Simplesamlphp-module-privacyidea-2.1.0

Hello!
I just noticed that there was a new SSP PrivacyIDEA module released with some interesting enhancements. We have the 2.0 release version running in both test and production so I installed the new 2.1 module in the test IdP and altered the config accordingly (authproc mode). But, when the module is called the user gets a blank page. The SSP log shows this:
Mar 3 15:12:59 esn-test-idp2 simplesamlphp[159806]: 3 [7fc7757ad0] SimpleSAML\Error\Exception: Error 2 - require_once(/var/simplesamlphp/modules/privacyidea/lib/php-client/src/Client-Autoloader.php): failed to open stream: No such file or directory at /var/simplesamlphp/modules/privacyidea/lib/Auth/Process/PrivacyideaAuthProc.php:3
Mar 3 15:12:59 esn-test-idp2 simplesamlphp[159806]: 3 [7fc7757ad0] Backtrace:
Mar 3 15:12:59 esn-test-idp2 simplesamlphp[159806]: 3 [7fc7757ad0] 13 /var/simplesamlphp/www/_include.php:44 (SimpleSAML_error_handler)
Mar 3 15:12:59 esn-test-idp2 simplesamlphp[159806]: 3 [7fc7757ad0] 12 /var/simplesamlphp/modules/privacyidea/lib/Auth/Process/PrivacyideaAuthProc.php:3 (require_once)
Mar 3 15:12:59 esn-test-idp2 simplesamlphp[159806]: 3 [7fc7757ad0] 11 /var/simplesamlphp/modules/privacyidea/lib/Auth/Process/PrivacyideaAuthProc.php:3 (require_once)
Mar 3 15:12:59 esn-test-idp2 simplesamlphp[159806]: 3 [7fc7757ad0] 10 /var/simplesamlphp/lib/_autoload_modules.php:172 (sspmodAutoloadPSR4)
Mar 3 15:12:59 esn-test-idp2 simplesamlphp[159806]: 3 [7fc7757ad0] 9 [builtin] (spl_autoload_call)
Mar 3 15:12:59 esn-test-idp2 simplesamlphp[159806]: 3 [7fc7757ad0] 8 [builtin] (class_exists)
Mar 3 15:12:59 esn-test-idp2 simplesamlphp[159806]: 3 [7fc7757ad0] 7 /var/simplesamlphp/lib/SimpleSAML/Module.php:451 (SimpleSAML\Module::resolveClass)
Mar 3 15:12:59 esn-test-idp2 simplesamlphp[159806]: 3 [7fc7757ad0] 6 /var/simplesamlphp/lib/SimpleSAML/Auth/ProcessingChain.php:160 (SimpleSAML\Auth\ProcessingChain::parseFilter)
Mar 3 15:12:59 esn-test-idp2 simplesamlphp[159806]: 3 [7fc7757ad0] 5 /var/simplesamlphp/lib/SimpleSAML/Auth/ProcessingChain.php:136 (SimpleSAML\Auth\ProcessingChain::parseFilterList)
Mar 3 15:12:59 esn-test-idp2 simplesamlphp[159806]: 3 [7fc7757ad0] 4 /var/simplesamlphp/lib/SimpleSAML/Auth/ProcessingChain.php:80 (SimpleSAML\Auth\ProcessingChain::__construct)
Mar 3 15:12:59 esn-test-idp2 simplesamlphp[159806]: 3 [7fc7757ad0] 3 /var/simplesamlphp/lib/SimpleSAML/IdP.php:329 (SimpleSAML\IdP::postAuth)
Mar 3 15:12:59 esn-test-idp2 simplesamlphp[159806]: 3 [7fc7757ad0] 2 /var/simplesamlphp/lib/SimpleSAML/IdP.php:420 (SimpleSAML\IdP::handleAuthenticationRequest)
Mar 3 15:12:59 esn-test-idp2 simplesamlphp[159806]: 3 [7fc7757ad0] 1 /var/simplesamlphp/modules/saml/lib/IdP/SAML2.php:498 (SimpleSAML\Module\saml\IdP\SAML2::receiveAuthnRequest)
Mar 3 15:12:59 esn-test-idp2 simplesamlphp[159806]: 3 [7fc7757ad0] 0 /var/simplesamlphp/www/saml2/idp/SSOService.php:26 (N/A)

SSP is 1.19.5 running on Ubuntu 20.04.3 LTS, Apache 2.4.41, PHP 7.4.3. What can be the cause of this?

