Rlm_perl and JSON decoding


I’ve successfully installed my privacyIDEA instance on Debian 9, test authentication is OK from the web interface but I have an issue regarding JSON decoding in Freeradius (3.0.12).
Authentication seems to be OK, but Freeradius is unable to decode JSON response (I’ve added an output of the exception at the end of the try/catch part in the source code)

rlm_perl: Config File /etc/privacyidea/rlm_perl.ini found!
rlm_perl: Debugging config: true
rlm_perl: Default URL https://localhost/validate/check
rlm_perl: Looking for config for auth-type perl
rlm_perl: RAD_REQUEST: Event-Timestamp = Aug 14 2017 17:51:17 CEST
rlm_perl: RAD_REQUEST: Service-Type = Authenticate-Only
rlm_perl: RAD_REQUEST: User-Name = root
rlm_perl: RAD_REQUEST: User-Password = XXXX115792
rlm_perl: RAD_REQUEST: NAS-Identifier = su
rlm_perl: RAD_REQUEST: NAS-Port = 11594
rlm_perl: RAD_REQUEST: NAS-IP-Address =
rlm_perl: RAD_REQUEST: NAS-Port-Type = Virtual
rlm_perl: Auth-Type: perl
rlm_perl: url: https://localhost/validate/check
rlm_perl: user sent to privacyidea: root
rlm_perl: realm sent to privacyidea: realm1
rlm_perl: resolver sent to privacyidea: pwdsource
rlm_perl: client sent to privacyidea:
rlm_perl: state sent to privacyidea:
rlm_perl: urlparam realm = realm1
rlm_perl: urlparam client =
rlm_perl: urlparam resConf = pwdsource
rlm_perl: urlparam user = root
rlm_perl: urlparam pass = XXXX115792
rlm_perl: Request timeout: 10
rlm_perl: Not verifying SSL certificate!
rlm_perl: Content {“jsonrpc”: “2.0”, “signature”: “18365512362869151066958281934427771350595122712630370762297526294073079622782110161964183445601344238857180181056313258482684695264839901938889284467103901597081310075076385423330218922173686107875037170036355033992033665440531781231398049229715753156503890746147743372448884080985511803066180718495540184424425955465436432696366981518971749665936262609686059380486503329744899898010432231964474563785766039710255588623405673073879126096813694181290967353886816981446104649938601805310618054548142786746217413195645856418334057036537294901535101895752747793085003677874577453058625111006603958884454069501839162198033”, “detail”: {“message”: “matching 1 tokens”, “type”: “totp”, “serial”: “TOTP0001BFD3”, “otplen”: 6, “threadid”: 140196425828096}, “versionnumber”: “2.19.1”, “version”: “privacyIDEA 2.19.1”, “result”: {“status”: true, “value”: true}, “time”: 1502725877.978869, “id”: 1}
rlm_perl: Can not parse response from privacyIDEA.
rlm_perl: JSON text must be an object or array (but found number, string, true, false or null, use allow_nonref to allow this) at /opt/privacyidea/lib/privacyidea/authmodules/FreeRADIUS/privacyidea_radius.pm line 388.
rlm_perl: return RLM_MODULE_REJECT
SOFT ASSERT FAILED src/modules/rlm_perl/rlm_perl.c[703]: *vps
(0) perl: &request:Event-Timestamp = $RAD_REQUEST{‘Event-Timestamp’} -> ‘Aug 14 2017 17:51:17 CEST’
(0) perl: &request:Service-Type = $RAD_REQUEST{‘Service-Type’} -> ‘Authenticate-Only’
(0) perl: &request:User-Name = $RAD_REQUEST{‘User-Name’} -> ‘root’
(0) perl: &request:User-Password = $RAD_REQUEST{‘User-Password’} -> ‘XXXX115792’
(0) perl: &request:NAS-Identifier = $RAD_REQUEST{‘NAS-Identifier’} -> ‘su’
(0) perl: &request:NAS-Port = $RAD_REQUEST{‘NAS-Port’} -> ‘11594’
(0) perl: &request:NAS-IP-Address = $RAD_REQUEST{‘NAS-IP-Address’} -> ‘’
(0) perl: &request:NAS-Port-Type = $RAD_REQUEST{‘NAS-Port-Type’} -> 'Virtual’
SOFT ASSERT FAILED src/modules/rlm_perl/rlm_perl.c[703]: *vps

There is no data about the compatiblity of FreeRADIUS 3!

I realize this is an old post, but I ran into this same issue and figured out the problem.

There is apparently an issue regarding the JSON::XS perl module and the threading used by the Freeradius perl backend.

The fix is to configure the JSON perl module to use a different json backend, such as Cpanel::JSON::XS or JSON::PP

This can be configured via an environment variable:


In Ubuntu or Debian, the environment can be modified in the file /etc/default/freeradius

Solution was found here: https://stackoverflow.com/questions/46793885/perl-json-fails-if-a-thread-is-started

1 Like

I think we fixed this in:

Should be available in release v3.1.