Push Tokens + Apache

I’m having trouble getting the push tokens to work,

we are currently running a couple of reverseproxies that use the Apache2 auth module:

Before we had it set up for TOTP based tokens, so when opening a site the user needs to enter their username and then pin+token and that was it.

Now I confgured push tokens, and when entering the username + pin from the push token I get the push notification in the Privacyidea app, but the browsers auth window just comes again. I guess because the module expects the challenge response right away instead of waiting for the user.

Alternatively we also use simplesamlphp and the simplesamlphp privacyidea module for our SAML enabled sites. But here I also enter the PIN, the push notification comes, but the login page is reloaded.

Is there something special that we need to change in the config to make this work?

Push can not work with basic auth in apache.

See “authentication modes” in the docs.
You might want to take a look at the policy “push wait”.

ok thats too bad.

We could switch all of our sites to use saml, and the module supposedly also supports push tokens, but it’s currently broken :frowning: