Unable To List Challenges

I am troubleshooting a policy issue. When I go to the WebUI>Tokens>List Challenges, I get an error:

Admin actions are defined, but the action getchallenges is not allowed!

If I disable all policies I am able to list challenges (or at least the error doesn’t appear). Enabling my administrator policy makes the error return. I have the same issue when attempting to create additional resolvers. My administrator policy is as follows:

Scope: admin
Admin-Realm: admin (The realm is specified in pi.cfg under superuser_realm)
Action: Everything is enabled
User-Realm: admin
User-Resolver: Administrators
All other options are left blank/unchecked.
image

image

I’ve also just noticed that, when enabled, I can’t see all my realms, only the admin realm (I have three total)

This is, what you actually configured - you can see the admin realm!
image

You want to empty the “User-Realm” and the “User-Resolver”.

1 Like

That fixed it, thanks @cornelinux.

I tried going back and reading the documentation but I just couldn’t wrap my head around how each setting applied.