyidea

Hi all,

First post! :slight_smile:

I am looking for any pointers into an issue i’m having with Privacyidea and
Owncloud. I have configured my Privacyidea server to point to my owncloud
realm and that passes the test successfully. I have generated tokens for
the users ‘sucked in’ from owncloud, and tested these and they work also.
Ive installed the owncloud ‘user_privacyidea’ app and configured it to
point to my PrivacyIDEA server and also disabled ‘check SSL’, however
whenever i try and authenticate my test user against privacyidea it fails.

After speaking with Cornelius over email last night, I enabled debug in
owncloud and tested again and now i can see the following in the
owncloud.log:

{“reqId”:“Vo5STH8AAQEAAGnQg3cAAAAs”,“remoteAddr”:“134.225.2.12”,“app”:“user_privacyidea”,“message”:“privacyIDEA
is disabled: “,“level”:0,“time”:“January 07, 2016
11:55:56”,“method”:“PROPFIND”,“url”:”/remote.php/webdav/”}
{“reqId”:“KtQbrb9wy1MxVwGwfzEq”,“remoteAddr”:"",“app”:“user_privacyidea”,“message”:“privacyIDEA
is disabled: “,“level”:0,“time”:“January 07, 2016
11:56:21”,“method”:”–”,“url”:"–"}
{“reqId”:“VSgwPMcwd3oQDlTySNi0”,“remoteAddr”:"",“app”:“user_privacyidea”,“message”:“privacyIDEA
is disabled: “,“level”:0,“time”:“January 07, 2016
11:56:31”,“method”:”–”,“url”:"–"}
{“reqId”:“pAdy8rexqxL0Qed110ls”,“remoteAddr”:"",“app”:“user_privacyidea”,“message”:“privacyIDEA
is disabled: “,“level”:0,“time”:“January 07, 2016
11:57:49”,“method”:”–”,“url”:"–"}
{“reqId”:“IqOmouxSF1+qTwakMysW”,“remoteAddr”:"",“app”:“user_privacyidea”,“message”:“privacyIDEA
is disabled: “,“level”:0,“time”:“January 07, 2016
11:58:03”,“method”:”–”,“url”:"–"}
{“reqId”:“nStAedMfOmaKZAq+e9Ae”,“remoteAddr”:"",“app”:“user_privacyidea”,“message”:“privacyIDEA
is disabled: “,“level”:0,“time”:“January 07, 2016
11:58:08”,“method”:”–”,“url”:"–"}
{“reqId”:“bInKSBNyYiI7Jtl4h4hQ”,“remoteAddr”:"",“app”:“user_privacyidea”,“message”:“privacyIDEA
is disabled: “,“level”:0,“time”:“January 07, 2016
11:58:11”,“method”:”–”,“url”:"–"}

Which is perplexing. I have enabled it again via the command line using the
owncloud ‘occ’ tool (and same issue):

root@server:/var/www/owncloud# sudo -u www-data php occ app:disable
user_privacyidea
user_privacyidea disabled
root@server:/var/www/owncloud# sudo -u www-data php occ app:enable
user_privacyidea
user_privacyidea enabled

I have also used a ‘check-code’ option within occ which has flagged some
items:

root@server:/var/www/owncloud# sudo -u www-data php occ app:check-code
user_privacyidea
Analysing /var/www/owncloud/apps/user_privacyidea/appinfo/app.php
4 errors
line 6: OCP\Config - Static method of deprecated class must not be
called
line 11: OC_User - Static method of private class must not be called
line 12: OC_User - Static method of private class must not be called
line 17: OC_User - Static method of private class must not be called
Analysing /var/www/owncloud/apps/user_privacyidea/adminSettings.php
1 errors
line 29: OC_Util - Static method of private class must not be called
Analysing /var/www/owncloud/apps/user_privacyidea/lib/otp_privacyidea.php
6 errors
line 174: OCP\Config - Static method of deprecated class must not be
called
line 193: OCP\Config - Static method of deprecated class must not be
called
line 195: OCP\Config - Static method of deprecated class must not be
called
line 196: OCP\Config - Static method of deprecated class must not be
called
line 200: OCP\Config - Static method of deprecated class must not be
called
line 201: OCP\Config - Static method of deprecated class must not be
called
Deprecated field available: shipped => false
Migrate the app version to appinfo/info.xml (add 0.2 to
appinfo/info.xml and remove appinfo/version)
App is not compliant
root@server:/var/www/owncloud#

Has anyone experienced this issue? Im pulling my hair out trying to think
of where to look next.

Cheers,
Sam
@vcolonel

More specifically im seeing:

{“reqId”:“Vo5VaX8AAQEAAGl4vz0AAAAA”,“remoteAddr”:“134.225.2.12”,“app”:“core”,“message”:“Login
failed: ‘testuser1’ (Remote IP: ‘134.225.2.12’)”,“level”:2,“time”:“January
07, 2016 12:09:14”,“method”:“POST”,“url”:“/”}

{“reqId”:“Vo5Van8AAQEAAGl4vz4AAAAA”,“remoteAddr”:“134.225.2.12”,“app”:“user_privacyidea”,“message”:“privacyIDEA
is disabled: “,“level”:0,“time”:“January 07, 2016
12:09:14”,“method”:“GET”,“url”:”/index.php/core/js/oc.js?v=f6fbf2b7631919f61016e5b8495eb630”}
{“reqId”:“Vo5Van8AAQEAAGl4vz8AAAAA”,“remoteAddr”:“134.225.2.12”,“app”:“user_privacyidea”,“message”:“privacyIDEA
is disabled: “,“level”:0,“time”:“January 07, 2016
12:09:14”,“method”:“GET”,“url”:”/cron.php”}

Had a dig through the Owncloud API to see if it is an issue with the
app.php ‘check enabled’. The occ command to verify its enabled is:

root@server:/var/www/owncloud# sudo -u www-data php occ config:app:get
user_privacyidea enabled
yes

I wonder if that command is returning a different value to app.phps’:

$enabled = OCP\Config::getAppValue(‘privacyIDEA’,‘enable_privacyidea’);

