I am trying to set up privacyidea with remote-user-allowed policy.
The remote-user header is passed from haproxy load balancer to nginx/wsgi
that serves privacyidea.
However, the request fails with a response stating that "‘Request’ has no
attribute ‘all_data’’.
The traceback points to lib/python2.7/dist-packages/privacyidea/lib/utils.py:
get_client_ip():
mapped_ip = request.all_data.get(“client”)
I changed the line to the below and everything seems work fine now:
mapped_ip = request.all_data.get(“client”) if hasattr(request,‘all_data’)
else None
I am not sure if I am missing something here to make remote-user work?
can you please check for the Request anyway?
This will help track down the problem a lot.
E.g. open the developer view with Ctrl-I and choose the network tab.
It might be the POST /auth request. Can you please verify this?
Thanks a lot
CorneliusAm Mittwoch, den 31.08.2016, 00:02 -0700 schrieb Quynh .Nhat:
Hi Cornelius,
Thanks for the response.
By the request, I just meant normal browsing to the webui with a web
browser. No crafted request.
My goal is to allow client cert login to privacyidea webui. The one
doing the cert authentication for clients is haproxy. The setup is:
what request are you issuing?
i.e. what are you doing/trying to do?
The all_data gets added to the request object in some before_request
statement. Probably this is missing or disordered in the request you
are sending.
If you are using developer mode in your browser you can identify the
request. This would be quite helpful.
Thanks a lot and kind regards
CorneliusAm Dienstag, den 30.08.2016, 21:45 -0700 schrieb Quynh .Nhat:
Hi,
I am trying to set up privacyidea with remote-user-allowed policy.
The remote-user header is passed from haproxy load balancer to
nginx/wsgi that serves privacyidea.
However, the request fails with a response stating that "‘Request’
has no attribute ‘all_data’'.
The traceback points to lib/python2.7/dist-
packages/privacyidea/lib/utils.py: get_client_ip():
mapped_ip = request.all_data.get(“client”)
I changed the line to the below and everything seems work fine now:
mapped_ip = request.all_data.get(“client”) if
hasattr(request,‘all_data’) else None
I am not sure if I am missing something here to make remote-user
work?
In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY: privacyIDEA Support Level
I understand. This is the call to the static webui/login.py.
There was no before_request and thus there was not request.all_data
created.
I opened an issue for this.
…and already know the fix.
Kind regards
CorneliusAm Mittwoch, den 31.08.2016, 00:02 -0700 schrieb Quynh .Nhat:
Hi Cornelius,
Thanks for the response.
By the request, I just meant normal browsing to the webui with a web
browser. No crafted request.
My goal is to allow client cert login to privacyidea webui. The one
doing the cert authentication for clients is haproxy. The setup is:
I attached the screenshots of the capture.
Haproxy is a separate node, and simply add and send the X-Remote-User
header (which is deprived from the client cert info) to nginx.
There is no POST request, I believe.
Please let me know if you need any other information.
Best regards,On Wednesday, August 31, 2016 at 12:07:01 AM UTC-7, Cornelius Kölbel wrote:
Hi Quynh,
can you please check for the Request anyway?
This will help track down the problem a lot.
E.g. open the developer view with Ctrl-I and choose the network tab.
It might be the POST /auth request. Can you please verify this?
Thanks a lot
Cornelius
Am Mittwoch, den 31.08.2016, 00:02 -0700 schrieb Quynh .Nhat:
Hi Cornelius,
Thanks for the response.
By the request, I just meant normal browsing to the webui with a web
browser. No crafted request.
My goal is to allow client cert login to privacyidea webui. The one
doing the cert authentication for clients is haproxy. The setup is:
