Using PrivacyIdea with Univention 5 Error 905

Hello!

I was setting up privacyidea to use it together with the saml integration app in univention.

Ive configured the variables as following (Univention configuration registry):

privacyidea/saml/enable - authproc
privacyidea/saml/realm - domain
privacyidea/saml/uidkey - sAMAccountName
privacyidea/saml/url - https://2fa.domain.de
privacyidea/saml/verifyhost - false
privacyidea/saml/verifypeer - false

When I try to login with my user (using spass for testing), I receive following error:

On UCS site:
Error 905: ERR905: You need to specify a serial or a user.

Audit:
POST /validate/check 1 spass user realm Info matching 1 tokens
POST /validate/check 0 Info ERR905: You need to specify a serial or a user.

What Am I doing wrong?

Best Regards
LittleITWorld

Please set the simpleSAML log level to debug and post the log here

Log:

Jun 27 08:15:12 UCS01 simplesamlphp[25612]: 7 [f6201885ab]   <samlp:NameIDPolicy AllowCreate="false" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
Jun 27 08:15:12 UCS01 simplesamlphp[25612]: 7 [f6201885ab] </samlp:AuthnRequest>
Jun 27 08:15:12 UCS01 simplesamlphp[25612]: 7 [f6201885ab] Has 1 candidate keys for validation.
Jun 27 08:15:12 UCS01 simplesamlphp[25612]: 7 [f6201885ab] Validation with key #0 succeeded.
Jun 27 08:15:12 UCS01 simplesamlphp[25612]: 6 [f6201885ab] SAML2.0 - IdP.SSOService: incoming authentication request: 'https://portal.domain.de/univention/saml/metadata'
Jun 27 08:15:12 UCS01 simplesamlphp[25613]: 7 [f6201885ab] Localization: using old system
Jun 27 08:15:12 UCS01 simplesamlphp[25613]: 7 [f6201885ab] Template: Reading [/usr/share/simplesamlphp/dictionaries/login]
Jun 27 08:15:12 UCS01 simplesamlphp[25613]: 7 [f6201885ab] Template: Reading [/usr/share/simplesamlphp/modules/univentiontheme/dictionaries/login]
Jun 27 08:15:12 UCS01 simplesamlphp[25613]: 7 [f6201885ab] Loading state: '_885c9df0d7367669c1b630c4fd3a43eaf3d1928eae:https://portal.domain.de/simplesamlphp/saml2/idp/SSOService.php?spentityid=https.domain.de&cookieTime=1656310512&RelayState='
Jun 27 08:15:12 UCS01 simplesamlphp[25613]: 7 [f6201885ab] loading key simpleSAMLphp.session.e0e7a4aad75813313df253479482328e from memcache
Jun 27 08:15:45 UCS01 simplesamlphp[25715]: 7 [f6201885ab] Loading state: '_885c9df0d7367669c1b630c4fd3a43eaf3d1928eae:https://portal.domain.de/simplesamlphp/saml2/idp/SSOService.php?spentityid=https.domain.de&cookieTime=1656310512&RelayState='
Jun 27 08:15:45 UCS01 simplesamlphp[25715]: 7 [f6201885ab] Library - LDAP __construct(): Setup LDAP with host='ldap://UCS.lokal:7389', tls=true, debug=false, timeout=0, referrals=true
Jun 27 08:15:45 UCS01 simplesamlphp[25715]: 7 [f6201885ab] Library - LDAP bind(): Bind successful with DN 'uid=sys-idp-user,cn=users,dc=UCS,dc=lokal'
Jun 27 08:15:45 UCS01 simplesamlphp[25715]: 7 [f6201885ab] Library - LDAP search(): Searching base (subtree) 'dc=UCS,dc=lokal' for '(&(|(uid=user01)(mailPrimaryAddress=user01))(objectClass=person))'
Jun 27 08:15:45 UCS01 simplesamlphp[25715]: 7 [f6201885ab] Library - LDAP bind(): Bind successful with DN 'uid=user01,ou=Teachers,dc=UCS,dc=lokal'
Jun 27 08:15:45 UCS01 simplesamlphp[25715]: 7 [f6201885ab] Library - LDAP getAttributes(): Getting 'uid,mailPrimaryAddress,memberOf,enabledServiceProviderIdentifier,shadowExpire,sambaPwdLastSet,shadowLastChange,shadowMax,sambaKickoffTime,krb5ValidEnd,krb5PasswordEnd,sambaAcctFlags,univentionRegisteredThroughSelfService,univentionPasswordRecoveryEmailVerified' from DN 'uid=user01,ou=Teachers,dc=UCS,dc=lokal'
Jun 27 08:15:45 UCS01 simplesamlphp[25715]: 7 [f6201885ab] Library - LDAP getAttributes(): Found attributes '(uid,mailPrimaryAddress,sambaAcctFlags,memberOf,univentionPasswordRecoveryEmailVerified)'
Jun 27 08:15:45 UCS01 simplesamlphp[25715]: 7 [f6201885ab] got LDAP attributes:array (
Jun 27 08:15:45 UCS01 simplesamlphp[25715]:   'uid' =>
Jun 27 08:15:45 UCS01 simplesamlphp[25715]:   array (
Jun 27 08:15:45 UCS01 simplesamlphp[25715]:     0 => 'user01',
Jun 27 08:15:45 UCS01 simplesamlphp[25715]:   ),
Jun 27 08:15:45 UCS01 simplesamlphp[25715]:   'mailPrimaryAddress' =>
Jun 27 08:15:45 UCS01 simplesamlphp[25715]:   array (