Yeah same - mines identical in terms of configuration, i just get the weird
message in the log:

https://lh3.googleusercontent.com/-74g3owdNn6c/Vo6S2QiqcqI/AAAAAAAAFL0/3oiyUuH6JWM/s1600/Screenshot%2B2016-01-07%2B16.27.33.png

and

https://lh3.googleusercontent.com/-oaFoB4WYMUM/Vo6TEXcgC3I/AAAAAAAAFL8/BvomWisgk-I/s1600/Screenshot%2B2016-01-07%2B16.30.37.png
and

https://lh3.googleusercontent.com/-DGDCEJtdxyk/Vo6TKjxtrJI/AAAAAAAAFME/kggwASYCX6U/s1600/Screenshot%2B2016-01-07%2B16.32.33.png
Heres the output of user_privacyidea app folder also:

root@server:/# ls -la /var/www/owncloud/apps/user_privacyidea/
total 1MB
drwxr-x— 2 www-data www-data 1MB Jan 6 15:26 js
drwxr-x— 2 www-data www-data 1MB Jan 6 15:26 img
drwxr-x— 2 www-data www-data 1MB Jan 6 15:26 appinfo
-rwxr-x— 1 www-data www-data 1MB Jan 6 15:26 adminSettings.php
drwxr-x— 2 www-data www-data 1MB Jan 6 15:26 lib
drwxr-x— 2 www-data www-data 1MB Jan 6 15:26 templates
drwxr-xr-x 22 www-data www-data 1MB Jan 6 15:26 

drwxr-x— 7 www-data www-data 1MB Jan 6 16:35 .
root@server:/# ls -la /var/www/owncloud/apps/user_privacyidea/lib/
total 1MB
-rwxr-x— 1 www-data www-data 1MB Jan 6 15:26 otp_privacyidea.php
-rwxr-x— 1 www-data www-data 1MB Jan 6 15:26 helper.php
drwxr-x— 2 www-data www-data 1MB Jan 6 15:26 .
drwxr-x— 7 www-data www-data 1MB Jan 6 16:35 

root@server:/# ls -la /var/www/owncloud/apps/user_privacyidea/appinfo/
total 1MB
-rwxr-x— 1 www-data www-data 1MB Jan 6 15:26 version
-rwxr-x— 1 www-data www-data 1MB Jan 6 15:26 info.xml
-rwxr-x— 1 www-data www-data 1MB Jan 6 15:26 app.php
drwxr-x— 2 www-data www-data 1MB Jan 6 15:26 .
drwxr-x— 7 www-data www-data 1MB Jan 6 16:35 

root@server:/# ls -la /var/www/owncloud/apps/user_privacyidea/js/
total 1MB
drwxr-x— 2 www-data www-data 1MB Jan 6 15:26 .
-rwxr-x— 1 www-data www-data 1MB Jan 6 15:26 adminSettings.js
drwxr-x— 7 www-data www-data 1MB Jan 6 16:35 


Best,
SamOn Thursday, January 7, 2016 at 2:23:05 PM UTC, Cornelius Kölbel wrote:

Hi Sam,

fwiw. I just checked on an owncloud 8.2(.0).
I never enabled the application using the command line tool but from the
webui.

It looks like this:

Can you see it this way, too?
Please note, that this plugin is marked “experimental”. I am not sure, if
your ownCloud instance handles “experimental” in another way.

The privacyIDEA config in ownlcoud looks like this:

Please enable debug in ownCloud. I get such entries:

Kind regards
Cornelius

Am Donnerstag, den 07.01.2016, 06:03 -0800 schrieb Sam Marsh:

Hmm wonder if its something i’m doing wrong, as i just span up an instance
of Owncloud 7.0 in docker and i’m seeing similar issues:

root@94abee8b6400:/var/www/owncloud# sudo -u www-data php occ --version

{“reqId”:“568e6eceac717”,“app”:“user_privacyidea”,“message”:“privacyIDEA
is disabled: “,“level”:0,“time”:“January 07, 2016
13:57:34”,“method”:”–”,“url”:“–”}

ownCloud version 7.0.12

root@94abee8b6400:/var/www/owncloud# sudo -u www-data php occ app:enable
user_privacyidea

{“reqId”:“568e6ee32e067”,“app”:“user_privacyidea”,“message”:“privacyIDEA
is disabled: “,“level”:0,“time”:“January 07, 2016
13:57:55”,“method”:”–”,“url”:“–”}

user_privacyidea is already enabled

root@94abee8b6400:/var/www/owncloud#

I also bounced Apache2 after configuring config.php and whilst it isnt
showing anything in owncloud.log (god knows why), in
/var/log/apache2/error.log i can see:

[Thu Jan 07 14:01:00.951047 2016] [mpm_prefork:notice] [pid 15133]
AH00169: caught SIGTERM, shutting down

[Thu Jan 07 14:01:02.126400 2016] [mpm_prefork:notice] [pid 15197]
AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.14 configured – resuming
normal operations

[Thu Jan 07 14:01:02.126495 2016] [core:notice] [pid 15197] AH00094:
Command line: ‘/usr/sbin/apache2’

[Thu Jan 07 14:01:03.585587 2016] [:error] [pid 15200] [client
192.168.0.81:63068]
{“reqId”:“568e6f9f8eed6”,“app”:“user_privacyidea”,“message”:“privacyIDEA is
disabled: “,“level”:0,“time”:“January 07, 2016
14:01:03”,“method”:“POST”,“url”:”\/owncloud\/”}, referer:
http://192.168.0.16:8003/owncloud/

[Thu Jan 07 14:01:03.691818 2016] [:error] [pid 15200] [client
192.168.0.81:63068]
{“reqId”:“568e6f9f8eed6”,“app”:“core”,“message”:“Login failed: ‘test1’
(Remote IP: ‘192.168.0.81’, X-Forwarded-For: ‘’)”,“level”:2,“time”:“January
07, 2016 14:01:03”,“method”:“POST”,“url”:“\/owncloud\/”}, referer:
http://192.168.0.16:8003/owncloud/

[Thu Jan 07 14:01:03.861168 2016] [:error] [pid 15200] [client
192.168.0.81:63068]
{“reqId”:“568e6f9fd2397”,“app”:“user_privacyidea”,“message”:“privacyIDEA is
disabled: “,“level”:0,“time”:“January 07, 2016
14:01:03”,“method”:“GET”,“url”:”\/owncloud\/index.php\/core\/js\/oc.js?v=0f79fab0339c6cfa89e3e07d92eb8950”},
referer: http://192.168.0.16:8003/owncloud/

[Thu Jan 07 14:01:03.982549 2016] [:error] [pid 15200] [client
192.168.0.81:63068]
{“reqId”:“568e6f9fefdb7”,“app”:“user_privacyidea”,“message”:“privacyIDEA is
disabled: “,“level”:0,“time”:“January 07, 2016
14:01:03”,“method”:“POST”,“url”:”\/owncloud\/index.php\/core\/ajax\/translations.php”},
referer: http://192.168.0.16:8003/owncloud/

[Thu Jan 07 14:01:04.074056 2016] [:error] [pid 15200] [client
192.168.0.81:63068]
{“reqId”:“568e6fa0120ea”,“app”:“user_privacyidea”,“message”:“privacyIDEA is
disabled: “,“level”:0,“time”:“January 07, 2016
14:01:04”,“method”:“GET”,“url”:”\/owncloud\/cron.php”}, referer:
http://192.168.0.16:8003/owncloud/

[Thu Jan 07 14:01:04.135851 2016] [:error] [pid 15201] [client
192.168.0.81:63071]
{“reqId”:“568e6fa02120d”,“app”:“user_privacyidea”,“message”:“privacyIDEA is
disabled: “,“level”:0,“time”:“January 07, 2016
14:01:04”,“method”:“POST”,“url”:”\/owncloud\/index.php\/core\/ajax\/translations.php”},
referer: http://192.168.0.16:8003/owncloud/

–
You received this message because you are subscribed to the Google Groups
“privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/36f4d2bb-8850-4b83-9ea4-01a13de13f49%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/36f4d2bb-8850-4b83-9ea4-01a13de13f49%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

–
Cornelius Kölbel
corneliu
@netknights.it <javascript:>
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
GeschĂ€ftsfĂŒhrer: Cornelius Kölbel

It looks like the culprit is app.php going off the error message:

<?php \OCP\App::registerAdmin('user_privacyidea', 'adminSettings'); OC::$CLASSPATH['OC_User_PRIVACYIDEA'] = 'apps/user_privacyidea/lib/otp_privacyidea.php'; $enabled = OCP\Config::getAppValue('privacyIDEA','enable_privacyidea'); if($enabled === "yes") { OCP\Util::writeLog('user_privacyidea', 'privacyIDEA is enabled', OCP\Util::DEBUG); $usedBackends = OC_User::getUsedBackends(); OC_User::clearBackends(); $piBackend = new OC_User_PRIVACYIDEA(); // register all previously used backend $piBackend->registerBackends($usedBackends); // register our own user backend OC_User::useBackend($piBackend); } else { OCP\Util::writeLog('user_privacyidea', 'privacyIDEA is disabled: '.$enabled, OCP\Util::DEBUG); } Im not a developer unfortunately so my skills are being stretched here, but it seems the issue is: $enabled = OCP\Config::getAppValue('privacyIDEA','enable_privacyidea');

Very cool. Thanks you!

I just closed your pull request, since it does not make sense in the 2.8
branch.
As mentioned, please merge into master.

Thanks a lot!
CorneliusAm Donnerstag, den 07.01.2016, 09:03 -0800 schrieb Sam Marsh:

Fixed it - woohoo.

Modified app.php to use:

    if(OCP\App::isEnabled('user_privacyidea')) {

so it looks like:

    <?php
    \OCP\App::registerAdmin('user_privacyidea', 'adminSettings');
    
    
    OC::$CLASSPATH['OC_User_PRIVACYIDEA'] =
    'apps/user_privacyidea/lib/otp_privacyidea.php';
    
    
    if(OCP\App::isEnabled('user_privacyidea')) {
        OCP\Util::writeLog('user_privacyidea', 'privacyIDEA is
    enabled',
        OCP\Util::DEBUG);
    
    
        $usedBackends = OC_User::getUsedBackends();
        OC_User::clearBackends();
        $piBackend = new OC_User_PRIVACYIDEA();
        // register all previously used backend
        $piBackend->registerBackends($usedBackends);
        // register our own user backend
        OC_User::useBackend($piBackend);
    
    
    } else {
        OCP\Util::writeLog('user_privacyidea', 'privacyIDEA is
    disabled: '.$enabled, OCP\Util::DEBUG);
    }

–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/7b03d7b7-969f-496d-ac51-7dc5b659f801%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
GeschĂ€ftsfĂŒhrer: Cornelius Kölbel

signature.asc (836 Bytes)

Hmm wonder if its something i’m doing wrong, as i just span up an instance
of Owncloud 7.0 in docker and i’m seeing similar issues:

root@94abee8b6400:/var/www/owncloud# sudo -u www-data php occ --version
{“reqId”:“568e6eceac717”,“app”:“user_privacyidea”,“message”:“privacyIDEA is
disabled: “,“level”:0,“time”:“January 07, 2016
13:57:34”,“method”:”–”,“url”:“–”}
ownCloud version 7.0.12
root@94abee8b6400:/var/www/owncloud# sudo -u www-data php occ app:enable
user_privacyidea
{“reqId”:“568e6ee32e067”,“app”:“user_privacyidea”,“message”:“privacyIDEA is
disabled: “,“level”:0,“time”:“January 07, 2016
13:57:55”,“method”:”–”,“url”:“–”}
user_privacyidea is already enabled
root@94abee8b6400:/var/www/owncloud#

I also bounced Apache2 after configuring config.php and whilst it isnt
showing anything in owncloud.log (god knows why), in
/var/log/apache2/error.log i can see:

[Thu Jan 07 14:01:00.951047 2016] [mpm_prefork:notice] [pid 15133] AH00169:
caught SIGTERM, shutting down
[Thu Jan 07 14:01:02.126400 2016] [mpm_prefork:notice] [pid 15197] AH00163:
Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.14 configured – resuming normal
operations
[Thu Jan 07 14:01:02.126495 2016] [core:notice] [pid 15197] AH00094:
Command line: ‘/usr/sbin/apache2’
[Thu Jan 07 14:01:03.585587 2016] [:error] [pid 15200] [client
192.168.0.81:63068]
{“reqId”:“568e6f9f8eed6”,“app”:“user_privacyidea”,“message”:“privacyIDEA is
disabled: “,“level”:0,“time”:“January 07, 2016
14:01:03”,“method”:“POST”,“url”:”\/owncloud\/”}, referer:
http://192.168.0.16:8003/owncloud/
[Thu Jan 07 14:01:03.691818 2016] [:error] [pid 15200] [client
192.168.0.81:63068] {“reqId”:“568e6f9f8eed6”,“app”:“core”,“message”:“Login
failed: ‘test1’ (Remote IP: ‘192.168.0.81’, X-Forwarded-For:
‘’)”,“level”:2,“time”:“January 07, 2016
14:01:03”,“method”:“POST”,“url”:“\/owncloud\/”}, referer:
http://192.168.0.16:8003/owncloud/
[Thu Jan 07 14:01:03.861168 2016] [:error] [pid 15200] [client
192.168.0.81:63068]
{“reqId”:“568e6f9fd2397”,“app”:“user_privacyidea”,“message”:“privacyIDEA is
disabled: “,“level”:0,“time”:“January 07, 2016
14:01:03”,“method”:“GET”,“url”:”\/owncloud\/index.php\/core\/js\/oc.js?v=0f79fab0339c6cfa89e3e07d92eb8950”},
referer: http://192.168.0.16:8003/owncloud/
[Thu Jan 07 14:01:03.982549 2016] [:error] [pid 15200] [client
192.168.0.81:63068]
{“reqId”:“568e6f9fefdb7”,“app”:“user_privacyidea”,“message”:“privacyIDEA is
disabled: “,“level”:0,“time”:“January 07, 2016
14:01:03”,“method”:“POST”,“url”:”\/owncloud\/index.php\/core\/ajax\/translations.php”},
referer: http://192.168.0.16:8003/owncloud/
[Thu Jan 07 14:01:04.074056 2016] [:error] [pid 15200] [client
192.168.0.81:63068]
{“reqId”:“568e6fa0120ea”,“app”:“user_privacyidea”,“message”:“privacyIDEA is
disabled: “,“level”:0,“time”:“January 07, 2016
14:01:04”,“method”:“GET”,“url”:”\/owncloud\/cron.php”}, referer:
http://192.168.0.16:8003/owncloud/
[Thu Jan 07 14:01:04.135851 2016] [:error] [pid 15201] [client
192.168.0.81:63071]
{“reqId”:“568e6fa02120d”,“app”:“user_privacyidea”,“message”:“privacyIDEA is
disabled: “,“level”:0,“time”:“January 07, 2016
14:01:04”,“method”:“POST”,“url”:”\/owncloud\/index.php\/core\/ajax\/translations.php”},
referer: http://192.168.0.16:8003/owncloud/


