Webauthn token enrollment throws 500 error, value too long for type character varying(50)

I am using version 3.3.3 of privacyIDEA with Python 3.7.9 on Debian buster (10.5) and PostgreSQL 11.9. The psycopg2 version (via pip list) is 2.8.5.

When I attempt to enroll a webauthn token I receive a 500 error and the following is logged:

[2020-08-25 17:15:09,278][8][140005890111296][ERROR][privacyidea.app:1891] Exception on /token/init [POST]
Traceback (most recent call last):
File “/opt/privacyidea/lib/python3.7/site-packages/flask/app.py”, line 2446, in wsgi_app
response = self.full_dispatch_request()
File “/opt/privacyidea/lib/python3.7/site-packages/flask/app.py”, line 1951, in full_dispatch_request
rv = self.handle_user_exception(e)
File “/opt/privacyidea/lib/python3.7/site-packages/flask/app.py”, line 1820, in handle_user_exception
reraise(exc_type, exc_value, tb)
File “/opt/privacyidea/lib/python3.7/site-packages/flask/_compat.py”, line 39, in reraise
raise value
File “/opt/privacyidea/lib/python3.7/site-packages/flask/app.py”, line 1949, in full_dispatch_request
rv = self.dispatch_request()
File “/opt/privacyidea/lib/python3.7/site-packages/flask/app.py”, line 1935, in dispatch_request
return self.view_functionsrule.endpoint
File “/opt/privacyidea/lib/python3.7/site-packages/privacyidea/api/lib/prepolicy.py”, line 151, in policy_wrapper
return wrapped_function(*args, **kwds)
File “/opt/privacyidea/lib/python3.7/site-packages/privacyidea/api/lib/prepolicy.py”, line 151, in policy_wrapper
return wrapped_function(*args, **kwds)
File “/opt/privacyidea/lib/python3.7/site-packages/privacyidea/api/lib/prepolicy.py”, line 151, in policy_wrapper
return wrapped_function(*args, **kwds)
[Previous line repeated 16 more times]
File “/opt/privacyidea/lib/python3.7/site-packages/privacyidea/api/lib/prepolicy.py”, line 150, in policy_wrapper
File “/opt/privacyidea/lib/python3.7/site-packages/privacyidea/api/lib/prepolicy.py”, line 1794, in webauthntoken_allowed
att_obj = WebAuthnRegistrationResponse.parse_attestation_object(reg_data)
File “/opt/privacyidea/lib/python3.7/site-packages/privacyidea/lib/tokens/webauthn.py”, line 826, in parse_attestation_object
return cbor2.loads(webauthn_b64_decode(attestation_object))
File “/opt/privacyidea/lib/python3.7/site-packages/privacyidea/lib/tokens/webauthn.py”, line 1683, in webauthn_b64_decode
return url_decode(encoded)
File “/opt/privacyidea/lib/python3.7/site-packages/privacyidea/lib/tokens/u2f.py”, line 54, in url_decode
res = base64.urlsafe_b64decode(to_bytes(url) + to_bytes(padding))
File “/usr/local/lib/python3.7/base64.py”, line 133, in urlsafe_b64decode
return b64decode(s)
File “/usr/local/lib/python3.7/base64.py”, line 87, in b64decode
return binascii.a2b_base64(s)
binascii.Error: Incorrect padding
[2020-08-25 17:15:09,319][8][140005890111296][ERROR][privacyidea.lib.auditmodules.sqlaudit:260] exception DataError(’(psycopg2.errors.StringDataRightTruncation) value too long for type character varying(50)\n’)

How might I work around this issue?

Does the stack trace help anyone familiar with the code base to understand which column in which table needs to be altered?

If I missed a step when configuring/deploying and using PostgreSQL I would be grateful if someone could point me to the documentation. I have looked for any PostgreSQL specific details but I have not found any so far.

Thank you.

Hi and welcome to the privacyIDEA community!

Thankfully this is not webauthn issue! :wink:

It is rather a DB issue. privacyIDEA tries to write an entry to the audit log (which is a db table pidea_audit) but the field is not long enough for this value.

You could either enlong the field (which I would not recommend in the first step) or you can truncate the value. privacyIDEA has a config switch to do so in your pi.cfg:



Unfortunately You might have also ran into this:

This causes the binascii.Error.
1 Like

@cornelinux @plettich Thank you both for your very helpful input.

FWIW the patch available in https://github.com/privacyidea/privacyidea/pull/2360 does make the binascii.Error go away (I am sure you knew that…).