Jun 27 08:15:45 UCS01 simplesamlphp[25715]:     0 => 'user01@domain.de',
Jun 27 08:15:45 UCS01 simplesamlphp[25715]:   ),
Jun 27 08:15:45 UCS01 simplesamlphp[25715]:   'sambaAcctFlags' =>
Jun 27 08:15:45 UCS01 simplesamlphp[25715]:   array (
Jun 27 08:15:45 UCS01 simplesamlphp[25715]:     0 => '[U          ]',
Jun 27 08:15:45 UCS01 simplesamlphp[25715]:   ),
Jun 27 08:15:45 UCS01 simplesamlphp[25715]:   'memberOf' =>
Jun 27 08:15:45 UCS01 simplesamlphp[25715]:   array (
Jun 27 08:15:45 UCS01 simplesamlphp[25715]:     0 => 'cn=GRP_Chat,ou=gruppen,dc=UCS,dc=lokal',
Jun 27 08:15:45 UCS01 simplesamlphp[25715]:     1 => 'cn=GRP_ChatUsers,ou=gruppen,dc=UCS,dc=lokal',
Jun 27 08:15:45 UCS01 simplesamlphp[25715]:     3 => 'cn=nmteachers-global,ou=teachers,dc=UCS,dc=lokal',
Jun 27 08:15:45 UCS01 simplesamlphp[25715]:     4 => 'cn=GRPUCS_ChatUsers,cn=groups,dc=UCS,dc=lokal',
Jun 27 08:15:45 UCS01 simplesamlphp[25715]:     5 => 'cn=Domänen-Benutzer,cn=groups,dc=UCS,dc=lokal',
Jun 27 08:15:45 UCS01 simplesamlphp[25715]:   ),
Jun 27 08:15:45 UCS01 simplesamlphp[25715]:   'univentionPasswordRecoveryEmailVerified' =>
Jun 27 08:15:45 UCS01 simplesamlphp[25715]:   array (
Jun 27 08:15:45 UCS01 simplesamlphp[25715]:     0 => 'TRUE',
Jun 27 08:15:45 UCS01 simplesamlphp[25715]:   ),
Jun 27 08:15:45 UCS01 simplesamlphp[25715]: )
Jun 27 08:15:45 UCS01 simplesamlphp[25715]: 5 STAT [f6201885ab] User 'user01' successfully authenticated from 172.xxx.xxx.xxx
Jun 27 08:15:45 UCS01 simplesamlphp[25715]: 7 [f6201885ab] Deleting state: '_885c9df0d7367669c1b630c4fd3a43eaf3d1928eae'
Jun 27 08:15:45 UCS01 simplesamlphp[25715]: 7 [f6201885ab] Session: doLogin("univention-ldap")
Jun 27 08:15:45 UCS01 simplesamlphp[25715]: 7 [f6201885ab] Session: Valid session found with 'univention-ldap'.
Jun 27 08:15:45 UCS01 simplesamlphp[25715]: 7 [f6201885ab] Session: Valid session found with 'univention-ldap'.
Jun 27 08:15:45 UCS01 simplesamlphp[25715]: 7 [f6201885ab] Filter config for https://portal.domain.de/simplesamlphp/saml2/idp/metadata.php->https://portal.domain.de/univention/saml/metadata: array (  0 =>   sspmod_privacyidea_Auth_Process_PrivacyideaAuthProc::__set_state(array(     'authProcConfig' =>     array (      'privacyideaServerURL' => 'https://2fa.domain.de',      'realm' => 'realm',      'uidKey' => 'sAMAccountName',      'sslVerifyHost' => 'false',      'sslVerifyPeer' => 'false',    ),     'pi' =>     PrivacyIDEA::__set_state(array(       'userAgent' => 'simpleSAMLphp',       'serverURL' => 'https://2fa.domain.de',       'realm' => 'realm',       'sslVerifyHost' => false,       'sslVerifyPeer' => false,       'serviceAccountName' => '',       'serviceAccountPass' => '',       'serviceAccountRealm' => '',       'logger' =>       PILogger::__set_state(array(      )),    )),     'priority' => 25,  )),  1 =>   sspmod_core_Auth_Process_LanguageAdaptor::__set_state(array(     'langattr' => 'preferredLanguage',     'priority' => 30,  )),  2 =>   sspmod_core_Auth_Process_StatisticsWithAttribute::__set_state(array(     'attribute' => 'realm',     'typeTag' => 'saml20-idp-SSO',     'skipPassive' => false,     'priority' => 45,  )),  3 =>   sspmod_core_Auth_Process_AttributeLimit::__set_state(array(     'allowedAttributes' =>     array (    ),     'isDefault' => false,     'priority' => 50,  )),  4 =>   sspmod_core_Auth_Process_LanguageAdaptor::__set_state(array(     'langattr' => 'preferredLanguage',     'priority' => 99,  )),  5 =>   sspmod_core_Auth_Process_AttributeMap::__set_state(array(     'map' =>     array (      'aRecord' => 'urn:oid:0.9.2342.19200300.100.1.26',      'aliasedEntryName' => 'urn:oid:2.5.4.1',      'aliasedObjectName' => 'urn:oid:2.5.4.1',      'associatedDomain' => 'urn:oid:0.9.2342.19200300.100.1.37',      'associatedName' => 'urn:oid:0.9.2342.19200300.100.1.38',      'audio' => 'urn:oid:0.9.2342.19200300.100.1.55',      'authorityRevocationList' => 'urn:oid:2.5.4.38',      'buildingName' => 'urn:oid:0.9.2342.19200300.100.1.48',      'businessCategory' => 'urn:oid:2.5.4.15',      'c' => 'urn:oid:2.5.4.6',      'cACertificate' => 'urn:oid:2.5.4.37',      'cNAMERecord' => 'urn:oid:0.9.2342.19200300.100.1.31',      'carLicense' => 'urn:oid:2.16.840.1.113730.3.1.1',      