but what lets me puzzled is, that it worked on other owncloud
installations.
(Here is a running version 8.2, which does definitively not have this
problem)

owncloud != owncloud?

Kind regards
CorneliusAm Donnerstag, den 07.01.2016, 19:46 +0100 schrieb Cornelius Kölbel:

Very cool. Thanks you!

I just closed your pull request, since it does not make sense in the 2.8
branch.
As mentioned, please merge into master.

Thanks a lot!
Cornelius

Am Donnerstag, den 07.01.2016, 09:03 -0800 schrieb Sam Marsh:

Fixed it - woohoo.

Modified app.php to use:

    if(OCP\App::isEnabled('user_privacyidea')) {

so it looks like:

    <?php
    \OCP\App::registerAdmin('user_privacyidea', 'adminSettings');
    
    
    OC::$CLASSPATH['OC_User_PRIVACYIDEA'] =
    'apps/user_privacyidea/lib/otp_privacyidea.php';
    
    
    if(OCP\App::isEnabled('user_privacyidea')) {
        OCP\Util::writeLog('user_privacyidea', 'privacyIDEA is
    enabled',
        OCP\Util::DEBUG);
    
    
        $usedBackends = OC_User::getUsedBackends();
        OC_User::clearBackends();
        $piBackend = new OC_User_PRIVACYIDEA();
        // register all previously used backend
        $piBackend->registerBackends($usedBackends);
        // register our own user backend
        OC_User::useBackend($piBackend);
    
    
    } else {
        OCP\Util::writeLog('user_privacyidea', 'privacyIDEA is
    disabled: '.$enabled, OCP\Util::DEBUG);
    }

–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/7b03d7b7-969f-496d-ac51-7dc5b659f801%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
GeschĂ€ftsfĂŒhrer: Cornelius Kölbel

–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
GeschĂ€ftsfĂŒhrer: Cornelius Kölbel

signature.asc (836 Bytes)

Hi Sam,

fwiw. I just checked on an owncloud 8.2(.0).
I never enabled the application using the command line tool but from the
webui.

It looks like this:

Can you see it this way, too?
Please note, that this plugin is marked “experimental”. I am not sure,
if your ownCloud instance handles “experimental” in another way.

The privacyIDEA config in ownlcoud looks like this:

Please enable debug in ownCloud. I get such entries:

Kind regards
CorneliusAm Donnerstag, den 07.01.2016, 06:03 -0800 schrieb Sam Marsh:

    Hmm wonder if its something i'm doing wrong, as i just span up
    an instance of Owncloud 7.0 in docker and i'm seeing similar
    issues:


    root@94abee8b6400:/var/www/owncloud# sudo -u www-data php occ
    --version
    {"reqId":"568e6eceac717","app":"user_privacyidea","message":"privacyIDEA is disabled: ","level":0,"time":"January 07, 2016 13:57:34","method":"--","url":"--"}
    ownCloud version 7.0.12
    root@94abee8b6400:/var/www/owncloud# sudo -u www-data php occ
    app:enable user_privacyidea
    {"reqId":"568e6ee32e067","app":"user_privacyidea","message":"privacyIDEA is disabled: ","level":0,"time":"January 07, 2016 13:57:55","method":"--","url":"--"}
    user_privacyidea is already enabled
    root@94abee8b6400:/var/www/owncloud# 

I also bounced Apache2 after configuring config.php and whilst it isnt
showing anything in owncloud.log (god knows why),
in /var/log/apache2/error.log i can see:

    [Thu Jan 07 14:01:00.951047 2016] [mpm_prefork:notice] [pid
    15133] AH00169: caught SIGTERM, shutting down
    [Thu Jan 07 14:01:02.126400 2016] [mpm_prefork:notice] [pid
    15197] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.14
    configured -- resuming normal operations
    [Thu Jan 07 14:01:02.126495 2016] [core:notice] [pid 15197]
    AH00094: Command line: '/usr/sbin/apache2'
    [Thu Jan 07 14:01:03.585587 2016] [:error] [pid 15200] [client
    192.168.0.81:63068]
    {"reqId":"568e6f9f8eed6","app":"user_privacyidea","message":"privacyIDEA is disabled: ","level":0,"time":"January 07, 2016 14:01:03","method":"POST","url":"\\/owncloud\\/"}, referer: http://192.168.0.16:8003/owncloud/
    [Thu Jan 07 14:01:03.691818 2016] [:error] [pid 15200] [client
    192.168.0.81:63068]
    {"reqId":"568e6f9f8eed6","app":"core","message":"Login failed:
    'test1' (Remote IP: '192.168.0.81', X-Forwarded-For:
    '')","level":2,"time":"January 07, 2016
    14:01:03","method":"POST","url":"\\/owncloud\\/"}, referer:
    http://192.168.0.16:8003/owncloud/
    [Thu Jan 07 14:01:03.861168 2016] [:error] [pid 15200] [client
    192.168.0.81:63068]
    {"reqId":"568e6f9fd2397","app":"user_privacyidea","message":"privacyIDEA is disabled: ","level":0,"time":"January 07, 2016 14:01:03","method":"GET","url":"\\/owncloud\\/index.php\\/core\\/js\\/oc.js?v=0f79fab0339c6cfa89e3e07d92eb8950"}, referer: http://192.168.0.16:8003/owncloud/
    [Thu Jan 07 14:01:03.982549 2016] [:error] [pid 15200] [client
    192.168.0.81:63068]
    {"reqId":"568e6f9fefdb7","app":"user_privacyidea","message":"privacyIDEA is disabled: ","level":0,"time":"January 07, 2016 14:01:03","method":"POST","url":"\\/owncloud\\/index.php\\/core\\/ajax\\/translations.php"}, referer: http://192.168.0.16:8003/owncloud/
    [Thu Jan 07 14:01:04.074056 2016] [:error] [pid 15200] [client
    192.168.0.81:63068]
    {"reqId":"568e6fa0120ea","app":"user_privacyidea","message":"privacyIDEA is disabled: ","level":0,"time":"January 07, 2016 14:01:04","method":"GET","url":"\\/owncloud\\/cron.php"}, referer: http://192.168.0.16:8003/owncloud/
    [Thu Jan 07 14:01:04.135851 2016] [:error] [pid 15201] [client
    192.168.0.81:63071]
    {"reqId":"568e6fa02120d","app":"user_privacyidea","message":"privacyIDEA is disabled: ","level":0,"time":"January 07, 2016 14:01:04","method":"POST","url":"\\/owncloud\\/index.php\\/core\\/ajax\\/translations.php"}, referer: http://192.168.0.16:8003/owncloud/

–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/36f4d2bb-8850-4b83-9ea4-01a13de13f49%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
GeschĂ€ftsfĂŒhrer: Cornelius Kölbel

unknown-1E8JAY (85.5 KB)

unknown-NHZEAY (50 KB)

unknown-XL1WAY (59.4 KB)

signature.asc (836 Bytes)

Fixed it - woohoo.

Modified app.php to use:

if(OCP\App::isEnabled(‘user_privacyidea’)) {

so it looks like:

<?php \OCP\App::registerAdmin('user_privacyidea', 'adminSettings'); OC::$CLASSPATH['OC_User_PRIVACYIDEA'] = 'apps/user_privacyidea/lib/otp_privacyidea.php'; if(OCP\App::isEnabled('user_privacyidea')) { OCP\Util::writeLog('user_privacyidea', 'privacyIDEA is enabled', OCP\Util::DEBUG); $usedBackends = OC_User::getUsedBackends(); OC_User::clearBackends(); $piBackend = new OC_User_PRIVACYIDEA(); // register all previously used backend $piBackend->registerBackends($usedBackends); // register our own user backend OC_User::useBackend($piBackend); } else { OCP\Util::writeLog('user_privacyidea', 'privacyIDEA is disabled: '.$enabled, OCP\Util::DEBUG); }

I also tested on Owncloud 8.0.10 (couldnt get a copy of 8.0.9 and got
similar results). All pointing to the same Privacyidea server.

Hi Sam,

I am really sorry for the hassle with owncloud and privacyIDEA.

I think the activation output has some leads.

“line 174: OCP\Config - Static method of deprecated class must not be
called”

“App is not compliant”

The last successful 2F authentication I know of is with owncloud 8.0.9.

As you are running 8.2.1 it sounds like the owncloud API is not
compatible anymore. This is the moment I am pulling MY hair, since
ownlcoud does not comply to semantic versioning (http://semver.org/)
breaking their API with minor version changes.

Obviously the privacyIDEA plugin needs to be adapted to run with version
8.2.1. But honestly I am really not very eager to do so, as I am afraid,
owncloud will break their API with version 8.3 again.

So if anyone is here who likes to program PHP and get involved with
maintaining the privacyIDEA owncloud plugin (which will be probably
necessary with OC 8.3, 8.4
) then this is highly appreciated!

But I personally think owncloud is the most overrated software nowadays
and they lack the necessary mind for security nowadays. owncloud should
take care of two factor authentication themselves by providing a stable
authentication API as many other open source applications do.

Kind regards
CorneliusAm Donnerstag, den 07.01.2016, 04:05 -0800 schrieb Sam Marsh:

Hi all,

First post! :slight_smile:

I am looking for any pointers into an issue i’m having with
Privacyidea and Owncloud. I have configured my Privacyidea server to
point to my owncloud realm and that passes the test successfully. I
have generated tokens for the users ‘sucked in’ from owncloud, and
tested these and they work also. Ive installed the owncloud
‘user_privacyidea’ app and configured it to point to my PrivacyIDEA
server and also disabled ‘check SSL’, however whenever i try and
authenticate my test user against privacyidea it fails.

After speaking with Cornelius over email last night, I enabled debug
in owncloud and tested again and now i can see the following in the
owncloud.log:

    {"reqId":"Vo5STH8AAQEAAGnQg3cAAAAs","remoteAddr":"134.225.2.12","app":"user_privacyidea","message":"privacyIDEA is disabled: ","level":0,"time":"January 07, 2016 11:55:56","method":"PROPFIND","url":"\/remote.php\/webdav\/"}
    {"reqId":"KtQbrb9wy1MxVwGwfzEq","remoteAddr":"","app":"user_privacyidea","message":"privacyIDEA is disabled: ","level":0,"time":"January 07, 2016 11:56:21","method":"--","url":"--"}
    {"reqId":"VSgwPMcwd3oQDlTySNi0","remoteAddr":"","app":"user_privacyidea","message":"privacyIDEA is disabled: ","level":0,"time":"January 07, 2016 11:56:31","method":"--","url":"--"}
    {"reqId":"pAdy8rexqxL0Qed110ls","remoteAddr":"","app":"user_privacyidea","message":"privacyIDEA is disabled: ","level":0,"time":"January 07, 2016 11:57:49","method":"--","url":"--"}
    {"reqId":"IqOmouxSF1
    +qTwakMysW","remoteAddr":"","app":"user_privacyidea","message":"privacyIDEA is disabled: ","level":0,"time":"January 07, 2016 11:58:03","method":"--","url":"--"}
    {"reqId":"nStAedMfOmaKZAq
    +e9Ae","remoteAddr":"","app":"user_privacyidea","message":"privacyIDEA is disabled: ","level":0,"time":"January 07, 2016 11:58:08","method":"--","url":"--"}
    {"reqId":"bInKSBNyYiI7Jtl4h4hQ","remoteAddr":"","app":"user_privacyidea","message":"privacyIDEA is disabled: ","level":0,"time":"January 07, 2016 11:58:11","method":"--","url":"--"}

Which is perplexing. I have enabled it again via the command line
using the owncloud ‘occ’ tool (and same issue):

    root@server:/var/www/owncloud# sudo -u www-data php occ
    app:disable user_privacyidea
    user_privacyidea disabled
    root@server:/var/www/owncloud# sudo -u www-data php occ
    app:enable user_privacyidea
    user_privacyidea enabled

