I am troubleshooting a policy issue. When I go to the WebUI>Tokens>List Challenges, I get an error:
Admin actions are defined, but the action getchallenges is not allowed!
If I disable all policies I am able to list challenges (or at least the error doesn’t appear). Enabling my administrator policy makes the error return. I have the same issue when attempting to create additional resolvers. My administrator policy is as follows:
Scope: admin
Admin-Realm: admin (The realm is specified in pi.cfg under superuser_realm)
Action: Everything is enabled
User-Realm: admin
User-Resolver: Administrators
All other options are left blank/unchecked.
I’ve also just noticed that, when enabled, I can’t see all my realms, only the admin realm (I have three total)