'certificateRevocationList' => 'urn:oid:2.5.4.39',      'cn' => 'urn:oid:2.5.4.3',      'co' => 'urn:oid:0.9.2342.19200300.100.1.43',      'commonName' => 'urn:oid:2.5.4.3',      'countryName' => 'urn:oid:2.5.4.6',      'crossCertificatePair' => 'urn:oid:2.5.4.40',      'dITRedirect' => 'urn:oid:0.9.2342.19200300.100.1.54',      'dSAQuality' => 'urn:oid:0.9.2342.19200300.100.1.49',      'dc' => 'urn:oid:0.9.2342.19200300.100.1.25',      'deltaRevocationList' => 'urn:oid:2.5.4.53',      'departmentNumber' => 'urn:oid:2.16.840.1.113730.3.1.2',      'description' => 'urn:oid:2.5.4.13',      'destinationIndicator' => 'urn:oid:2.5.4.27',      'displayName' => 'urn:oid:2.16.840.1.113730.3.1.241',      'distinguishedName' => 'urn:oid:2.5.4.49',      'dmdName' => 'urn:oid:2.5.4.54',      'dnQualifier' => 'urn:oid:2.5.4.46',      'documentAuthor' => 'urn:oid:0.9.2342.19200300.100.1.14',      'documentIdentifier' => 'urn:oid:0.9.2342.19200300.100.1.11',      'documentLocation' => 'urn:oid:0.9.2342.19200300.100.1.15',      'documentPublisher' => 'urn:oid:0.9.2342.19200300.100.1.56',      'documentTitle' => 'urn:oid:0.9.2342.19200300.100.1.12',      'documentVersion' => 'urn:oid:0.9.2342.19200300.100.1.13',      'domainComponent' => 'urn:oid:0.9.2342.19200300.100.1.25',      'drink' => 'urn:oid:0.9.2342.19200300.100.1.5',      'eduOrgHomePageURI' => 'urn:oid:1.3.6.1.4.1.5923.1.2.1.2',      'eduOrgIdentityAuthNPolicyURI' => 'urn:oid:1.3.6.1.4.1.5923.1.2.1.3',      'eduOrgLegalName' => 'urn:oid:1.3.6.1.4.1.5923.1.2.1.4',      'eduOrgSuperiorURI' => 'urn:oid:1.3.6.1.4.1.5923.1.2.1.5',      'eduOrgWhitePagesURI' => 'urn:oid:1.3.6.1.4.1.5923.1.2.1.6',      'eduPersonAffiliation' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.1',
Jun 27 08:15:45 UCS01 simplesamlphp[25715]: 4 [f6201885ab] The class or interface 'SimpleSAML_Logger' is now using namespaces, please use 'SimpleSAML\Logger'.
Jun 27 08:15:45 UCS01 simplesamlphp[25715]: 6 [f6201885ab] privacyIDEA: Auth Proc Filter - Entering process function.
Jun 27 08:15:45 UCS01 simplesamlphp[25715]: 7 [f6201885ab] Saved state: '_885c9df0d7367669c1b630c4fd3a43eaf3d1928eae:https://portal.domain.de/simplesamlphp/saml2/idp/SSOService.php?spentityid=https.hla-flensburg.de&cookieTime=1656310512&RelayState='
Jun 27 08:15:45 UCS01 simplesamlphp[25715]: 7 [f6201885ab] Loading state: '_885c9df0d7367669c1b630c4fd3a43eaf3d1928eae:https://portal.domain.de/simplesamlphp/saml2/idp/SSOService.php?spentityid=https.domain.de&cookieTime=1656310512&RelayState='
Jun 27 08:15:45 UCS01 simplesamlphp[25715]: 7 [f6201885ab] Saved state: '_885c9df0d7367669c1b630c4fd3a43eaf3d1928eae:https://portal.domain.de/simplesamlphp/saml2/idp/SSOService.php?spentityid=https.domain.de&cookieTime=1656310512&RelayState='
Jun 27 08:15:45 UCS01 simplesamlphp[25715]: 4 [f6201885ab] The class or interface 'SimpleSAML_Module' is now using namespaces, please use 'SimpleSAML\Module'.
Jun 27 08:15:45 UCS01 simplesamlphp[25715]: 7 [f6201885ab] saving key simpleSAMLphp.session.e0e7a4aad75813313df253479482328e to memcache
Jun 27 08:15:45 UCS01 simplesamlphp[25715]: 7 [f6201885ab] Loading state: '_885c9df0d7367669c1b630c4fd3a43eaf3d1928eae:https://portal.domain.de/simplesamlphp/saml2/idp/SSOService.php?spentityid=https.domain.de&cookieTime=1656310512&RelayState='
Jun 27 08:15:45 UCS01 simplesamlphp[25715]: 7 [f6201885ab] loading key simpleSAMLphp.session.e0e7a4aad75813313df253479482328e from memcache
Jun 27 08:15:45 UCS01 simplesamlphp[25716]: 7 [f6201885ab] Localization: using old system
Jun 27 08:15:45 UCS01 simplesamlphp[25716]: 4 [f6201885ab] The class or interface 'SimpleSAML_Module' is now using namespaces, please use 'SimpleSAML\Module'.
Jun 27 08:15:45 UCS01 simplesamlphp[25716]: 7 [f6201885ab] /simplesamlphp/module.php/privacyidea/FormBuilder.php - Template: Could not find template file [privacyidea:LoginForm.php] at [/usr/share/simplesamlphp/modules/univentiontheme/themes/univention/privacyidea/LoginForm.php] - now trying the base template
Jun 27 08:15:45 UCS01 simplesamlphp[25716]: 7 [f6201885ab] Template: Reading [/usr/share/simplesamlphp/modules/privacyidea/dictionaries/privacyidea]
