PrivacyIDEA 500 Internal Server Error Wordpress DB

Hi guys - I’m following the guide https://www.howtoforge.com/secure-wordpress-login-with-two-factor-authentication-using-privacyidea.

During setup of the useridresolver, after filling in my MySQL DB information and clicking ‘Test SQLResolver’ I receive ‘500 Internal Server Error: The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application’

PrivacyIDEA is the latest version running on Ubuntu 18.04
The Wordpress installation is running on Server 2019 Core with MySQL v8.0.19

I can access the MySQL server remotely from any host
The Wordpress site is accessible.
The site is sat behind HAProxy for SSL offload purposes.
I was previously using the Duo Wordpress plugin, but this is currently deactivated.
I don’t see anything pertaining to the issue in the IIS logs.

Any help would be greatly appreciated

Chris

I have resolved this issue now - turns out, I should have left the default ‘driver’ setting as the default one (instead of ‘mysql’ as stated in the guide), as using ‘mysql’ resulted in:-

ModuleNotFoundError: No module named ‘MySQLdb’ in my privacyidea.log. Doh!

I’ve managed to get the wordpress setup configured correctly on my PrivacyIDEA server (at least I think so!)

If I test the token generated for my user in PrivacyIDEA it comes back successful. I also created a policy to ensure otppin is set to ‘userstore’.

After installing the PrivacyIDEA Wordpress plugin and setting my server URL as ‘https://myserverip’ the settings are saved.

If I try to login to Wordpress admin I get a ‘username or password incorrect’ I am typing the password along with the TOTP code generated by AndOTP.

Interestingly, I don’t see anything in my privacyidea.log - so I assume the URL format isn’t correct or the plugin isn’t properly communicating with my PrivacyIDEA server.

Wordpress is on a seperate server to my PrivacyIDEA server.
They are both on the same network and can ping each other etc.
Wordpress version is 5.4

Many thanks

You probably need to set the database driver to mysql+pymysql.
(Or install the corresponding package in the python virtualenv under /opt/privacyidea)

Take a look in the apache server log.

Have you configured “Do not veriy ssl certificate”?

Hi @cornelinux - Many thanks for the response.

The server is running IIS 10 - I’ll have another look over the logs

‘Do not verify ssl certificate’ is unchecked.

Hi @cornelinux - This is all that is written to the IIS logs for the site.

2020-04-27 22:11:37 clientip POST /wp-login.php - 80 - serverip Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/81.0.4044.122+Safari/537.36 https://somedomain.com/wp-login.php 200 0 0 1291

Also - When configuring the plugin, I’ve noticed that setting the URL to https://privacyserverip results in a ’ Faulty authentication server configuration’ If I click ‘save’ again it saves. What is the correct URL format for PrivacyIDEA 3.3?

Maybe you should check it…

@henry That setting makes no difference off or on when testing.

That - and also no logs - means the request for authentication never arrives at the PI server…

Does the plugin work with Wordpress 5.5?

I noticed it hasn’t been updated in 9 months.

I do not know. To my knowledge the latest wordpress version is 5.5?

I was previously asking for the web server log files of the privacyIDEA server.
It can be that the wordpress sends a request to the privacyIDEA server, but the application is not able to process the request on a lower level. Thus you will not see the request in the application (privacyidea) and you will get no response. But you might see an error in the webserver log or in the webserver error log.

Take a look there!

Hi @cornelinux - The latest version of Wordpress is indeed 5.5.

My apologies, here is the ‘other_vhosts_access.log’ atthe time when I attempt to login to Wordpress.

privacyideahost:80 192.168.5.168 - - [28/Apr/2020:14:54:03 +0000] "POST /validate/check HTTP/1.1" 404 436 "-" "Wordpress"

I’ll see this in the log when the Wordpress plugin is set to http://ipofprivacyserver

If I set the Wordpress plugin to https://ipofprivacyserver I see nothing in the logs

There is nothing written to the access.log or error.log in /var/log/apache2/

Kind Regards

https problem.

  • certificate
  • firewall…

who knows what.

It is always a good idea to look into the web server error log!

https://www.privacyidea.org/getting-help/

@cornelinux - There is no firewall running on the Windows 2019 Core server.

Get-NetfirewallProfile shows all as disabled.

Ubuntu 18.04 server has no firewall enabled.

The only thing I can think of is that PrivacyIDEA is using a self-signed certificate. Although I’d assume that the ‘verify certificate’ setting for the Wordpress plugin would get around that.

I can certainly assign a LetsEncrypt certificate to Apache2 if it will help.

How exactly does the Wordpress plugin communicate with PrivacyIDEA?

Many thanks

This way:
https://github.com/privacyidea/wordpress-strong-authentication/blob/master/strong-authentication.php#L56

Sorry: current repo

It issues an http request to privacyidea.
So for some reason your windows machine is not willing to issue the request.

Maybe some php modules are missing?
Have you checked the wordpress log?

@cornelinux - According to most of the documentation I’ve read all required PHP modules are enabled. I’ve verified using PHP Manager for IIS 10.

