SimpleSAMLphp and PrivacyIDEA module

Hello everybody,

I try to setup SimpleSAMLphp with PrivacyIDEA (final goal: 2FA for Nextcloud as described in the how-to " How to use Nextcloud with privacyIDEA"). PrivacyIDEA is up and running, I can successfully test the enrolled user with the software token in the web GUI.

But something with the SimpleSAMLphp module seems not to work. When I use the test functionality in SimpleSAMLphp, I receive the (german) answer “In der Anfrage dieser Seite trat ein Fehler auf, der Grund ist: Valid JSON response, but some internal error occured in privacyidea server.”.

I attach the debug log from SimpleSAMLphp:
Jan 05 10:35:25 simplesamlphp WARNING [438fa9784e] The class or interface ‘SimpleSAML_Auth_State’ is now using namespaces, please use ‘SimpleSAML\Auth\State’.
Jan 05 10:35:25 simplesamlphp DEBUG [438fa9784e] Loading state: ‘725b56e109087e3d414cc9c42613135f9d9e50508c:sso.my-domain.de/saml/module.php/core/as_login.php?AuthId=myauth-pi&ReturnTo=https%3A%2F%2F_sso.my-domain.de%2Fsaml%2Fmodule.php%2Fcore%2Fauthenticate.php%3Fas%3Dmyauth-pi’
Jan 05 10:35:25 simplesamlphp WARNING [438fa9784e] The class or interface ‘sspmod_core_Auth_UserPassBase’ is now using namespaces, please use ‘SimpleSAML\Module\core\Auth\UserPassBase’ instead.
Jan 05 10:35:25 simplesamlphp WARNING [438fa9784e] The class or interface ‘SimpleSAML_Logger’ is now using namespaces, please use ‘SimpleSAML\Logger’.
Jan 05 10:35:25 simplesamlphp DEBUG [438fa9784e] calling privacyIDEA handleLogin with authState: 725b56e109087e3d414cc9c42613135f9d9e50508c:sso.my-domain.de/saml/module.php/core/as_login.php?AuthId=myauth-pi&ReturnTo=https%3A%2F%2F_sso.my-domain.de%2Fsaml%2Fmodule.php%2Fcore%2Fauthenticate.php%3Fas%3Dmyauth-pi for user test.user
Jan 05 10:35:25 simplesamlphp WARNING [438fa9784e] The class or interface ‘SimpleSAML_Utilities’ is now using namespaces, please use ‘SimpleSAML\Utilities’.
Jan 05 10:35:25 simplesamlphp DEBUG [438fa9784e] Loading state: ‘725b56e109087e3d414cc9c42613135f9d9e50508c:sso.my-domain.de/saml/module.php/core/as_login.php?AuthId=myauth-pi&ReturnTo=https%3A%2F%2F_sso.my-domain.de%2Fsaml%2Fmodule.php%2Fcore%2Fauthenticate.php%3Fas%3Dmyauth-pi’
Jan 05 10:35:25 simplesamlphp WARNING [438fa9784e] The class or interface ‘SimpleSAML_Auth_Source’ is now using namespaces, please use ‘SimpleSAML\Auth\Source’.
Jan 05 10:35:25 simplesamlphp DEBUG [438fa9784e] Using IP from REMOTE_ADDR: 85.85.85.85
Jan 05 10:35:25 simplesamlphp DEBUG [438fa9784e] privacyidea URL:nfa.int.my-domain.de/pi
Jan 05 10:35:25 simplesamlphp DEBUG [438fa9784e] user : test.user
Jan 05 10:35:25 simplesamlphp DEBUG [438fa9784e] transaction_id:
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] SimpleSAML\Error\Exception: Error 8 - Trying to get property ‘result’ of non-object at /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/modules/privacyidea/lib/Auth/Source/privacyidea.php:180
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] Backtrace:
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 5 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/www/_include.php:48 (SimpleSAML_error_handler)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 4 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/modules/privacyidea/lib/Auth/Source/privacyidea.php:180 (sspmod_privacyidea_Auth_Source_privacyidea::login_chal_resp)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 3 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/modules/privacyidea/lib/Auth/Source/privacyidea.php:374 (sspmod_privacyidea_Auth_Source_privacyidea::handleLogin)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 2 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/modules/privacyidea/www/otpform.php:60 (require)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 1 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/lib/SimpleSAML/Module.php:254 (SimpleSAML\Module::process)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 0 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/www/module.php:10 (N/A)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] SimpleSAML\Error\Exception: Error 8 - Trying to get property ‘detail’ of non-object at /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/modules/privacyidea/lib/Auth/Source/privacyidea.php:181
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] Backtrace:
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 5 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/www/_include.php:48 (SimpleSAML_error_handler)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 4 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/modules/privacyidea/lib/Auth/Source/privacyidea.php:181 (sspmod_privacyidea_Auth_Source_privacyidea::login_chal_resp)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 3 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/modules/privacyidea/lib/Auth/Source/privacyidea.php:374 (sspmod_privacyidea_Auth_Source_privacyidea::handleLogin)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 2 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/modules/privacyidea/www/otpform.php:60 (require)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 1 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/lib/SimpleSAML/Module.php:254 (SimpleSAML\Module::process)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 0 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/www/module.php:10 (N/A)
Jan 05 10:35:25 simplesamlphp DEBUG [438fa9784e] privacyidea result:
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] SimpleSAML\Error\Exception: Error 8 - Trying to get property ‘status’ of non-object at /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/modules/privacyidea/lib/Auth/Source/privacyidea.php:183