Jun 27 08:15:45 UCS01 simplesamlphp[25716]: 7 [f6201885ab] saving key simpleSAMLphp.session.e0e7a4aad75813313df253479482328e to memcache
Jun 27 08:15:45 UCS01 simplesamlphp[25716]: 7 [f6201885ab] Template: Reading [/usr/share/simplesamlphp/dictionaries/login]
Jun 27 08:15:45 UCS01 simplesamlphp[25716]: 7 [f6201885ab] Template: Reading [/usr/share/simplesamlphp/dictionaries/status]
Jun 27 08:15:45 UCS01 simplesamlphp[25716]: 4 [f6201885ab] The class or interface 'SimpleSAML_Logger' is now using namespaces, please use 'SimpleSAML\Logger'.
Jun 27 08:15:45 UCS01 simplesamlphp[25716]: 7 [f6201885ab] Loading privacyIDEA form..
Jun 27 08:15:45 UCS01 simplesamlphp[25716]: 7 [f6201885ab] Loading state: '_885c9df0d7367669c1b630c4fd3a43eaf3d1928eae:https://portal.domain.de/simplesamlphp/saml2/idp/SSOService.php?spentityid=https.domain.de&cookieTime=1656310512&RelayState='
Jun 27 08:15:45 UCS01 simplesamlphp[25716]: 7 [f6201885ab] loading key simpleSAMLphp.session.e0e7a4aad75813313df253479482328e from memcache
Jun 27 08:15:49 UCS01 systemd[1]: univention-self-service-invitation.service: Service RestartSec=1min expired, scheduling restart.
Jun 27 08:15:49 UCS01 systemd[1]: univention-self-service-invitation.service: Scheduled restart job, restart counter is at 4174.
Jun 27 08:15:49 UCS01 systemd[1]: Stopped Univention self service invitation daemon.
Jun 27 08:15:49 UCS01 systemd[1]: Started Univention self service invitation daemon.
Jun 27 08:15:49 UCS01 systemd[1]: univention-self-service-invitation.service: Main process exited, code=exited, status=1/FAILURE
Jun 27 08:15:49 UCS01 systemd[1]: univention-self-service-invitation.service: Failed with result 'exit-code'.
Jun 27 08:15:51 UCS01 simplesamlphp[25722]: 7 [f6201885ab] Loading state: '_885c9df0d7367669c1b630c4fd3a43eaf3d1928eae:https://portal.domain.de/simplesamlphp/saml2/idp/SSOService.php?spentityid=https.domain.de&cookieTime=1656310512&RelayState='
Jun 27 08:15:51 UCS01 simplesamlphp[25722]: 4 [f6201885ab] The class or interface 'SimpleSAML_Logger' is now using namespaces, please use 'SimpleSAML\Logger'.
Jun 27 08:15:51 UCS01 simplesamlphp[25722]: 7 [f6201885ab] privacyIDEA: Utils::authenticatePI with form data:
Jun 27 08:15:51 UCS01 simplesamlphp[25722]: username=, pass=, otp=123456, mode=otp, pushAvailable=, otpAvailable=1, modeChanged=0, webAuthnSignResponse=, webAuthnSignRequest=, origin=, u2fSignRequest=, u2fSignResponse=, message=, loadCounter=1
Jun 27 08:15:51 UCS01 simplesamlphp[25722]: 3 [f6201885ab] SimpleSAML_Error_Assertion: Assertion failed: NULL
Jun 27 08:15:51 UCS01 simplesamlphp[25722]: 3 [f6201885ab] Backtrace:
Jun 27 08:15:51 UCS01 simplesamlphp[25722]: 3 [f6201885ab] 5 /usr/share/simplesamlphp/lib/SimpleSAML/Error/Assertion.php:80 (SimpleSAML_Error_Assertion::onAssertion)
Jun 27 08:15:51 UCS01 simplesamlphp[25722]: 3 [f6201885ab] 4 [builtin] (assert)
Jun 27 08:15:51 UCS01 simplesamlphp[25722]: 3 [f6201885ab] 3 /usr/share/simplesamlphp/modules/privacyidea/lib/php-client/src/PrivacyIDEA.php:70 (PrivacyIDEA::validateCheck)
Jun 27 08:15:51 UCS01 simplesamlphp[25722]: 3 [f6201885ab] 2 /usr/share/simplesamlphp/modules/privacyidea/lib/Auth/Utils.php:127 (sspmod_privacyidea_Auth_Utils::authenticatePI)
Jun 27 08:15:51 UCS01 simplesamlphp[25722]: 3 [f6201885ab] 1 /usr/share/simplesamlphp/modules/privacyidea/www/FormReceiver.php:56 (require)
Jun 27 08:15:51 UCS01 simplesamlphp[25722]: 3 [f6201885ab] 0 /usr/share/simplesamlphp/www/module.php:135 (N/A)
Jun 27 08:15:51 UCS01 simplesamlphp[25722]: 7 [f6201885ab] privacyIDEA-PHP-Client: Sending pass=123456, realm=realm to /validate/check
Jun 27 08:15:52 UCS01 simplesamlphp[25722]: 7 [f6201885ab] privacyIDEA-PHP-Client: /validate/check returned {
Jun 27 08:15:52 UCS01 simplesamlphp[25722]:     "detail": null,
Jun 27 08:15:52 UCS01 simplesamlphp[25722]:     "id": 1,
Jun 27 08:15:52 UCS01 simplesamlphp[25722]:     "jsonrpc": "2.0",
Jun 27 08:15:52 UCS01 simplesamlphp[25722]:     "result": {
Jun 27 08:15:52 UCS01 simplesamlphp[25722]:         "error": {
Jun 27 08:15:52 UCS01 simplesamlphp[25722]:             "code": 905,
Jun 27 08:15:52 UCS01 simplesamlphp[25722]:             "message": "ERR905: You need to specify a serial or a user."
Jun 27 08:15:52 UCS01 simplesamlphp[25722]:         },