I have also setup a proper certificate now using LetsEncrypt for the PrivacyIDEA site.

I’ve now enabled debug logging for Wordpress. Here is the error upon attempting to login after configuring the plugin.

[01-May-2020 00:01:52 UTC] PHP Notice:  Trying to get property 'result' of non-object in C:\inetpub\wwwroot\Apollon Blog Site\wp-content\plugins\strong-authentication\strong-authentication.php on line 78

If I take a look at ‘strong-authentication.php’ line 78 is the following:-

$result = $body->result->value;

Also - When activating the plugin in Wordpress, I see the following in my debug.log.

The plugin generated 1008 characters of unexpected output during activation. If you notice “ headers already sent ” messages, problems with syndication feeds or other issues, try deactivating or removing this plugin.

Many thanks

You receive a wrong $body.

Take a look at it. You should have seen something earlier when looking at the privacyidea.log or apache error log. But pasting one line of log is a cumbersome way of communitcating.

Hi @cornelinux - Here are all the complete logs.

error.log

[Fri May 01 06:25:04.661509 2020] [ssl:warn] [pid 5045:tid 140050649115584] AH01909: localhost:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 01 06:25:04.664031 2020] [mpm_event:notice] [pid 5045:tid 140050649115584] AH00489: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.1 mod_wsgi/4.5.17 Python/3.6 configured – resuming normal operations
[Fri May 01 06:25:04.664124 2020] [core:notice] [pid 5045:tid 140050649115584] AH00094: Command line: ‘/usr/sbin/apache2’
[Fri May 01 06:25:13.685021 2020] [wsgi:error] [pid 32722:tid 140050520344320] The configuration name is: production
[Fri May 01 06:25:13.685152 2020] [wsgi:error] [pid 32722:tid 140050520344320] Additional configuration will be read from the file /etc/privacyidea/pi.cfg
[Fri May 01 06:25:13.872866 2020] [wsgi:error] [pid 32722:tid 140050520344320] Using PI_LOGLEVEL and PI_LOGFILE.
[Fri May 01 06:25:13.872966 2020] [wsgi:error] [pid 32722:tid 140050520344320] Using PI_LOGLEVEL 20.
[Fri May 01 06:25:13.872989 2020] [wsgi:error] [pid 32722:tid 140050520344320] Using PI_LOGFILE /var/log/privacyidea/privacyidea.log.

ssl_access.log

192.168.5.1 - - [01/May/2020:18:36:40 +0000] 200 “OPTIONS / HTTP/1.0” - “-” “-”
192.168.5.1 - - [01/May/2020:18:36:41 +0000] 200 “OPTIONS / HTTP/1.0” - “-” “-”
192.168.5.1 - - [01/May/2020:18:36:42 +0000] 200 “OPTIONS / HTTP/1.0” - “-” “-”
192.168.5.1 - - [01/May/2020:18:36:43 +0000] 200 “OPTIONS / HTTP/1.0” - “-” “-”
192.168.5.1 - - [01/May/2020:18:36:44 +0000] 200 “OPTIONS / HTTP/1.0” - “-” “-”
192.168.5.1 - - [01/May/2020:18:36:45 +0000] 200 “OPTIONS / HTTP/1.0” - “-” “-”
192.168.5.1 - - [01/May/2020:18:36:46 +0000] 200 “OPTIONS / HTTP/1.0” - “-” “-”
192.168.5.1 - - [01/May/2020:18:36:47 +0000] 200 “OPTIONS / HTTP/1.0” - “-” “-”
192.168.5.1 - - [01/May/2020:18:36:48 +0000] 200 “OPTIONS / HTTP/1.0” - “-” “-”
192.168.5.1 - - [01/May/2020:18:36:49 +0000] 200 “OPTIONS / HTTP/1.0” - “-” “-”
192.168.5.1 - - [01/May/2020:18:36:50 +0000] 200 “OPTIONS / HTTP/1.0” - “-” “-”
192.168.5.1 - - [01/May/2020:18:36:51 +0000] 200 “OPTIONS / HTTP/1.0” - “-” “-”
192.168.5.1 - - [01/May/2020:18:36:52 +0000] 200 “OPTIONS / HTTP/1.0” - “-” “-”
192.168.5.1 - - [01/May/2020:18:36:53 +0000] 200 “OPTIONS / HTTP/1.0” - “-” “-”
192.168.5.1 - - [01/May/2020:18:36:54 +0000] 200 “OPTIONS / HTTP/1.0” - “-” “-”
192.168.5.1 - - [01/May/2020:18:36:55 +0000] 200 “OPTIONS / HTTP/1.0” - “-” “-”
192.168.5.1 - - [01/May/2020:18:36:56 +0000] 200 “OPTIONS / HTTP/1.0” - “-” “-”
192.168.5.1 - - [01/May/2020:18:36:57 +0000] 200 “OPTIONS / HTTP/1.0” - “-” “-”
192.168.5.1 - - [01/May/2020:18:36:58 +0000] 200 “OPTIONS / HTTP/1.0” - “-” “-”
192.168.5.1 - - [01/May/2020:18:36:59 +0000] 200 “OPTIONS / HTTP/1.0” - “-” “-”
192.168.5.1 - - [01/May/2020:18:37:00 +0000] 200 “OPTIONS / HTTP/1.0” - “-” “-”
192.168.5.1 - - [01/May/2020:18:37:01 +0000] 200 “OPTIONS / HTTP/1.0” - “-” “-”
192.168.5.1 - - [01/May/2020:18:37:02 +0000] 200 “OPTIONS / HTTP/1.0” - “-” “-”
192.168.5.1 - - [01/May/2020:18:37:03 +0000] 200 “OPTIONS / HTTP/1.0” - “-” “-”
192.168.5.1 - - [01/May/2020:18:37:04 +0000] 200 “OPTIONS / HTTP/1.0” - “-” “-”
192.168.5.1 - - [01/May/2020:18:37:05 +0000] 200 “OPTIONS / HTTP/1.0” - “-” “-”
192.168.5.1 - - [01/May/2020:18:37:06 +0000] 200 “OPTIONS / HTTP/1.0” - “-” “-”
192.168.5.1 - - [01/May/2020:18:37:07 +0000] 200 “OPTIONS / HTTP/1.0” - “-” “-”
192.168.5.1 - - [01/May/2020:18:37:08 +0000] 200 “OPTIONS / HTTP/1.0” - “-” “-”
192.168.5.1 - - [01/May/2020:18:37:09 +0000] 200 “OPTIONS / HTTP/1.0” - “-” “-”

