I am trying to set up OTP for logging to a webserver set with Apache2.
The server is actually a mail server, with postfix and dovecot, on a debian.
I have succesfully set up privacyIDEA and can enroll tokens to users in my passwd file. Token testing goes ok.
But i cannot set up OTP to prompt me to enter it when trying to login to my webmail. Is it possible? I cannot figure it out. thank you for any responses.
Examples on form-login are in the apache documentation.
Then put privacyidea_apache.py in place, it comes from https://raw.githubusercontent.com/privacyidea/privacyidea/< version-number >/authmodules/apache2/privacyidea_apache.py.
Configure the privacyidea server location in /etc/privacyidea/apache.conf:
Or sslverify = False if you are not using valid certs. Don’t forget to install redis and some other rquirements: apt-get install redis-server python3-redis python3-passlib
So, I have added the lines in my apache.conf and now when I acces my webmail url it prompts me with a new login pop-up, but after I enter some credentials it return me with an internal server error.
privacyIDEA console returns a HTTPStatus.Bad_request and my apache error.log return me the following traceback:
Traceback (most recent call last):
File "/usr/share/pyshared/privacyidea_apache.py", line 71, in check_password
response = requests.post(PRIVACYIDEA + "/validate/check", data=data,
File "/opt/privacyidea/lib/python3.9/site-packages/requests/api.py", line 117, in post
return request('post', url, data=data, json=json, **kwargs)
File "/opt/privacyidea/lib/python3.9/site-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/opt/privacyidea/lib/python3.9/site-packages/requests/sessions.py", line 542, in request
resp = self.send(prep, **send_kwargs)
File "/opt/privacyidea/lib/python3.9/site-packages/requests/sessions.py", line 655, in send
r = adapter.send(request, **kwargs)
File "/opt/privacyidea/lib/python3.9/site-packages/requests/adapters.py", line 514, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='localhost', port=5000): Max retries exceeded with url: /validate/check (Caused by SSLError(SSLError(1, '[SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1123)')))
I get that this may be a SSL error, but I do not know exactly where to look. I have se sslverify to False, to avoid the fact that my certs are self-signed, not issued by globally trusted CA.