I have also used a ‘check-code’ option within occ which has flagged
some items:

    root@server:/var/www/owncloud# sudo -u www-data php occ
    app:check-code user_privacyidea
    Analysing /var/www/owncloud/apps/user_privacyidea/appinfo/app.php
     4 errors
        line    6: OCP\Config - Static method of deprecated class
    must not be called
        line   11: OC_User - Static method of private class must
    not be called
        line   12: OC_User - Static method of private class must
    not be called
        line   17: OC_User - Static method of private class must
    not be called
    Analysing /var/www/owncloud/apps/user_privacyidea/adminSettings.php
     1 errors
        line   29: OC_Util - Static method of private class must
    not be called
    Analysing /var/www/owncloud/apps/user_privacyidea/lib/otp_privacyidea.php
     6 errors
        line  174: OCP\Config - Static method of deprecated class
    must not be called
        line  193: OCP\Config - Static method of deprecated class
    must not be called
        line  195: OCP\Config - Static method of deprecated class
    must not be called
        line  196: OCP\Config - Static method of deprecated class
    must not be called
        line  200: OCP\Config - Static method of deprecated class
    must not be called
        line  201: OCP\Config - Static method of deprecated class
    must not be called
    Deprecated field available: shipped => false
    Migrate the app version to appinfo/info.xml (add
    <version>0.2</version> to appinfo/info.xml and remove
    appinfo/version)
    App is not compliant
    root@server:/var/www/owncloud#

Has anyone experienced this issue? Im pulling my hair out trying to
think of where to look next.

Cheers,
Sam
@vcolonel

–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/51b17cb9-2347-42b1-8e19-b33a597a783a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
GeschĂ€ftsfĂŒhrer: Cornelius Kölbel

signature.asc (836 Bytes)

:slight_smile: No problem, happy to help with this great project - even if i am a
product manager and not a developer :x

mit freundlichen GrĂŒĂŸen,
SamOn Monday, January 11, 2016 at 9:53:24 AM UTC, Cornelius Kölbel wrote:

Hi Sam,

no problem. THanks a lot for the code anyway.
You mixed up the branches, but I will put this code in


Kind regards
Cornelius

Am Montag, den 11.01.2016, 01:29 -0800 schrieb Sam Marsh:

Yeah - ihni why its returning different, but its definitely that
snippet of code that is the smoking gun. I’ve resubmitted the pull
request, although i’ve never used github / git in anger, so i suspect
ive done it wrong again :slight_smile: Apologies in advance!

On Thursday, January 7, 2016 at 6:48:02 PM UTC, Cornelius Kölbel wrote:

but what lets me puzzled is, that it worked on other
owncloud
installations.
(Here is a running version 8.2, which does definitively not
have this
problem)

    owncloud != owncloud? 
    
    Kind regards 
    Cornelius 
    
    
    Am Donnerstag, den 07.01.2016, 19:46 +0100 schrieb Cornelius 
    Kölbel: 
    > Very cool. Thanks you! 
    > 
    > I just closed your pull request, since it does not make 
    sense in the 2.8 
    > branch. 
    > As mentioned, please merge into master. 
    > 
    > Thanks a lot! 
    > Cornelius 
    > 
    > Am Donnerstag, den 07.01.2016, 09:03 -0800 schrieb Sam 
    Marsh: 
    > > Fixed it  - woohoo. 
    > > 
    > > 
    > > Modified app.php to use: 
    > > 
    > > 
    > >         if(OCP\App::isEnabled('user_privacyidea')) { 
    > > 
    > > 
    > > so it looks like: 
    > > 
    > > 
    > >         <?php 
    > >         \OCP\App::registerAdmin('user_privacyidea', 
    'adminSettings'); 
    > >         
    > >         
    > >         OC::$CLASSPATH['OC_User_PRIVACYIDEA'] = 
    > >         'apps/user_privacyidea/lib/otp_privacyidea.php'; 
    > >         
    > >         
    > >         if(OCP\App::isEnabled('user_privacyidea')) { 
    > >             OCP\Util::writeLog('user_privacyidea', 
    'privacyIDEA is 
    > >         enabled', 
    > >             OCP\Util::DEBUG); 
    > >         
    > >         
    > >             $usedBackends = OC_User::getUsedBackends(); 
    > >             OC_User::clearBackends(); 
    > >             $piBackend = new OC_User_PRIVACYIDEA(); 
    > >             // register all previously used backend 
    > >             $piBackend->registerBackends($usedBackends); 
    > >             // register our own user backend 
    > >             OC_User::useBackend($piBackend); 
    > >         
    > >         
    > >         } else { 
    > >             OCP\Util::writeLog('user_privacyidea', 
    'privacyIDEA is 
    > >         disabled: '.$enabled, OCP\Util::DEBUG); 
    > >         } 
    > > -- 
    > > You received this message because you are subscribed to 
    the Google 
    > > Groups "privacyidea" group. 
    > > To unsubscribe from this group and stop receiving emails 
    from it, send 
    > > an email to privacyidea...@googlegroups.com. 
    > > To post to this group, send email to 
    priva...@googlegroups.com. 
    > > To view this discussion on the web visit 
    > > 

https://groups.google.com/d/msgid/privacyidea/7b03d7b7-969f-496d-ac51-7dc5b659f801%40googlegroups.com.

    > > For more options, visit 
    https://groups.google.com/d/optout. 
    > 
    > -- 
    > Cornelius Kölbel 
    > corneliu...@netknights.it 
    > +49 151 2960 1417 
    > 
    > NetKnights GmbH 
    > http://www.netknights.it 
    > Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
    > Tel: +49 561 3166797, Fax: +49 561 3166798 
    > 
    > Amtsgericht Kassel, HRB 16405 
    > GeschĂ€ftsfĂŒhrer: Cornelius Kölbel 
    > 
    > 
    
    -- 
    Cornelius Kölbel 
    corneliu...@netknights.it 
    +49 151 2960 1417 
    
    NetKnights GmbH 
    http://www.netknights.it 
    Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
    Tel: +49 561 3166797, Fax: +49 561 3166798 
    
    Amtsgericht Kassel, HRB 16405 
    GeschĂ€ftsfĂŒhrer: Cornelius Kölbel 

–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit

https://groups.google.com/d/msgid/privacyidea/74f24446-2c0d-4a74-a5bb-5c273d2db698%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

–
Cornelius Kölbel
corneliu
@netknights.it <javascript:>
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
GeschĂ€ftsfĂŒhrer: Cornelius Kölbel

Yeah - ihni why its returning different, but its definitely that snippet of
code that is the smoking gun. I’ve resubmitted the pull request, although
i’ve never used github / git in anger, so i suspect ive done it wrong again
:slight_smile: Apologies in advance!On Thursday, January 7, 2016 at 6:48:02 PM UTC, Cornelius Kölbel wrote:


but what lets me puzzled is, that it worked on other owncloud
installations.
(Here is a running version 8.2, which does definitively not have this
problem)

owncloud != owncloud?

Kind regards
Cornelius

Am Donnerstag, den 07.01.2016, 19:46 +0100 schrieb Cornelius Kölbel:

Very cool. Thanks you!

I just closed your pull request, since it does not make sense in the 2.8
branch.
As mentioned, please merge into master.

