I think I understand the logs a little better, and it looks like the privacyIDEA server did try to split the password+TOTP, based on this:
[2021-11-02 16:39:18,904][26126][140591642093312][DEBUG][privacyidea.lib.tokenclass:1285] Splitting the an OTP value of length 6 from the password.
[2021-11-02 16:39:18,904][26126][140591642093312][DEBUG][privacyidea.lib.config:185] Entering get_from_config with arguments () and keywords {'key': 'PrependPin', 'default': False, 'return_bool': True}
[2021-11-02 16:39:18,904][26126][140591642093312][DEBUG][privacyidea.lib.config:198] Exiting get_from_config with result True
[2021-11-02 16:39:18,904][26126][140591642093312][DEBUG][privacyidea.lib.utils:1310] PIN prepended. PIN length is 14, OTP length is 14.
[2021-11-02 16:39:18,905][26126][140591642093312][DEBUG][privacyidea.lib.policy:185] Entering match_policies with arguments (<privacyidea.lib.policy.PolicyClass object at 0x7fde01a14310>,) and keywords {'audit_data': None, 'request_headers': EnvironHeaders([('Host', 'idea.chem.umass.edu'), ('User-Agent', 'Wordpress'), ('Accept', '*/*'), ('Content-Length', '351'), ('Content-Type', 'multipart/form-data; boundary=------------------------d5ded0eedbcdef78')]), 'pinode': 'localnode', 'name': None, 'scope': 'authentication', 'realm': None, 'active': True, 'resolver': None, 'user': None, 'user_object': User(login='maher', realm='bmbchem', resolver='BMBChemLDAPServer'), 'client': '[wordpressServerIP]', 'action': 'otppin', 'adminrealm': None, 'time': None, 'sort_by_priority': True, 'serial': None}
But then I get this, which I don’t quite understand:
[2021-11-02 16:39:18,907][26126][140591642093312][DEBUG][privacyidea.models:434] we got a hashed PIN!
[2021-11-02 16:39:18,908][26126][140591642093312][DEBUG][privacyidea.lib.config:185] Entering get_from_config with arguments () and keywords {'key': 'IncFailCountOnFalsePin', 'default': False, 'return_bool': True}
[2021-11-02 16:39:18,908][26126][140591642093312][DEBUG][privacyidea.lib.config:198] Exiting get_from_config with result True
[2021-11-02 16:39:18,925][26126][140591642093312][DEBUG][privacyidea.lib.token:198] Exiting check_token_list with result (False, {'message': 'wrong otp pin'})
[2021-11-02 16:39:18,926][26126][140591642093312][DEBUG][privacyidea.lib.token:198] Exiting check_user_pass with result (False, {'message': 'wrong otp pin'})
And I’m not using a PIN.
Any thoughts on the problem would be great.
Thanks.