During setup of the useridresolver, after filling in my MySQL DB information and clicking ‘Test SQLResolver’ I receive ‘500 Internal Server Error: The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application’
PrivacyIDEA is the latest version running on Ubuntu 18.04
The Wordpress installation is running on Server 2019 Core with MySQL v8.0.19
I can access the MySQL server remotely from any host
The Wordpress site is accessible.
The site is sat behind HAProxy for SSL offload purposes.
I was previously using the Duo Wordpress plugin, but this is currently deactivated.
I don’t see anything pertaining to the issue in the IIS logs.
I have resolved this issue now - turns out, I should have left the default ‘driver’ setting as the default one (instead of ‘mysql’ as stated in the guide), as using ‘mysql’ resulted in:-
ModuleNotFoundError: No module named ‘MySQLdb’ in my privacyidea.log. Doh!
I’ve managed to get the wordpress setup configured correctly on my PrivacyIDEA server (at least I think so!)
If I test the token generated for my user in PrivacyIDEA it comes back successful. I also created a policy to ensure otppin is set to ‘userstore’.
After installing the PrivacyIDEA Wordpress plugin and setting my server URL as ‘https://myserverip’ the settings are saved.
If I try to login to Wordpress admin I get a ‘username or password incorrect’ I am typing the password along with the TOTP code generated by AndOTP.
Interestingly, I don’t see anything in my privacyidea.log - so I assume the URL format isn’t correct or the plugin isn’t properly communicating with my PrivacyIDEA server.
Wordpress is on a seperate server to my PrivacyIDEA server.
They are both on the same network and can ping each other etc.
Wordpress version is 5.4
Also - When configuring the plugin, I’ve noticed that setting the URL to https://privacyserverip results in a ’ Faulty authentication server configuration’ If I click ‘save’ again it saves. What is the correct URL format for PrivacyIDEA 3.3?
I do not know. To my knowledge the latest wordpress version is 5.5?
I was previously asking for the web server log files of the privacyIDEA server.
It can be that the wordpress sends a request to the privacyIDEA server, but the application is not able to process the request on a lower level. Thus you will not see the request in the application (privacyidea) and you will get no response. But you might see an error in the webserver log or in the webserver error log.
@cornelinux - There is no firewall running on the Windows 2019 Core server.
Get-NetfirewallProfile shows all as disabled.
Ubuntu 18.04 server has no firewall enabled.
The only thing I can think of is that PrivacyIDEA is using a self-signed certificate. Although I’d assume that the ‘verify certificate’ setting for the Wordpress plugin would get around that.
I can certainly assign a LetsEncrypt certificate to Apache2 if it will help.
How exactly does the Wordpress plugin communicate with PrivacyIDEA?
@cornelinux - According to most of the documentation I’ve read all required PHP modules are enabled. I’ve verified using PHP Manager for IIS 10.
I have also setup a proper certificate now using LetsEncrypt for the PrivacyIDEA site.
I’ve now enabled debug logging for Wordpress. Here is the error upon attempting to login after configuring the plugin.
[01-May-2020 00:01:52 UTC] PHP Notice: Trying to get property 'result' of non-object in C:\inetpub\wwwroot\Apollon Blog Site\wp-content\plugins\strong-authentication\strong-authentication.php on line 78
If I take a look at ‘strong-authentication.php’ line 78 is the following:-
$result = $body->result->value;
Also - When activating the plugin in Wordpress, I see the following in my debug.log.
The plugin generated 1008 characters of unexpected output during activation. If you notice “ headers already sent ” messages, problems with syndication feeds or other issues, try deactivating or removing this plugin.
Take a look at it. You should have seen something earlier when looking at the privacyidea.log or apache error log. But pasting one line of log is a cumbersome way of communitcating.
[Fri May 01 06:25:04.661509 2020] [ssl:warn] [pid 5045:tid 140050649115584] AH01909: localhost:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 01 06:25:04.664031 2020] [mpm_event:notice] [pid 5045:tid 140050649115584] AH00489: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.1 mod_wsgi/4.5.17 Python/3.6 configured – resuming normal operations
[Fri May 01 06:25:04.664124 2020] [core:notice] [pid 5045:tid 140050649115584] AH00094: Command line: ‘/usr/sbin/apache2’
[Fri May 01 06:25:13.685021 2020] [wsgi:error] [pid 32722:tid 140050520344320] The configuration name is: production
[Fri May 01 06:25:13.685152 2020] [wsgi:error] [pid 32722:tid 140050520344320] Additional configuration will be read from the file /etc/privacyidea/pi.cfg
[Fri May 01 06:25:13.872866 2020] [wsgi:error] [pid 32722:tid 140050520344320] Using PI_LOGLEVEL and PI_LOGFILE.
[Fri May 01 06:25:13.872966 2020] [wsgi:error] [pid 32722:tid 140050520344320] Using PI_LOGLEVEL 20.
[Fri May 01 06:25:13.872989 2020] [wsgi:error] [pid 32722:tid 140050520344320] Using PI_LOGFILE /var/log/privacyidea/privacyidea.log.