Thanks a lot!
Cornelius

Am Donnerstag, den 07.01.2016, 09:03 -0800 schrieb Sam Marsh:

Fixed it - woohoo.

Modified app.php to use:

    if(OCP\App::isEnabled('user_privacyidea')) { 

so it looks like:

    <?php 
    \OCP\App::registerAdmin('user_privacyidea', 'adminSettings'); 
    
    
    OC::$CLASSPATH['OC_User_PRIVACYIDEA'] = 
    'apps/user_privacyidea/lib/otp_privacyidea.php'; 
    
    
    if(OCP\App::isEnabled('user_privacyidea')) { 
        OCP\Util::writeLog('user_privacyidea', 'privacyIDEA is 
    enabled', 
        OCP\Util::DEBUG); 
    
    
        $usedBackends = OC_User::getUsedBackends(); 
        OC_User::clearBackends(); 
        $piBackend = new OC_User_PRIVACYIDEA(); 
        // register all previously used backend 
        $piBackend->registerBackends($usedBackends); 
        // register our own user backend 
        OC_User::useBackend($piBackend); 
    
    
    } else { 
        OCP\Util::writeLog('user_privacyidea', 'privacyIDEA is 
    disabled: '.$enabled, OCP\Util::DEBUG); 
    } 

–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit

https://groups.google.com/d/msgid/privacyidea/7b03d7b7-969f-496d-ac51-7dc5b659f801%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

–
Cornelius Kölbel
corneliu
@netknights.it <javascript:>
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
GeschĂ€ftsfĂŒhrer: Cornelius Kölbel

–
Cornelius Kölbel
corneliu
@netknights.it <javascript:>
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
GeschĂ€ftsfĂŒhrer: Cornelius Kölbel

Hi Sam,

no problem. THanks a lot for the code anyway.
You mixed up the branches, but I will put this code in


Kind regards
CorneliusAm Montag, den 11.01.2016, 01:29 -0800 schrieb Sam Marsh:

Yeah - ihni why its returning different, but its definitely that
snippet of code that is the smoking gun. I’ve resubmitted the pull
request, although i’ve never used github / git in anger, so i suspect
ive done it wrong again :slight_smile: Apologies in advance!

On Thursday, January 7, 2016 at 6:48:02 PM UTC, Cornelius Kölbel wrote:

but what lets me puzzled is, that it worked on other
owncloud
installations.
(Here is a running version 8.2, which does definitively not
have this
problem)

    owncloud != owncloud? 
    
    Kind regards 
    Cornelius 
    
    
    Am Donnerstag, den 07.01.2016, 19:46 +0100 schrieb Cornelius
    Kölbel: 
    > Very cool. Thanks you! 
    > 
    > I just closed your pull request, since it does not make
    sense in the 2.8 
    > branch. 
    > As mentioned, please merge into master. 
    > 
    > Thanks a lot! 
    > Cornelius 
    > 
    > Am Donnerstag, den 07.01.2016, 09:03 -0800 schrieb Sam
    Marsh: 
    > > Fixed it  - woohoo. 
    > > 
    > > 
    > > Modified app.php to use: 
    > > 
    > > 
    > >         if(OCP\App::isEnabled('user_privacyidea')) { 
    > > 
    > > 
    > > so it looks like: 
    > > 
    > > 
    > >         <?php 
    > >         \OCP\App::registerAdmin('user_privacyidea',
    'adminSettings'); 
    > >         
    > >         
    > >         OC::$CLASSPATH['OC_User_PRIVACYIDEA'] = 
    > >         'apps/user_privacyidea/lib/otp_privacyidea.php'; 
    > >         
    > >         
    > >         if(OCP\App::isEnabled('user_privacyidea')) { 
    > >             OCP\Util::writeLog('user_privacyidea',
    'privacyIDEA is 
    > >         enabled', 
    > >             OCP\Util::DEBUG); 
    > >         
    > >         
    > >             $usedBackends = OC_User::getUsedBackends(); 
    > >             OC_User::clearBackends(); 
    > >             $piBackend = new OC_User_PRIVACYIDEA(); 
    > >             // register all previously used backend 
    > >             $piBackend->registerBackends($usedBackends); 
    > >             // register our own user backend 
    > >             OC_User::useBackend($piBackend); 
    > >         
    > >         
    > >         } else { 
    > >             OCP\Util::writeLog('user_privacyidea',
    'privacyIDEA is 
    > >         disabled: '.$enabled, OCP\Util::DEBUG); 
    > >         } 
    > > -- 
    > > You received this message because you are subscribed to
    the Google 
    > > Groups "privacyidea" group. 
    > > To unsubscribe from this group and stop receiving emails
    from it, send 
    > > an email to privacyidea...@googlegroups.com. 
    > > To post to this group, send email to
    priva...@googlegroups.com. 
    > > To view this discussion on the web visit 
    > >
    https://groups.google.com/d/msgid/privacyidea/7b03d7b7-969f-496d-ac51-7dc5b659f801%40googlegroups.com. 
    > > For more options, visit
    https://groups.google.com/d/optout. 
    > 
    > -- 
    > Cornelius Kölbel 
    > corneliu...@netknights.it 
    > +49 151 2960 1417 
    > 
    > NetKnights GmbH 
    > http://www.netknights.it 
    > Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
    > Tel: +49 561 3166797, Fax: +49 561 3166798 
    > 
    > Amtsgericht Kassel, HRB 16405 
    > GeschĂ€ftsfĂŒhrer: Cornelius Kölbel 
    > 
    > 
    
    -- 
    Cornelius Kölbel 
    corneliu...@netknights.it 
    +49 151 2960 1417 
    
    NetKnights GmbH 
    http://www.netknights.it 
    Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
    Tel: +49 561 3166797, Fax: +49 561 3166798 
    
    Amtsgericht Kassel, HRB 16405 
    GeschĂ€ftsfĂŒhrer: Cornelius Kölbel 

–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/74f24446-2c0d-4a74-a5bb-5c273d2db698%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
GeschĂ€ftsfĂŒhrer: Cornelius Kölbel

signature.asc (836 Bytes)

Hi Sam,

I think I just found the original problem:

The code

$enabled = OCP\Config::getAppValue(‘privacyIDEA’,‘enable_privacyidea’);
if($enabled === “yes”) {

referred to the privacyIDEA setting of the checkbox
“Use privacyIDEA to authenticate the users.”
I.e. even if the App privacyIDEA is enabled, you can disable privacyIDEA
authentication. This was the idea of testing the system.

Your code

if(OCP\App::isEnabled(‘user_privacyidea’)) {

refers to, if the App itself is activate.
But - when OC hits this code - it will always be true, otherwise it
would not be executed.