Jun 27 08:15:52 UCS01 simplesamlphp[25722]:         "status": false
Jun 27 08:15:52 UCS01 simplesamlphp[25722]:     },
Jun 27 08:15:52 UCS01 simplesamlphp[25722]:     "time": 1656310552.8505678,
Jun 27 08:15:52 UCS01 simplesamlphp[25722]:     "version": "privacyIDEA 3.7.1",
Jun 27 08:15:52 UCS01 simplesamlphp[25722]:     "signature": "rsa_sha256_pss:bf71a09b3feb560af626c3071e90b71c872c43ce483a9f54c22125d4113c507892c7699bc4da04a281cef3cd67978283b45b34504653e64107276d97a90fc468223bc0d6170c85bf2e9ee529a63bfe9a59cb8f219dd8d59cd0cc97ff647091beb41ec63562ec91eabfc9a3dae11a9d1d7f6383afe6d70161418f13daf19d4003615e548cfe18f0d75796da9722afdb3ebcbcc863f3787344583d3f1964e096687fad20f8d35fc3791cca5da3d0c35406263018c3623ccd7a124fd7f985bdba871adff52b9dd5a2dd5397bc7a2068621ef2ddaf71f6a6bc66d6cbb4dca847c6b165d9e52fcf4aa4033c1bc951359ed1bb47ced3cbf146a0c78054c2364bd857c0"
Jun 27 08:15:52 UCS01 simplesamlphp[25722]: }
Jun 27 08:15:52 UCS01 simplesamlphp[25722]: 7 [f6201885ab] Saved state: '_885c9df0d7367669c1b630c4fd3a43eaf3d1928eae:https://portal.hla-flensburg.de/simplesamlphp/saml2/idp/SSOService.php?spentityid=https.hla-flensburg.de&cookieTime=1656310512&RelayState='
Jun 27 08:15:52 UCS01 simplesamlphp[25722]: 7 [f6201885ab] Loading state: '_885c9df0d7367669c1b630c4fd3a43eaf3d1928eae:https://portal.domain.de/simplesamlphp/saml2/idp/SSOService.php?spentityid=https.domain.de&cookieTime=1656310512&RelayState='
Jun 27 08:15:52 UCS01 simplesamlphp[25722]: 3 [f6201885ab] privacyIDEA: Error code: 905, Error message: ERR905: You need to specify a serial or a user.
Jun 27 08:15:52 UCS01 simplesamlphp[25722]: 7 [f6201885ab] Saved state: '_885c9df0d7367669c1b630c4fd3a43eaf3d1928eae:https://portal.domain.de/simplesamlphp/saml2/idp/SSOService.php?spentityid=https.domain.de&cookieTime=1656310512&RelayState='
Jun 27 08:15:52 UCS01 simplesamlphp[25722]: 4 [f6201885ab] The class or interface 'SimpleSAML_Module' is now using namespaces, please use 'SimpleSAML\Module'.
Jun 27 08:15:52 UCS01 simplesamlphp[25722]: 7 [f6201885ab] saving key simpleSAMLphp.session.e0e7a4aad75813313df253479482328e to memcache
Jun 27 08:15:52 UCS01 simplesamlphp[25722]: 7 [f6201885ab] loading key simpleSAMLphp.session.e0e7a4aad75813313df253479482328e from memcache
Jun 27 08:15:52 UCS01 simplesamlphp[25725]: 7 [f6201885ab] Localization: using old system
Jun 27 08:15:52 UCS01 simplesamlphp[25725]: 7 [f6201885ab] Saved state: '_885c9df0d7367669c1b630c4fd3a43eaf3d1928eae:https://portal.domain.de/simplesamlphp/saml2/idp/SSOService.php?spentityid=https.domain.de&cookieTime=1656310512&RelayState='
Jun 27 08:15:52 UCS01 simplesamlphp[25725]: 4 [f6201885ab] The class or interface 'SimpleSAML_Module' is now using namespaces, please use 'SimpleSAML\Module'.
Jun 27 08:15:52 UCS01 simplesamlphp[25725]: 7 [f6201885ab] /simplesamlphp/module.php/privacyidea/FormBuilder.php - Template: Could not find template file [privacyidea:LoginForm.php] at [/usr/share/simplesamlphp/modules/univentiontheme/themes/univention/privacyidea/LoginForm.php] - now trying the base template
Jun 27 08:15:52 UCS01 simplesamlphp[25725]: 7 [f6201885ab] Template: Reading [/usr/share/simplesamlphp/modules/privacyidea/dictionaries/privacyidea]
Jun 27 08:15:52 UCS01 simplesamlphp[25725]: 7 [f6201885ab] saving key simpleSAMLphp.session.e0e7a4aad75813313df253479482328e to memcache
Jun 27 08:15:52 UCS01 simplesamlphp[25725]: 7 [f6201885ab] Template: Reading [/usr/share/simplesamlphp/dictionaries/login]
Jun 27 08:15:52 UCS01 simplesamlphp[25725]: 7 [f6201885ab] Template: Reading [/usr/share/simplesamlphp/dictionaries/status]
Jun 27 08:15:52 UCS01 simplesamlphp[25725]: 4 [f6201885ab] The class or interface 'SimpleSAML_Logger' is now using namespaces, please use 'SimpleSAML\Logger'.
Jun 27 08:15:52 UCS01 simplesamlphp[25725]: 7 [f6201885ab] Loading privacyIDEA form..
Jun 27 08:15:52 UCS01 simplesamlphp[25725]: 7 [f6201885ab] Loading state: '_885c9df0d7367669c1b630c4fd3a43eaf3d1928eae:https://portal.domain.de/simplesamlphp/saml2/idp/SSOService.php?spentityid=https.domain.de&cookieTime=1656310512&RelayState='
Jun 27 08:15:52 UCS01 simplesamlphp[25725]: 7 [f6201885ab] loading key simpleSAMLphp.session.e0e7a4aad75813313df253479482328e from memcache