privacyidea.log

[2020-04-30 08:04:25,191][29969][140050511951616][INFO][privacyidea.lib.pooling:119] Created a new engine registry: <privacyidea.lib.pooling.SharedEngineRegistry object at 0x7f5feef16eb8>
[2020-04-30 08:04:25,191][29969][140050511951616][INFO][privacyidea.lib.pooling:84] Creating a new engine and connection pool for key sqlaudit
[2020-05-01 05:56:17,899][29969][140050520344320][INFO][privacyidea.lib.tokens.vasco:56] PI_VASCO_LIBRARY option is not set, functionality disabled
[2020-05-01 05:56:18,700][29969][140050511951616][INFO][privacyidea.lib.pooling:84] Creating a new engine and connection pool for key sql.4d1cefa0e0fec6e7ab02ee05c4adc59b60543a7d
[2020-05-01 05:56:18,701][29969][140050511951616][INFO][privacyidea.lib.resolvers.SQLIdResolver:557] using the connect string mysql+pymysql://root:xxxx@192.168.5.168:3306/blog
[2020-05-01 06:25:14,090][32722][140050419631872][INFO][privacyidea.lib.crypto:781] initializing HSM class: <class ‘privacyidea.lib.security.default.DefaultSecurityModule’>
[2020-05-01 06:25:14,091][32722][140050411230976][INFO][privacyidea.lib.crypto:781] initializing HSM class: <class ‘privacyidea.lib.security.default.DefaultSecurityModule’>
[2020-05-01 06:25:14,091][32722][140050402830080][INFO][privacyidea.lib.crypto:781] initializing HSM class: <class ‘privacyidea.lib.security.default.DefaultSecurityModule’>
[2020-05-01 06:25:14,091][32722][140050428024576][INFO][privacyidea.lib.crypto:781] initializing HSM class: <class ‘privacyidea.lib.security.default.DefaultSecurityModule’>
[2020-05-01 06:25:14,092][32722][140050428024576][INFO][privacyidea.lib.crypto:220] Initialized HSM object {‘obj’: <privacyidea.lib.security.default.DefaultSecurityModule object at 0x7f5feacdf518>}
[2020-05-01 06:25:14,092][32722][140050402830080][INFO][privacyidea.lib.crypto:220] Initialized HSM object {‘obj’: <privacyidea.lib.security.default.DefaultSecurityModule object at 0x7f5feacdff60>}
[2020-05-01 06:25:14,092][32722][140050411230976][INFO][privacyidea.lib.crypto:220] Initialized HSM object {‘obj’: <privacyidea.lib.security.default.DefaultSecurityModule object at 0x7f5feacddb38>}
[2020-05-01 06:25:14,096][32722][140050520344320][INFO][privacyidea.lib.crypto:781] initializing HSM class: <class ‘privacyidea.lib.security.default.DefaultSecurityModule’>
[2020-05-01 06:25:14,107][32722][140050520344320][INFO][privacyidea.lib.crypto:220] Initialized HSM object {‘obj’: <privacyidea.lib.security.default.DefaultSecurityModule object at 0x7f5fead12898>}
[2020-05-01 06:25:14,104][32722][140050419631872][INFO][privacyidea.lib.crypto:220] Initialized HSM object {‘obj’: <privacyidea.lib.security.default.DefaultSecurityModule object at 0x7f5fead22908>}