PrivacyIDEA - Install BasicAuth
Hi,
I try to activate the Basic Authentication for SSO purpose for the WebUI. If I change the AuthType in the apache config file „privacyidea.conf“ to basic the login dialog appears but the authentication failed. In the apache error log I receive the following Message.
/var/log/httpd/error_log:
[Mon Sep 12 21:11:34.936915 2016] [:error] [pid 1483] [client 172.16.16.16:63124] mod_wsgi (pid=1483): Exception occurred processing WSGI script '/opt/privacyIDEA/lib/python2.7/site-packages/authmodules/apache2/privacyidea_apache.py'.
[Mon Sep 12 21:11:34.936989 2016] [:error] [pid 1483] [client 172.16.16.16:63124] Traceback (most recent call last):
[Mon Sep 12 21:11:34.937046 2016] [:error] [pid 1483] [client 172.16.16.16:63124] File "/opt/privacyIDEA/lib/python2.7/site-packages/authmodules/apache2/privacyidea_apache.py", line 66, in check_password
[Mon Sep 12 21:11:34.937129 2016] [:error] [pid 1483] [client 172.16.16.16:63124] value = rd.get(key)
[Mon Sep 12 21:11:34.937146 2016] [:error] [pid 1483] [client 172.16.16.16:63124] File "/opt/privacyIDEA/lib/python2.7/site-packages/redis/client.py", line 863, in get
[Mon Sep 12 21:11:34.937698 2016] [:error] [pid 1483] [client 172.16.16.16:63124] return self.execute_command('GET', name)
[Mon Sep 12 21:11:34.937725 2016] [:error] [pid 1483] [client 172.16.16.16:63124] File "/opt/privacyIDEA/lib/python2.7/site-packages/redis/client.py", line 570, in execute_command
[Mon Sep 12 21:11:34.937745 2016] [:error] [pid 1483] [client 172.16.16.16:63124] connection.send_command(*args)
[Mon Sep 12 21:11:34.937757 2016] [:error] [pid 1483] [client 172.16.16.16:63124] File "/opt/privacyIDEA/lib/python2.7/site-packages/redis/connection.py", line 556, in send_command
[Mon Sep 12 21:11:34.937958 2016] [:error] [pid 1483] [client 172.16.16.16:63124] self.send_packed_command(self.pack_command(*args))
[Mon Sep 12 21:11:34.938001 2016] [:error] [pid 1483] [client 172.16.16.16:63124] File "/opt/privacyIDEA/lib/python2.7/site-packages/redis/connection.py", line 532, in send_packed_command
[Mon Sep 12 21:11:34.938041 2016] [:error] [pid 1483] [client 172.16.16.16:63124] self.connect()
[Mon Sep 12 21:11:34.938052 2016] [:error] [pid 1483] [client 172.16.16.16:63124] File "/opt/privacyIDEA/lib/python2.7/site-packages/redis/connection.py", line 436, in connect
[Mon Sep 12 21:11:34.938065 2016] [:error] [pid 1483] [client 172.16.16.16:63124] raise ConnectionError(self._error_message(e))
[Mon Sep 12 21:11:34.938081 2016] [:error] [pid 1483] [client 172.16.16.16:63124] ConnectionError: Error 111 connecting to localhost:6379. Connection refused.
/etc/httpd/conf.d/privacyidea.conf:
TraceEnable off
ServerSignature Off
ServerTokens Prod
WSGIPythonHome /opt/privacyIDEA
WSGISocketPrefix /var/run/wsgi
<VirtualHost _default_:80>
ServerAdmin sup...@xxx.xy
ServerName Servername1
RewriteEngine On
RewriteCond %{HTTPS} !=On
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>
<VirtualHost _default_:443>
ServerAdmin support@xxx.xy
ServerName Servername
DocumentRoot /var/www
<Directory />
# For Apache 2.4 you need to set this:
# Require all granted
Options FollowSymLinks
AllowOverride None
SSLRequireSSL
AuthType Basic
AuthName "OTP WebUi Login"
AuthBasicProvider wsgi
WSGIAuthUserScript /opt/privacyIDEA/lib/python2.7/site-packages/authmodules/apache2/privacyidea_apache.py
require valid-user
</Directory>
<Location /validate/check>
Require all granted
Options FollowSymLinks
AllowOverride None
</Location>
<Location /ttype>
Require all granted
Options FollowSymLinks
AllowOverride None
</Location>
# The daemon is running as user 'privacyidea'
# This user should have access to the encKey database encryption file
WSGIDaemonProcess privacyidea python-path=/etc/privacyidea:/opt/privacyIDEA/lib/python2.7/site-packages processes=1 threads=15 display-name=%{GROUP} user=privacyidea
WSGIPassAuthorization On
WSGIProcessGroup privacyidea
WSGIPassAuthorization On
WSGIScriptAlias / /etc/privacyidea/privacyideaapp.wsgi
SSLEngine On
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite EECDH+AES256:DHE+AES256:EECDH+AES:EDH+AES:-SHA1:EECDH+RC4:EDH+RC4:RC4-SHA:AES256-SHA:!aNULL:!eNULL:!EXP:!LOW:!MD5
SSLCertificateFile /etc/pki/tls/certs/privacyideaserver.pem
SSLCertificateKeyFile /etc/pki/tls/private/privacyideaserver.key
</VirtualHost>
Software Versions:
PrivacyIDEA 2.14
centos-release-7-2.1511.el7.centos.2.10.x86_64
Python 2.7.5
Apache/2.4.6 (CentOS)
Could you please tell me, what is wrong?
Thanks in advance!
Tilmann
{ "default_tokentype": "totp", "remote_user": "allowed", "tokenwizard": true }
Okay, thank you!