The username does not reach the backend code from the form:

> Jun 27 08:15:51 UCS01 simplesamlphp[25722]: 7 [f6201885ab] privacyIDEA: Utils::authenticatePI with form data:
> Jun 27 08:15:51 UCS01 simplesamlphp[25722]: username=, pass=, otp=123456, mode=otp, pushAvailable=, otpAvailable=1, modeChanged=0, webAuthnSignResponse=, webAuthnSignRequest=, origin=, u2fSignRequest=, u2fSignResponse=, message=, loadCounter=1

Did you edit simplesamlphp/modules/privacyidea/templates/LoginForm.php?

No I havent touched it, Ive only edited the following:

Header.php – /usr/share/simplesamlphp/modules/univentiontheme/themes/univention/default/includes/header.php

favicon.ico – /var/www/favicon.ico

index.html – /usr/share/univention-portal/index.html

custom.css – /usr/share/univention-portal/css/custom.css

can you paste the content of your LoginForm.php here

Sure

<?php

// Set default scenario if isn't set
if (!empty($this->data['authProcFilterScenario']))
{
    if (empty($this->data['username']))
    {
        $this->data['username'] = null;
    }
}
else
{
    $this->data['authProcFilterScenario'] = 0;
}

// Set the right text shown in otp/pass field(s)
if (isset($this->data['otpFieldHint']))
{
    $otpHint = $this->data['otpFieldHint'];
}
else
{
    $otpHint = $this->t('{privacyidea:privacyidea:otp}');
}
if (isset($this->data['passFieldHint']))
{
    $passHint = $this->data['passFieldHint'];
}
else
{
    $passHint = $this->t('{privacyidea:privacyidea:password}');
}

$this->data['header'] = $this->t('{privacyidea:privacyidea:header}');

// Prepare next settings
if (strlen($this->data['username']) > 0)
{
    $this->data['autofocus'] = 'password';
}
else
{
    $this->data['autofocus'] = 'username';
}

$this->data['head'] .= '<link rel="stylesheet" href="'
    . htmlspecialchars(SimpleSAML_Module::getModuleUrl('privacyidea/css/loginform.css'), ENT_QUOTES)
    . '" media="screen" />';

$this->includeAtTemplateBase('includes/header.php');

// Prepare error case to show it in UI if needed
if ($this->data['errorCode'] !== NULL)
{
    ?>

    <div class="error-dialog">
        <img src="/<?php echo htmlspecialchars($this->data['baseurlpath'], ENT_QUOTES); ?>resources/icons/experience/gtk-dialog-error.48x48.png"
             class="float-l erroricon" alt="gtk-dialog-error"/>
        <h2><?php echo $this->t('{login:error_header}'); ?></h2>
        <p>
            <strong><?php echo htmlspecialchars("Error " . $this->data['errorCode'] . ": " . $this->data['errorMessage']); ?></strong>
        </p>
    </div>

    <?php
}  // end of errorcode
?>

    <div class="container">
        <div class="login">
            <div class="loginlogo"></div>

            <?php
            if ($this->data['authProcFilterScenario'])
            {
                echo '<h2>' . htmlspecialchars($this->t('{privacyidea:privacyidea:login_title_challenge}')) . '</h2>';
            }
            else
            {
                if ($this->data['step'] < 2)
                {
                    echo '<h2>' . htmlspecialchars($this->t('{privacyidea:privacyidea:login_title}')) . '</h2>';
                }
            }
            ?>