Hi, how did you do the upgrade?
The files of this repo GitHub - privacyidea/php-client: PHP client to help with development of plugins for the privacyIDEA authentication server are required to be in /var/simplesamlphp/modules/privacyidea/lib so that folder looks like
lib
l-- Auth
l-- php-client

Hello!
I download and copy things into place, perhaps mostly because I always did but also that I have a reasonably convenient workflow when applying changes in IdP config, based on having all config in a replicated structure and just copying that structure over the running stuff. Anyway, I didn’t know about the php-client but put it in place as instructed. Changed the behaviour a bit but still, when the aouthproc-part was called things still went wrong. Then I noticed that the pi-webautn.js is not in place but in a linked folder. Now, getting the contents in place makes the thing work!
However, during an auth procedure a whole bunch of errors are fired in the SSP log, most of them I guess are “expected”, but still…

What errors are you seeing in the log?

Below is what’s logged in simplesamlphp.log (debug level) when going to a service that requires MFA. The log starts at the point when the PI authproc metadata is found and ends when the service is successfully accessed. A Yubikey as a WebAuthn token is used. A bit lengthy…

Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 6 [ec8e50fd10] privacyIDEA: Auth Proc Filter - Entering process function.
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] SimpleSAML\Error\Exception: Error 8 - Undefined index: enabledKey at /var/simplesamlphp/modules/privacyidea/lib/Auth/Utils.php:371
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] Backtrace:
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 7 /var/simplesamlphp/www/_include.php:44 (SimpleSAML_error_handler)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 6 /var/simplesamlphp/modules/privacyidea/lib/Auth/Utils.php:371 (sspmod_privacyidea_Auth_Utils::isPrivacyIDEADisabled)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 5 /var/simplesamlphp/modules/privacyidea/lib/Auth/Process/PrivacyideaAuthProc.php:68 (sspmod_privacyidea_Auth_Process_PrivacyideaAuthProc::process)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 4 /var/simplesamlphp/lib/SimpleSAML/Auth/ProcessingChain.php:210 (SimpleSAML\Auth\ProcessingChain::processState)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 3 /var/simplesamlphp/lib/SimpleSAML/IdP.php:335 (SimpleSAML\IdP::postAuth)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 2 /var/simplesamlphp/lib/SimpleSAML/IdP.php:420 (SimpleSAML\IdP::handleAuthenticationRequest)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 1 /var/simplesamlphp/modules/saml/lib/IdP/SAML2.php:498 (SimpleSAML\Module\saml\IdP\SAML2::receiveAuthnRequest)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 0 /var/simplesamlphp/www/saml2/idp/SSOService.php:26 (N/A)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 4 [ec8e50fd10] The class or interface ‘SimpleSAML_Auth_State’ is now using namespaces, please use ‘SimpleSAML\Auth\State’.
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 7 [ec8e50fd10] Saved state: ‘_8f2555b7a590b2867987992d92db01cd1a3206fd99:Metadata not found’
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 7 [ec8e50fd10] Loading state: ‘_8f2555b7a590b2867987992d92db01cd1a3206fd99:Metadata not found’
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 7 [ec8e50fd10] Saved state: ‘_8f2555b7a590b2867987992d92db01cd1a3206fd99:Metadata not found’
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 4 [ec8e50fd10] The class or interface ‘SimpleSAML_Module’ is now using namespaces, please use ‘SimpleSAML\Module’.
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 4 [ec8e50fd10] The class or interface ‘SimpleSAML_Utilities’ is now using namespaces, please use ‘SimpleSAML\Utilities’.
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 7 [ec8e50fd10] saving key .session.b5a1428474e30dc52ffeb1c6b9da7a3c to memcache
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 4 [ec8e50fd10] The class or interface ‘SimpleSAML_Logger’ is now using namespaces, please use ‘SimpleSAML\Logger’.
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 7 [ec8e50fd10] Loading privacyIDEA form…
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 4 [ec8e50fd10] The class or interface ‘SimpleSAML_Auth_State’ is now using namespaces, please use ‘SimpleSAML\Auth\State’.
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 7 [ec8e50fd10] Loading state: ‘_8f2555b7a590b2867987992d92db01cd1a3206fd99:Metadata not found’
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 7 [ec8e50fd10] loading key .session.b5a1428474e30dc52ffeb1c6b9da7a3c from memcache
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 4 [ec8e50fd10] The class or interface ‘SimpleSAML_XHTML_Template’ is now using namespaces, please use ‘SimpleSAML\XHTML\Template’.
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 4 [ec8e50fd10] The class or interface ‘SimpleSAML_Configuration’ is now using namespaces, please use ‘SimpleSAML\Configuration’.