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] Backtrace:
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 5 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/www/_include.php:48 (SimpleSAML_error_handler)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 4 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/modules/privacyidea/lib/Auth/Source/privacyidea.php:183 (sspmod_privacyidea_Auth_Source_privacyidea::login_chal_resp)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 3 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/modules/privacyidea/lib/Auth/Source/privacyidea.php:374 (sspmod_privacyidea_Auth_Source_privacyidea::handleLogin)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 2 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/modules/privacyidea/www/otpform.php:60 (require)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 1 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/lib/SimpleSAML/Module.php:254 (SimpleSAML\Module::process)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 0 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/www/module.php:10 (N/A)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] SimpleSAML\Error\Exception: Error 8 - Trying to get property ‘value’ of non-object at /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/modules/privacyidea/lib/Auth/Source/privacyidea.php:184
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] Backtrace:
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 5 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/www/_include.php:48 (SimpleSAML_error_handler)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 4 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/modules/privacyidea/lib/Auth/Source/privacyidea.php:184 (sspmod_privacyidea_Auth_Source_privacyidea::login_chal_resp)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 3 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/modules/privacyidea/lib/Auth/Source/privacyidea.php:374 (sspmod_privacyidea_Auth_Source_privacyidea::handleLogin)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 2 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/modules/privacyidea/www/otpform.php:60 (require)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 1 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/lib/SimpleSAML/Module.php:254 (SimpleSAML\Module::process)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 0 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/www/module.php:10 (N/A)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] SimpleSAML\Error\Exception: Error 8 - Trying to get property ‘auth’ of non-object at /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/modules/privacyidea/lib/Auth/Source/privacyidea.php:184
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] Backtrace:
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 5 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/www/_include.php:48 (SimpleSAML_error_handler)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 4 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/modules/privacyidea/lib/Auth/Source/privacyidea.php:184 (sspmod_privacyidea_Auth_Source_privacyidea::login_chal_resp)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 3 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/modules/privacyidea/lib/Auth/Source/privacyidea.php:374 (sspmod_privacyidea_Auth_Source_privacyidea::handleLogin)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 2 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/modules/privacyidea/www/otpform.php:60 (require)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 1 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/lib/SimpleSAML/Module.php:254 (SimpleSAML\Module::process)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 0 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/www/module.php:10 (N/A)
Jan 05 10:35:25 simplesamlphp WARNING [438fa9784e] The class or interface ‘SimpleSAML_Error_BadRequest’ is now using namespaces, please use ‘SimpleSAML\Error\BadRequest’.
Jan 05 10:35:25 simplesamlphp NOTICE STAT [438fa9784e] Unsuccessful login attempt from 85.85.85.85.
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] SimpleSAML\Error\BadRequest: BADREQUEST(’%REASON%’ => ‘Valid JSON response, but some internal error occured in privacyidea server.’)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] Backtrace:
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 4 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/modules/privacyidea/lib/Auth/Source/privacyidea.php:191 (sspmod_privacyidea_Auth_Source_privacyidea::login_chal_resp)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 3 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/modules/privacyidea/lib/Auth/Source/privacyidea.php:374 (sspmod_privacyidea_Auth_Source_privacyidea::handleLogin)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 2 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/modules/privacyidea/www/otpform.php:60 (require)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 1 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/lib/SimpleSAML/Module.php:254 (SimpleSAML\Module::process)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] 0 /var/www/clients/client3/web36/private/simplesamlphp-1.18.3/www/module.php:10 (N/A)
Jan 05 10:35:25 simplesamlphp ERROR [438fa9784e] Error report with id c04fc0a9 generated.
Jan 05 10:35:25 simplesamlphp DEBUG [438fa9784e] Localization: using old system
Jan 05 10:35:25 simplesamlphp DEBUG [438fa9784e] Translate: Reading dictionary [/var/www/clients/client3/web36/private/simplesamlphp-1.18.3/dictionaries/errors]