            <form action="FormReceiver.php" method="POST" id="piLoginForm" name="piLoginForm" class="loginForm">
                <div class="form-panel first valid" id="gaia_firstform">
                    <div class="slide-out ">
                        <div class="input-wrapper focused">
                            <div class="identifier-shown">
                                <?php
                                if ($this->data['forceUsername'])
                                {
                                    ?>
                                    <h3><?php echo htmlspecialchars($this->data['username']) ?></h3>
                                    <input type="hidden" id="username" name="username"
                                           value="<?php echo htmlspecialchars($this->data['username'], ENT_QUOTES) ?>"/>
                                    <?php
                                }
                                else
                                {
                                    ?>
                                    <label for="username" class="sr-only">
                                        <?php echo $this->t('{login:username}'); ?>
                                    </label>
                                    <input type="text" id="username" tabindex="1" name="username" autofocus
                                           value="<?php echo htmlspecialchars($this->data['username'], ENT_QUOTES) ?>"
                                           placeholder="<?php echo htmlspecialchars($this->t('{login:username}'), ENT_QUOTES) ?>"
                                    />
                                    <br>
                                    <?php
                                }

                                // Remember username in authproc
                                if (!$this->data['authProcFilterScenario'])
                                {
                                    if ($this->data['rememberUsernameEnabled'] || $this->data['rememberMeEnabled'])
                                    {
                                        $rowspan = 1;
                                    }
                                    elseif (array_key_exists('organizations', $this->data))
                                    {
                                        $rowspan = 3;
                                    }
                                    else
                                    {
                                        $rowspan = 2;
                                    }
                                    if ($this->data['rememberUsernameEnabled'] || $this->data['rememberMeEnabled'])
                                    {
                                        if ($this->data['rememberUsernameEnabled'])
                                        {
                                            echo str_repeat("\t", 4);
                                            echo '<input type="checkbox" id="rememberUsername" tabindex="4" name="rememberUsername"
                                         value="Yes" ';
                                            echo $this->data['rememberUsernameChecked'] ? 'checked="Yes" /> ' : '/> ';
                                            echo htmlspecialchars($this->t('{login:remember_username}'));
                                        }
                                        if ($this->data['rememberMeEnabled'])
                                        {
                                            echo str_repeat("\t", 4);
                                            echo '<input type="checkbox" id="rememberMe" tabindex="4" name="rememberMe" value="Yes" ';
                                            echo $this->data['rememberMeChecked'] ? 'checked="Yes" /> ' : '/> ';
                                            echo htmlspecialchars($this->t('{login:remember_me}'));
                                        }
                                    }
                                } ?>

                                <!-- Pass and OTP fields -->
                                <label for="password" class="sr-only">
                                    <?php echo $this->t('{privacyidea:privacyidea:password}'); ?>
                                </label>
                                <input id="password" name="password" tabindex="1" type="password" value="" class="text"
                                       placeholder="<?php echo htmlspecialchars($passHint, ENT_QUOTES) ?>"/>

                                <strong id="message"><?php echo htmlspecialchars(@$this->data['message'] ?: "", ENT_QUOTES)?></strong>
                                <br>
                                <input id="otp" name="otp" type="password"
                                       placeholder="<?php echo htmlspecialchars($otpHint, ENT_QUOTES) ?>">
                                <br><br>
                                <input id="submitButton" tabindex="1" class="rc-button rc-button-submit" type="submit"
                                       name="Submit"
                                       value="<?php echo htmlspecialchars($this->t('{login:login_button}'), ENT_QUOTES) ?>"/>
                                <br><br>

                                <!-- Undefined index is suppressed and the default is used for these values -->
                                <input id="mode" type="hidden" name="mode"
                                       value="<?php echo htmlspecialchars(@$this->data['mode'] ?: "otp", ENT_QUOTES) ?>"/>

                                <input id="pushAvailable" type="hidden" name="pushAvailable"
                                       value="<?php echo htmlspecialchars(@$this->data['pushAvailable'] ?: "", ENT_QUOTES) ?>"/>

                                <input id="otpAvailable" type="hidden" name="otpAvailable"
                                       value="<?php echo htmlspecialchars(@$this->data['otpAvailable'] ?: "1", ENT_QUOTES) ?>"/>

                                <input id="webAuthnSignRequest" type="hidden" name="webAuthnSignRequest"
                                       value='<?php echo htmlspecialchars(@$this->data['webAuthnSignRequest'] ?: "", ENT_QUOTES) ?>'/>

                                <input id="u2fSignRequest" type="hidden" name="u2fSignRequest"
                                       value='<?php echo htmlspecialchars(@$this->data['u2fSignRequest'] ?: "", ENT_QUOTES) ?>'/>

                                <input id="modeChanged" type="hidden" name="modeChanged" value="0"/>
                                <input id="step" type="hidden" name="step"
                                       value="<?php echo htmlspecialchars(@$this->data['step'] ?: 2, ENT_QUOTES) ?>"/>

                                <input id="webAuthnSignResponse" type="hidden" name="webAuthnSignResponse" value=""/>
                                <input id="u2fSignResponse" type="hidden" name="u2fSignResponse" value=""/>
                                <input id="origin" type="hidden" name="origin" value=""/>
                                <input id="loadCounter" type="hidden" name="loadCounter"
                                       value="<?php echo htmlspecialchars(@$this->data['loadCounter'] ?: 1, ENT_QUOTES) ?>"/>

                                <!-- Additional input to persist the message -->
                                <input type="hidden" name="message"
                                       value="<?php echo htmlspecialchars(@$this->data['message'] ?: "" , ENT_QUOTES)?>"/>