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 7 [ec8e50fd10] Localization: using old system
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 4 [ec8e50fd10] The class or interface ‘SimpleSAML_Module’ is now using namespaces, please use ‘SimpleSAML\Module’.
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 4 [ec8e50fd10] The class or interface ‘SimpleSAML_Session’ is now using namespaces, please use ‘SimpleSAML\Session’.
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 7 [ec8e50fd10] /simplesaml/module.php/privacyidea/FormBuilder.php - Template: Could not find template file [privacyidea:LoginForm.php] at [/var/simplesamlphp/modules/angelholmtheme/themes/simpletheme/privacyidea/LoginForm] - now trying the base template
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 7 [ec8e50fd10] Translate: Reading dictionary [/var/simplesamlphp/modules/privacyidea/dictionaries/privacyidea]
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] SimpleSAML\Error\Exception: Error 8 - Undefined index: message at /var/simplesamlphp/modules/privacyidea/templates/LoginForm.php:158
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] Backtrace:
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 5 /var/simplesamlphp/www/_include.php:44 (SimpleSAML_error_handler)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 4 /var/simplesamlphp/modules/privacyidea/templates/LoginForm.php:158 (require)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 3 /var/simplesamlphp/lib/SimpleSAML/XHTML/Template.php:560 (SimpleSAML\XHTML\Template::show)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 2 /var/simplesamlphp/modules/privacyidea/www/FormBuilder.php:130 (require)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 1 /var/simplesamlphp/lib/SimpleSAML/Module.php:266 (SimpleSAML\Module::process)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 0 /var/simplesamlphp/www/module.php:10 (N/A)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 7 [ec8e50fd10] Translate: Reading dictionary [/var/simplesamlphp/dictionaries/login]
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] SimpleSAML\Error\Exception: Error 8 - Undefined index: mode at /var/simplesamlphp/modules/privacyidea/templates/LoginForm.php:175
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] Backtrace:
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 5 /var/simplesamlphp/www/_include.php:44 (SimpleSAML_error_handler)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 4 /var/simplesamlphp/modules/privacyidea/templates/LoginForm.php:175 (require)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 3 /var/simplesamlphp/lib/SimpleSAML/XHTML/Template.php:560 (SimpleSAML\XHTML\Template::show)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 2 /var/simplesamlphp/modules/privacyidea/www/FormBuilder.php:130 (require)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 1 /var/simplesamlphp/lib/SimpleSAML/Module.php:266 (SimpleSAML\Module::process)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 0 /var/simplesamlphp/www/module.php:10 (N/A)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] SimpleSAML\Error\Exception: Error 8 - Undefined index: otpAvailable at /var/simplesamlphp/modules/privacyidea/templates/LoginForm.php:181
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] Backtrace:
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 5 /var/simplesamlphp/www/_include.php:44 (SimpleSAML_error_handler)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 4 /var/simplesamlphp/modules/privacyidea/templates/LoginForm.php:181 (require)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 3 /var/simplesamlphp/lib/SimpleSAML/XHTML/Template.php:560 (SimpleSAML\XHTML\Template::show)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 2 /var/simplesamlphp/modules/privacyidea/www/FormBuilder.php:130 (require)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 1 /var/simplesamlphp/lib/SimpleSAML/Module.php:266 (SimpleSAML\Module::process)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 0 /var/simplesamlphp/www/module.php:10 (N/A)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] SimpleSAML\Error\Exception: Error 8 - Undefined index: webAuthnSignRequest at /var/simplesamlphp/modules/privacyidea/templates/LoginForm.php:184
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] Backtrace:
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 5 /var/simplesamlphp/www/_include.php:44 (SimpleSAML_error_handler)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 4 /var/simplesamlphp/modules/privacyidea/templates/LoginForm.php:184 (require)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 3 /var/simplesamlphp/lib/SimpleSAML/XHTML/Template.php:560 (SimpleSAML\XHTML\Template::show)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 2 /var/simplesamlphp/modules/privacyidea/www/FormBuilder.php:130 (require)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 1 /var/simplesamlphp/lib/SimpleSAML/Module.php:266 (SimpleSAML\Module::process)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 0 /var/simplesamlphp/www/module.php:10 (N/A)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 7 [ec8e50fd10] saving key .session.b5a1428474e30dc52ffeb1c6b9da7a3c to memcache
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] SimpleSAML\Error\Exception: Error 8 - Undefined index: u2fSignRequest at /var/simplesamlphp/modules/privacyidea/templates/LoginForm.php:187
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] Backtrace:
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 5 /var/simplesamlphp/www/_include.php:44 (SimpleSAML_error_handler)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 4 /var/simplesamlphp/modules/privacyidea/templates/LoginForm.php:187 (require)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 3 /var/simplesamlphp/lib/SimpleSAML/XHTML/Template.php:560 (SimpleSAML\XHTML\Template::show)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 2 /var/simplesamlphp/modules/privacyidea/www/FormBuilder.php:130 (require)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 1 /var/simplesamlphp/lib/SimpleSAML/Module.php:266 (SimpleSAML\Module::process)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 3 [ec8e50fd10] 0 /var/simplesamlphp/www/module.php:10 (N/A)
Mar 4 14:32:25 esn-test-idp2 simplesamlphp[1443]: 7 [ec8e50fd10] Translate: Reading dictionary [/var/simplesamlphp/dictionaries/status]
Mar 4 14:32:53 esn-test-idp2 simplesamlphp[935]: 4 [ec8e50fd10] The class or interface ‘SimpleSAML_Session’ is now using namespaces, please use ‘SimpleSAML\Session’.
Mar 4 14:32:53 esn-test-idp2 simplesamlphp[935]: 7 [ec8e50fd10] loading key .session.b5a1428474e30dc52ffeb1c6b9da7a3c from memcache
Mar 4 14:32:53 esn-test-idp2 simplesamlphp[935]: 4 [ec8e50fd10] The class or interface ‘SimpleSAML_Auth_State’ is now using namespaces, please use ‘SimpleSAML\Auth\State’.
Mar 4 14:32:53 esn-test-idp2 simplesamlphp[935]: 7 [ec8e50fd10] Loading state: ‘_8f2555b7a590b2867987992d92db01cd1a3206fd99:Metadata not found’
Mar 4 14:32:53 esn-test-idp2 simplesamlphp[935]: 4 [ec8e50fd10] The class or interface ‘SimpleSAML_Logger’ is now using namespaces, please use ‘SimpleSAML\Logger’.
Mar 4 14:32:53 esn-test-idp2 simplesamlphp[935]: 7 [ec8e50fd10] privacyIDEA: Utils::authenticatePI with form data:
Mar 4 14:32:53 esn-test-idp2 simplesamlphp[935]: username=btw2912, pass=, otp=7890, mode=otp, pushAvailable=, otpAvailable=1, modeChanged=0, webAuthnSignResponse=, webAuthnSignRequest=, origin=, u2fSignRequest=, u2fSignResponse=, message=, loadCounter=1
Mar 4 14:32:53 esn-test-idp2 simplesamlphp[935]: 3 [ec8e50fd10] SimpleSAML\Error\Exception: Error 8 - Undefined index: transactionID at /var/simplesamlphp/modules/privacyidea/lib/Auth/Utils.php:57
Mar 4 14:32:53 esn-test-idp2 simplesamlphp[935]: 3 [ec8e50fd10] Backtrace:
Mar 4 14:32:53 esn-test-idp2 simplesamlphp[935]: 3 [ec8e50fd10] 4 /var/simplesamlphp/www/_include.php:44 (SimpleSAML_error_handler)
Mar 4 14:32:53 esn-test-idp2 simplesamlphp[935]: 3 [ec8e50fd10] 3 /var/simplesamlphp/modules/privacyidea/lib/Auth/Utils.php:57 (sspmod_privacyidea_Auth_Utils::authenticatePI)
Mar 4 14:32:53 esn-test-idp2 simplesamlphp[935]: 3 [ec8e50fd10] 2 /var/simplesamlphp/modules/privacyidea/www/FormReceiver.php:56 (require)
Mar 4 14:32:53 esn-test-idp2 simplesamlphp[935]: 3 [ec8e50fd10] 1 /var/simplesamlphp/lib/SimpleSAML/Module.php:266 (SimpleSAML\Module::process)
Mar 4 14:32:53 esn-test-idp2 simplesamlphp[935]: 3 [ec8e50fd10] 0 /var/simplesamlphp/www/module.php:10 (N/A)
Mar 4 14:32:53 esn-test-idp2 simplesamlphp[935]: 7 [ec8e50fd10] privacyIDEA-PHP-Client: Sending user=btw2912, pass=7890 to /validate/check
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 7 [ec8e50fd10] privacyIDEA-PHP-Client: /validate/check returned {
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “detail”: {
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “attributes”: {
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “hideResponseInput”: true,
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “img”: “”,
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “webAuthnSignRequest”: {
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “allowCredentials”: [
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: {
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “id”: “T6e3WrhTiu-7sxJ8YadvrPwZsnaMhkqcndexGrEpS_77wn3QsNYQp4namSP3AZ_o7spJRqonx9EXlsB6sydurw”,
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “transports”: [
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “ble”,
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “nfc”,
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “usb”,
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “internal”
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: ],
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “type”: “public-key”
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: }
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: ],
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “challenge”: “KA80duYnbQyEIdDijpe-se3O0ginl-_AS-mDEqpP_z0”,
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “rpId”: “engelholm.se”,
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “timeout”: 60000,
