Shibboleth-plugin

Porfirio_Trincheira1 · May 28, 2024, 11:30am

Good moring
i have installer shibboleth-plugin on shibboleth 4.3.3 using [ v1.1.0-IdP4.tar ]

I have privacyidea.properties
whith this

# Required.
privacyidea.server_url=https://2fa.novaims.unl.pt (the shibbolet ping this machine and curl works) 
privacyidea.realm=defrealm
# Required. Only true/false allowed:
privacyidea.verify_ssl=true

## UI CONFIG ##

privacyidea.default_message=IMS_OTP
privacyidea.otp_field_hint=OTP
privacyidea.otp_length=6

## AUTHENTICATION FLOW CONFIG ##

# Required. Allowed values are: default, triggerChallenge and sendStaticPass
privacyidea.authentication_flow=default

my mfa-authn-config ha this 
<util:map id="shibboleth.authn.MFA.TransitionMap">
   <entry key="">
       <bean parent="shibboleth.authn.MFA.Transition" p:nextFlow="authn/Password"/>
   </entry>
   <entry key="authn/Password">
       <bean parent="shibboleth.authn.MFA.Transition" p:nextFlow="authn/privacyIDEA"/>
   </entry>
</util:map>

When I log in it ask for the OTP code
but get this on the log

Profile Action PrivacyIDEAAuthenticator: privacyIDEA response was null. Please check the config and try again.

On the PI server i get nothing on the apache access log

any clue ?

cornelinux · May 28, 2024, 9:46pm

Take a look at the log of your privacyIDEA server.

privacyidea.log,
webserver log (access log, error log)

My wild guess: Your SSL certificate is not valid! but you configured privacyidea.verify_ssl=true.