                                <?php
                                // If enrollToken load QR Code
                                if (isset($this->data['tokenQR']))
                                {
                                    echo htmlspecialchars($this->t('{privacyidea:privacyidea:scanTokenQR}'));
                                    ?>
                                    <div class="tokenQR">
                                        <?php echo '<img src="' . $this->data['tokenQR'] . '" />'; ?>
                                    </div>
                                    <?php
                                }
                                ?>
                            </div>

                            <?php
                            // Organizations
                            if (array_key_exists('organizations', $this->data))
                            {
                                ?>
                                <div class="identifier-shown">
                                    <label for="organization"><?php echo htmlspecialchars($this->t('{login:organization}')); ?></label>
                                    <select id="organization" name="organization" tabindex="3">
                                        <?php
                                        if (array_key_exists('selectedOrg', $this->data))
                                        {
                                            $selectedOrg = $this->data['selectedOrg'];
                                        }
                                        else
                                        {
                                            $selectedOrg = NULL;
                                        }

                                        foreach ($this->data['organizations'] as $orgId => $orgDesc)
                                        {
                                            if (is_array($orgDesc))
                                            {
                                                $orgDesc = $this->t($orgDesc);
                                            }

                                            if ($orgId === $selectedOrg)
                                            {
                                                $selected = 'selected="selected" ';
                                            }
                                            else
                                            {
                                                $selected = '';
                                            }

                                            echo '<option ' . $selected . 'value="' . htmlspecialchars($orgId, ENT_QUOTES) . '">' . htmlspecialchars($orgDesc) . '</option>';
                                        } ?>
                                    </select>
                                </div>
                            <?php } ?>
                        </div> <!-- focused -->
                    </div> <!-- slide-out-->
                </div> <!-- form-panel -->

                <div id="AlternateLoginOptions" class="groupMargin">

                    <h3><label><?php echo $this->t('{privacyidea:privacyidea:alternate_login_options}'); ?></label></h3>
                    <br>

                    <!-- Alternate Login Options-->
                    <input id="useWebAuthnButton" name="useWebAuthnButton" type="button" value="WebAuthn"/>
                    <input id="usePushButton" name="usePushButton" type="button" value="Push"/>
                    <input id="useOTPButton" name="useOTPButton" type="button" value="OTP"/>
                    <input id="useU2FButton" name="useU2FButton" type="button" value="U2F"/>
                </div>
                <br>
            </form>

            <?php
            // Logout
            if (isset($this->data['LogoutURL']))
            { ?>
                <p>
                    <a href="<?php echo htmlspecialchars($this->data['LogoutURL']); ?>"><?php echo $this->t('{status:logout}'); ?></a>
                </p>
            <?php } ?>
        </div>  <!-- End of login -->
    </div>  <!-- End of container -->

<?php
if (!empty($this->data['links']))
{
    echo '<ul class="links">';
    foreach ($this->data['links'] as $l)
    {
        echo '<li><a href="' . htmlspecialchars($l['href'], ENT_QUOTES) . '">' . htmlspecialchars($this->t($l['text'])) . '</a></li>';
    }
    echo '</ul>';
}
?>

    <script src="<?php echo htmlspecialchars(SimpleSAML_Module::getModuleUrl('privacyidea/js/pi-webauthn.js'), ENT_QUOTES) ?>">
    </script>

    <script src="<?php echo htmlspecialchars(SimpleSAML_Module::getModuleUrl('privacyidea/js/u2f-api.js'), ENT_QUOTES) ?>">
    </script>

    <meta id="privacyidea-step" name="privacyidea-step" content="<?php echo $this->data['step'] ?>">
    <meta id="privacyidea-hide-alternate" name="privacyidea-hide-alternate" content="<?php echo (
        !$this->data['pushAvailable']
        && (!isset($this->data['u2fSignRequest']) || ($this->data['u2fSignRequest']) == "")
        && (!isset($this->data['webAuthnSignRequest']) || ($this->data['webAuthnSignRequest']) == "")
    ) ? 'true' : 'false'; ?>">

    <meta id="privacyidea-translations" name="privacyidea-translations" content="<?php
    $translations = [];
    $translation_keys = [
        'alert_webauthn_insecure_context', 'alert_webauthn_unavailable', 'alert_webAuthnSignRequest_error',
        'alert_u2f_insecure_context', 'alert_u2f_unavailable', 'alert_U2FSignRequest_error',
    ];
    foreach ($translation_keys as $translation_key)
    {
        $translations[$translation_key] = $this->t(sprintf('{privacyidea:privacyidea:%s}', $translation_key));
    }
    echo htmlspecialchars(json_encode($translations));
    ?>">

    <script src="<?php echo htmlspecialchars(SimpleSAML_Module::getModuleUrl('privacyidea/js/loginform.js'), ENT_QUOTES) ?>">
    </script>

<?php
$this->includeAtTemplateBase('includes/footer.php');
?>

Do you always get that error? Did you just enter the OTP, so there was no username field above the OTP input?

yes even when I use a different method.
yes there is only a field to enter otp nothing more.

Change privacyidea/saml/uidkey to ‘uid’ and try again please. Since you do not enter the username in our module, we need to get it from the one before ours (univention). It seems to be stored in ‘uid’

 7 [f6201885ab] got LDAP attributes:array (
Jun 27 08:15:45 UCS01 simplesamlphp[25715]:   'uid' =>
Jun 27 08:15:45 UCS01 simplesamlphp[25715]:   array (
Jun 27 08:15:45 UCS01 simplesamlphp[25715]:     0 => 'user01',
Jun 27 08:15:45 UCS01 simplesamlphp[25715]:   ),