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “userVerification”: “preferred”
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: }
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: },
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “message”: “Please confirm with your WebAuthn token (Bengt W\u00e4llstedt 1207924)”,
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “messages”: [
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “Please confirm with your WebAuthn token (Bengt W\u00e4llstedt 1207924)”
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: ],
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “multi_challenge”: [
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: {
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “attributes”: {
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “hideResponseInput”: true,
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “img”: “”,
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “webAuthnSignRequest”: {
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “allowCredentials”: [
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: {
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “id”: “T6e3WrhTiu-7sxJ8YadvrPwZsnaMhkqcndexGrEpS_77wn3QsNYQp4namSP3AZ_o7spJRqonx9EXlsB6sydurw”,
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “transports”: [
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “ble”,
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “nfc”,
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “usb”,
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “internal”
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: ],
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “type”: “public-key”
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: }
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: ],
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “challenge”: “KA80duYnbQyEIdDijpe-se3O0ginl-_AS-mDEqpP_z0”,
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “rpId”: “engelholm.se”,
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “timeout”: 60000,
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “userVerification”: “preferred”
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: }
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: },
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “message”: “Please confirm with your WebAuthn token (Bengt W\u00e4llstedt 1207924)”,
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “serial”: “WAN00495110”,
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “transaction_id”: “10056447247662589081”,
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “type”: “webauthn”
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: }
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: ],
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “serial”: “WAN00495110”,
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “threadid”: 140038600869632,
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “transaction_id”: “10056447247662589081”,
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “transaction_ids”: [
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “10056447247662589081”
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: ],
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “type”: “webauthn”
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: },
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “id”: 1,
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “jsonrpc”: “2.0”,
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “result”: {
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “status”: true,
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “value”: false
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: },
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “time”: 1646400774.521457,
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “version”: “privacyIDEA 3.6.3”,
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “versionnumber”: “3.6.3”,
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: “signature”: “rsa_sha256_pss:11f9a2c2b6fa78e8ee0a54ffb78f3ca6a68dfddfe491bea40f8c45a78341c41c9433c583d743ec68fe9f006c04ec7800e2c1c8829066e08967d23cfc601959324f8025728cf8257fb7ff9ca52a79eb071d4adcce8bf1c91b231348aafb1f64e7cf2bc8b5d0af46dce260c16bd228ceafb8b2253bf137d0e4286af353aea41d9a47595ef05220a0971d95b0e08b3976cb7be4071b62a3f7030e38bcd1e058f60acee59697a62d9ad5fcba3c29552f5f5546e3cd91ba86e3d9b7db62e982787402d6cce214c4bb041e4d551c3c846089fd70ca39bba5b2df8d70dd3649c80b2fc69f3d88facec71aebaa12688be02ac7e6142939524fb3611ac781d830ab0e372c”
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: }
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 7 [ec8e50fd10] Saved state: ‘_8f2555b7a590b2867987992d92db01cd1a3206fd99:Metadata not found’
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 7 [ec8e50fd10] Loading state: ‘_8f2555b7a590b2867987992d92db01cd1a3206fd99:Metadata not found’
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 7 [ec8e50fd10] Saved state: ‘_8f2555b7a590b2867987992d92db01cd1a3206fd99:Metadata not found’