So the question is, what is saved in your database, when you click the
checkbox “User privacyidea to authenticate the users.”

Please take a look at the table “oc_appconfig”.

You should see an entry:

appid = “privacyIDEA”
configkey = “enable_privacyidea”
configvalue = “yes”

And I assume that you have something different than configvalue=“yes”.

Thanks a lot and kind regards
CorneliusAm Montag, den 11.01.2016, 01:57 -0800 schrieb Sam Marsh:

:slight_smile: No problem, happy to help with this great project - even if i am a
product manager and not a developer :x

mit freundlichen GrĂŒĂŸen,
Sam

On Monday, January 11, 2016 at 9:53:24 AM UTC, Cornelius Kölbel wrote:
Hi Sam,

    no problem. THanks a lot for the code anyway. 
    You mixed up the branches, but I will put this code in... 
    
    Kind regards 
    Cornelius 
    
    Am Montag, den 11.01.2016, 01:29 -0800 schrieb Sam Marsh: 
    > Yeah - ihni why its returning different, but its definitely
    that 
    > snippet of code that is the smoking gun. I've resubmitted
    the pull 
    > request, although i've never used github / git in anger, so
    i suspect 
    > ive done it wrong again :) Apologies in advance! 
    > 
    > On Thursday, January 7, 2016 at 6:48:02 PM UTC, Cornelius Kölbel  wrote: 
    >         ...but what lets me puzzled is, that it worked on
    other 
    >         owncloud 
    >         installations. 
    >         (Here is a running version 8.2, which does
    definitively not 
    >         have this 
    >         problem) 
    >         
    >         owncloud != owncloud? 
    >         
    >         Kind regards 
    >         Cornelius 
    >         
    >         
    >         Am Donnerstag, den 07.01.2016, 19:46 +0100 schrieb
    Cornelius 
    >         Kölbel: 
    >         > Very cool. Thanks you! 
    >         > 
    >         > I just closed your pull request, since it does not
    make 
    >         sense in the 2.8 
    >         > branch. 
    >         > As mentioned, please merge into master. 
    >         > 
    >         > Thanks a lot! 
    >         > Cornelius 
    >         > 
    >         > Am Donnerstag, den 07.01.2016, 09:03 -0800 schrieb
    Sam 
    >         Marsh: 
    >         > > Fixed it  - woohoo. 
    >         > > 
    >         > > 
    >         > > Modified app.php to use: 
    >         > > 
    >         > > 
    >         > >         if(OCP
    \App::isEnabled('user_privacyidea')) { 
    >         > > 
    >         > > 
    >         > > so it looks like: 
    >         > > 
    >         > > 
    >         > >         <?php 
    >         > >         \OCP
    \App::registerAdmin('user_privacyidea', 
    >         'adminSettings'); 
    >         > >         
    >         > >         
    >         > >         OC::$CLASSPATH['OC_User_PRIVACYIDEA'] = 
    >         > >
    'apps/user_privacyidea/lib/otp_privacyidea.php'; 
    >         > >         
    >         > >         
    >         > >         if(OCP
    \App::isEnabled('user_privacyidea')) { 
    >         > >             OCP
    \Util::writeLog('user_privacyidea', 
    >         'privacyIDEA is 
    >         > >         enabled', 
    >         > >             OCP\Util::DEBUG); 
    >         > >         
    >         > >         
    >         > >             $usedBackends =
    OC_User::getUsedBackends(); 
    >         > >             OC_User::clearBackends(); 
    >         > >             $piBackend = new
    OC_User_PRIVACYIDEA(); 
    >         > >             // register all previously used
    backend 
    >         > >
    $piBackend->registerBackends($usedBackends); 
    >         > >             // register our own user backend 
    >         > >             OC_User::useBackend($piBackend); 
    >         > >         
    >         > >         
    >         > >         } else { 
    >         > >             OCP
    \Util::writeLog('user_privacyidea', 
    >         'privacyIDEA is 
    >         > >         disabled: '.$enabled, OCP\Util::DEBUG); 
    >         > >         } 
    >         > > -- 
    >         > > You received this message because you are
    subscribed to 
    >         the Google 
    >         > > Groups "privacyidea" group. 
    >         > > To unsubscribe from this group and stop
    receiving emails 
    >         from it, send 
    >         > > an email to privacyidea...@googlegroups.com. 
    >         > > To post to this group, send email to 
    >         priva...@googlegroups.com. 
    >         > > To view this discussion on the web visit 
    >         > > 
    >
    https://groups.google.com/d/msgid/privacyidea/7b03d7b7-969f-496d-ac51-7dc5b659f801%40googlegroups.com. 
    >         > > For more options, visit 
    >         https://groups.google.com/d/optout. 
    >         > 
    >         > -- 
    >         > Cornelius Kölbel 
    >         > corneliu...@netknights.it 
    >         > +49 151 2960 1417 
    >         > 
    >         > NetKnights GmbH 
    >         > http://www.netknights.it 
    >         > Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
    >         > Tel: +49 561 3166797, Fax: +49 561 3166798 
    >         > 
    >         > Amtsgericht Kassel, HRB 16405 
    >         > GeschĂ€ftsfĂŒhrer: Cornelius Kölbel 
    >         > 
    >         > 
    >         
    >         -- 
    >         Cornelius Kölbel 
    >         corneliu...@netknights.it 
    >         +49 151 2960 1417 
    >         
    >         NetKnights GmbH 
    >         http://www.netknights.it 
    >         Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
    >         Tel: +49 561 3166797, Fax: +49 561 3166798 
    >         
    >         Amtsgericht Kassel, HRB 16405 
    >         GeschĂ€ftsfĂŒhrer: Cornelius Kölbel 
    >         
    >         
    > -- 
    > You received this message because you are subscribed to the
    Google 
    > Groups "privacyidea" group. 
    > To unsubscribe from this group and stop receiving emails
    from it, send 
    > an email to privacyidea...@googlegroups.com. 
    > To post to this group, send email to
    priva...@googlegroups.com. 
    > To view this discussion on the web visit 
    >
    https://groups.google.com/d/msgid/privacyidea/74f24446-2c0d-4a74-a5bb-5c273d2db698%40googlegroups.com. 
    > For more options, visit https://groups.google.com/d/optout. 
    
    -- 
    Cornelius Kölbel 
    corneliu...@netknights.it 
    +49 151 2960 1417 
    
    NetKnights GmbH 
    http://www.netknights.it 
    Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
    Tel: +49 561 3166797, Fax: +49 561 3166798 
    
    Amtsgericht Kassel, HRB 16405 
    GeschĂ€ftsfĂŒhrer: Cornelius Kölbel 

–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/fcf7d4f6-c21c-4a53-a49f-a134f887365a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
GeschĂ€ftsfĂŒhrer: Cornelius Kölbel

signature.asc (836 Bytes)