Please let me kindly know what I can do about this or which information I can present to help find the “internal error”. Thanks!

Regards
Andreas

PS: I had to delete some “https” because otherwise the system wouldn’t let me post.

Hello and welcome to the privacyIDEA community!

If you get an internal server error from privacyIDEA, it is a good idea to look at privacyIDEA for more information. You can take a look at the privacyIDEA log file (usually /var/log/privacyidea/privacyidea.log) and at the webserver error log (depending on your web server and your distro, like /var/log/apache2/error.log).

Regards
Cornelius

Thanks for your immediate reply!

Unfortunately /var/log/privacyidea/privacyidea.log is empty (last entry from 2019-12-19). I checked, time and date are correct on my machine.

In /var/log/apache2/error.log I find just the following:
[Sun Jan 05 10:35:24.006653 2020] [wsgi:error] [pid 2555:tid 140008860104448] The configuration name is: production
[Sun Jan 05 10:35:24.006691 2020] [wsgi:error] [pid 2555:tid 140008860104448] Additional configuration can be read from the file /etc/privacyidea/pi.cfg
[Sun Jan 05 10:35:24.031541 2020] [wsgi:error] [pid 2555:tid 140008860104448] The config file specified in PI_LOGCONFIG does not exist.
[Sun Jan 05 10:35:24.031559 2020] [wsgi:error] [pid 2555:tid 140008860104448] Could not use PI_LOGCONFIG. Using PI_LOGLEVEL and PI_LOGFILE.
[Sun Jan 05 10:35:24.031565 2020] [wsgi:error] [pid 2555:tid 140008860104448] Using PI_LOGLEVEL 20.
[Sun Jan 05 10:35:24.031568 2020] [wsgi:error] [pid 2555:tid 140008860104448] Using PI_LOGFILE /var/log/privacyidea/privacyidea.log.

The system is Ubuntu 18.04.3 LTS with PrivacyIDEA 3.2-1bionic.

Something could we wired in your installation:

Your privacyidea.log file should not be empty, since it looks like you have log level “INFO” configured, which will always produce output in the privacyidea.log file. So either the server is using another file or the server can not write to the file.

An internal server error usually should produce output in the apache error log. - strange it does not.

You could also as a first step take a look at the Audit log in the web ui, what happens (or what kind of entry you get from the authentication request by simplesamlphp.)