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 4 [ec8e50fd10] The class or interface ‘SimpleSAML_Module’ is now using namespaces, please use ‘SimpleSAML\Module’.
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 4 [ec8e50fd10] The class or interface ‘SimpleSAML_Utilities’ is now using namespaces, please use ‘SimpleSAML\Utilities’.
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 7 [ec8e50fd10] saving key .session.b5a1428474e30dc52ffeb1c6b9da7a3c to memcache
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 4 [ec8e50fd10] The class or interface ‘SimpleSAML_Logger’ is now using namespaces, please use ‘SimpleSAML\Logger’.
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 7 [ec8e50fd10] Loading privacyIDEA form…
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 4 [ec8e50fd10] The class or interface ‘SimpleSAML_Auth_State’ is now using namespaces, please use ‘SimpleSAML\Auth\State’.
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 7 [ec8e50fd10] Loading state: ‘_8f2555b7a590b2867987992d92db01cd1a3206fd99:Metadata not found’
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 7 [ec8e50fd10] loading key .session.b5a1428474e30dc52ffeb1c6b9da7a3c from memcache
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 4 [ec8e50fd10] The class or interface ‘SimpleSAML_XHTML_Template’ is now using namespaces, please use ‘SimpleSAML\XHTML\Template’.
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 4 [ec8e50fd10] The class or interface ‘SimpleSAML_Configuration’ is now using namespaces, please use ‘SimpleSAML\Configuration’.
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 7 [ec8e50fd10] Localization: using old system
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 4 [ec8e50fd10] The class or interface ‘SimpleSAML_Module’ is now using namespaces, please use ‘SimpleSAML\Module’.
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 4 [ec8e50fd10] The class or interface ‘SimpleSAML_Session’ is now using namespaces, please use ‘SimpleSAML\Session’.
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 7 [ec8e50fd10] /simplesaml/module.php/privacyidea/FormBuilder.php - Template: Could not find template file [privacyidea:LoginForm.php] at [/var/simplesamlphp/modules/angelholmtheme/themes/simpletheme/privacyidea/LoginForm] - now trying the base template
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 7 [ec8e50fd10] Translate: Reading dictionary [/var/simplesamlphp/modules/privacyidea/dictionaries/privacyidea]
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 7 [ec8e50fd10] Translate: Reading dictionary [/var/simplesamlphp/dictionaries/login]
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 7 [ec8e50fd10] saving key .session.b5a1428474e30dc52ffeb1c6b9da7a3c to memcache
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 3 [ec8e50fd10] SimpleSAML\Error\Exception: Error 8 - Undefined index: u2fSignRequest at /var/simplesamlphp/modules/privacyidea/templates/LoginForm.php:187
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 3 [ec8e50fd10] Backtrace:
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 3 [ec8e50fd10] 5 /var/simplesamlphp/www/_include.php:44 (SimpleSAML_error_handler)
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 3 [ec8e50fd10] 4 /var/simplesamlphp/modules/privacyidea/templates/LoginForm.php:187 (require)
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 3 [ec8e50fd10] 3 /var/simplesamlphp/lib/SimpleSAML/XHTML/Template.php:560 (SimpleSAML\XHTML\Template::show)
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 3 [ec8e50fd10] 2 /var/simplesamlphp/modules/privacyidea/www/FormBuilder.php:130 (require)
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 3 [ec8e50fd10] 1 /var/simplesamlphp/lib/SimpleSAML/Module.php:266 (SimpleSAML\Module::process)
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 3 [ec8e50fd10] 0 /var/simplesamlphp/www/module.php:10 (N/A)
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 7 [ec8e50fd10] Translate: Reading dictionary [/var/simplesamlphp/dictionaries/status]
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 3 [ec8e50fd10] SimpleSAML\Error\Exception: Error 8 - Undefined index: u2fSignRequest at /var/simplesamlphp/modules/privacyidea/templates/LoginForm.php:304
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 3 [ec8e50fd10] Backtrace:
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 3 [ec8e50fd10] 5 /var/simplesamlphp/www/_include.php:44 (SimpleSAML_error_handler)
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 3 [ec8e50fd10] 4 /var/simplesamlphp/modules/privacyidea/templates/LoginForm.php:304 (require)
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 3 [ec8e50fd10] 3 /var/simplesamlphp/lib/SimpleSAML/XHTML/Template.php:560 (SimpleSAML\XHTML\Template::show)
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 3 [ec8e50fd10] 2 /var/simplesamlphp/modules/privacyidea/www/FormBuilder.php:130 (require)
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 3 [ec8e50fd10] 1 /var/simplesamlphp/lib/SimpleSAML/Module.php:266 (SimpleSAML\Module::process)
Mar 4 14:32:54 esn-test-idp2 simplesamlphp[935]: 3 [ec8e50fd10] 0 /var/simplesamlphp/www/module.php:10 (N/A)

To be continued…

I think this is where I enter the PIN and click “Log in”:

Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: 4 [ec8e50fd10] The class or interface ‘SimpleSAML_Session’ is now using namespaces, please use ‘SimpleSAML\Session’.
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: 7 [ec8e50fd10] loading key .session.b5a1428474e30dc52ffeb1c6b9da7a3c from memcache
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: 4 [ec8e50fd10] The class or interface ‘SimpleSAML_Auth_State’ is now using namespaces, please use ‘SimpleSAML\Auth\State’.
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: 7 [ec8e50fd10] Loading state: ‘_8f2555b7a590b2867987992d92db01cd1a3206fd99:Metadata not found’
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: 4 [ec8e50fd10] The class or interface ‘SimpleSAML_Logger’ is now using namespaces, please use ‘SimpleSAML\Logger’.
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: 7 [ec8e50fd10] privacyIDEA: Utils::authenticatePI with form data:
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: username=btw2912, pass=, otp=, mode=webauthn, pushAvailable=, otpAvailable=1, modeChanged=0, webAuthnSignResponse=-7sxJ8YadvrPwZsnaMhkqcndexGrEpS_77wn3QsNYQp4namSP3AZ_o7spJRqonx9EXlsB6sydurw-rmhI78nZ0qN8itAiBmjh3Ig3Zgv5BSI0jo-_Nxy5xs, webAuthnSignRequest=-7sxJ8YadvrPwZsnaMhkqcndexGrEpS_77wn3QsNYQp4namSP3AZ_o7spJRqonx9EXlsB6sydurw-key-se3O0ginl-_AS-mDEqpP_z0.se, origin=https.skola.engelholm.se, u2fSignRequest=, u2fSignResponse=, message=Please+confirm+with+your+WebAuthn+token++W+1207924, loadCounter=1
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: 7 [ec8e50fd10] privacyIDEA-PHP-Client: Sending user=btw2912, pass=, transaction_id=10056447247662589081, credentialid=T6e3WrhTiu-7sxJ8YadvrPwZsnaMhkqcndexGrEpS_77wn3QsNYQp4namSP3AZ_o7spJRqonx9EXlsB6sydurw, clientdata=eyJjaGFsbGVuZ2UiOiJLQTgwZHVZbmJReUVJZERpanBlLXNlM08wZ2lubC1fQVMtbURFcXBQX3ow, signaturedata=MEQCIFKO55l1n_YLtkzyDFs1iGtS_b8pT-rmhI78nZ0qN8itAiBmjh3Ig3Zgv5BSI0jo-_Nxy5xs, authenticatordata=QWpQ4_veawRE3PwVtvzICAm7CGAvB9qxhAW_yQUpEUUBAAAAsg to /validate/check
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: 7 [ec8e50fd10] privacyIDEA-PHP-Client: /validate/check returned {
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: “detail”: {
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: “message”: “Found matching challenge”,
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: “serial”: “WAN00495110”,
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: “threadid”: 140038592476928
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: },
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: “id”: 1,
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: “jsonrpc”: “2.0”,
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: “result”: {
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: “status”: true,
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: “value”: true
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: },
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: “time”: 1646400791.471707,
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: “version”: “privacyIDEA 3.6.3”,
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: “versionnumber”: “3.6.3”,
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: “signature”: “rsa_sha256_pss:cf0f960eed812666e0d96a374495948a317e10a32455b09e2d95271e0d69aa4d06c21b1b53d68ae336db2690dda7035ea93873f580e16ca1f589c1a8a28ef75c56663e99c1c495e03a4ac19eb47961273ec7629b6e366f6afc1a2e9e17b941c47939daf685de226325bbda5ef00aa6f474bdb5707bcae29269bebb78e9abf1c0efbf592e53f7d7af1d6cbdec6d6909bd50f518127cb4fdb4d612f98f2290483db2d464d9564ae2242dc0a3e7d9aaf3e60cbc22a85340b58e04b9e597439f3c9387f38478c7f8ce8c6f05c16bef3b8240cd4ed8dcd95790c57810630803d3f7d86981dbce49ede6e023bf198f3918f5b900d956c96cfacf1330a8a16daffa809e”
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: }
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: 7 [ec8e50fd10] Saved state: ‘_8f2555b7a590b2867987992d92db01cd1a3206fd99:Metadata not found’
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: 7 [ec8e50fd10] Loading state: ‘_8f2555b7a590b2867987992d92db01cd1a3206fd99:Metadata not found’
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: 7 [ec8e50fd10] privacyIDEA: User authenticated successfully!
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: 7 [ec8e50fd10] privacyIDEA: tryWriteSSO
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: 7 [ec8e50fd10] Session: Valid session found with ‘ANGPORT’.
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: 7 [ec8e50fd10] privacyIDEA: Registering logout handler for authority ANGPORT
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: 7 [ec8e50fd10] privacyIDEA: SSO data written and logout handler registered.
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: 7 [ec8e50fd10] Saved state: ‘_8f2555b7a590b2867987992d92db01cd1a3206fd99:Metadata not found’
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: 4 [ec8e50fd10] The class or interface ‘SimpleSAML_Auth_ProcessingChain’ is now using namespaces, please use ‘SimpleSAML\Auth\ProcessingChain’.
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: 7 [ec8e50fd10] ldap:SimpleSAML\Module\ldap\Auth\Process\AttributeAddFromLDAP : Connecting to LDAP server; Hostname: ldaps://ldap01-srv.skola.engelholm.se Port: 389 Enable TLS: No Debug: No Referrals: Yes Timeout: 0 Username: cn=sspbrowser,ou=SYSTEM,o=ANGPORT Password: ********
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: 7 [ec8e50fd10] Library - LDAP __construct(): Setup LDAP with host=‘ldaps://ldap01-srv.skola.engelholm.se’, tls=false, debug=false, timeout=0, referrals=true
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: 7 [ec8e50fd10] Library - LDAP bind(): Bind successful with DN ‘cn=sspbrowser,ou=SYSTEM,o=ANGPORT’
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: 5 STAT [ec8e50fd10] saml20-idp-SSO-first https://sp.engelholm.trusteddialog.se https://idp.skola.engelholm.se/simplesaml/saml2/idp/metadata.php NA
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: 5 STAT [ec8e50fd10] saml20-idp-SSO https://sp.engelholm.trusteddialog.se https://idp.skola.engelholm.se/simplesaml/saml2/idp/metadata.php NA
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: 7 [ec8e50fd10] Deleting state: ‘_8f2555b7a590b2867987992d92db01cd1a3206fd99’
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: 6 [ec8e50fd10] Sending SAML 2.0 Response to ‘https://sp.engelholm.trusteddialog.se’
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: 5 [ec8e50fd10] EVENT {“spEntityID”:“https://sp.engelholm.trusteddialog.se”,“idpEntityID”:“https://idp.skola.engelholm.se/simplesaml/saml2/idp/metadata.php",“protocol”:“saml2”,“logintime”:46.25531816482544,“op”:“saml:idp:Response”,“time”:1646400791.514694,"_id":"0000000062221517f935562f1b5868d681682f25dcbb8fb5”}
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: 7 [ec8e50fd10] Localization: using old system
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: 7 [ec8e50fd10] /simplesaml/module.php/privacyidea/FormReceiver.php - Template: Could not find template file [post.php] at [/var/simplesamlphp/modules/angelholmtheme/themes/simpletheme/default/post] - now trying the base template
Mar 4 14:33:11 esn-test-idp2 simplesamlphp[931]: 7 [ec8e50fd10] saving key .session.b5a1428474e30dc52ffeb1c6b9da7a3c to memcache

can you please you the "preformatted text " option for the logs

also just to clarify: You are using this as authproc but within not UCS?

I checked the code and the errors you are seeing should be suppressed because they are expected and caught. The errors will be gone in 2.1.1.

Sorry about the very long posts, I didn’t know about the preformatted text option, I’ll use it in the future! We use the authproc mode, the PI metadata is added to a few selected SP’s metadata in the saml20-sp-rempte.php file. I don’t know UCS, I guess we’re not using it then. About the errors, that was what I thought, felt I just had to ask…
Thanks for bearing with me!

When I’m at it… Maybe this might be something to look at (or perhaps depending on our config?):
Here I’m logged in with username/password and wants to access a service that is configured to use PI:

Here I just put the cursor in the input box to enter the PIN. Notice that the input box moved a bit the instant I clicked in it:

Now I have entered the PIN and clicked the Login button. Notice that the box moved back to the position it was before, and nothing else happens.

So I click the Login button again:

And now, clicking the WebAuthn button makes the Yubikey blink and when I touch it I access the service. If I instead of clicking the Login button after entering the pin (image 2) just press Enter on the keyboard, I’m taken directly to image 4. If I set ‘preferredTokenType’ => ‘webauthn’ in the metadata (great feature!) things happen as image 1 - 3 but after clicking the Login button the second time the Yubikey blinks and so on. And pressing Enter key instead of clicking Login takes me directly to the Yubikey. I guess this is not expected behaviour, but maybe it is caused by our config?

So to rephrase this: The first click on the login button is not recognized and the button moves?

Yes, almost. Placing the cursor in the PIN/OTP box makes the box and the Login button move a little bit down and to the right. Entering the PIN in the box and clicking the Login button makes the box and the button move back to where they were before. Nothing more. Another click makes go.

We are working on fixing this for the next version.

you can check out v2.1.1, it should be fixed now

Hi! Don’t know what’s happening here but it actually still behaves exactly the same when I try it out. I’m reasonably sure it actually is the new version I’m using so I can’t understand…
Also… I had to add this line in PILogger.php:
require_once((dirname(FILE, 2)) . ‘/php-client/src/Client-Autoloader.php’);
Otherwise PILog function was unknown or something like that.

Hi,
if you are using the repo GitHub - privacyidea/simplesamlphp-module-privacyidea: OTP Two Factor Authentication Module for simpleSAMLphp to run with privacyIDEA, an installation with composer is required now. composer will take care of loading the dependencies.
If you copy the files, you need to add the line (as you did) to the files you are using and place the php-client in the respective folder.

For the moving button: I have not been able to fix this. I am no web dev and do not really understand what is happening there. I reopended the issue for it, so if you have any ideas on how to tackle this please let us know. For now
i have to work on other this, maybe a colleague can look at it in the future.

Hi!
Niether am I a web dev… I sometimes manage to locate things using FF tools, but not this one. As far as I can understand the input box and the button are defined in loginform.css but I really dont undrstand much. It could be that something invisible pops in when clicking the box so it gets focus, moving things a bit. Like a line of white text on the white background. As seen here the box moves down and some px to the right while the button just moves down:


This can be repeated indefinitely, clicking in the box gives it focus and moves it, clicking anywhere outside the box removes focus and moves it back. Sorry I can’t be of more help.