Admin Policy's not working
30 views
Skip to first unread message
jmdeking
Jul 27, 2016, 7:41:58 AM7/27/16
to privacyidea
Hi there,
I cant seem to wrap my head around this.
I make a simple admin policy using the template helpdesk and fill in the field 'Admin' the local user helpdesk i created but then i am also locked out with my default 'admin' account.
I read the docs multiple times but i dont understand how does is supposed to work.
Version: 2.13-1trusty
Ubuntu 14.04.3
Mysql Database
jmdeking
Aug 1, 2016, 4:55:35 AM8/1/16
to privacyidea
My fault, i have to define 2 policy's, 1 for the admin and 1 for the helpdesk else by default you have no rights for the account that is undefined.
Solved :)
Cornelius Kölbel
Aug 1, 2016, 4:59:24 AM8/1/16
to priva...@googlegroups.com
Correct.
As soon as you define a policy in scope "admin" (or scope "user")
all admins are checked for policies.
Thus, if the original "superadmin" would not be located in
helpdesk-admin-policy, the superadmin will end up with no rights.
The best practice is to always start with a superadmin.
Thanks for reporting back.
Kind regards
Cornelius
> --
> Please read the blog post about getting help
> https://www.privacyidea.org/getting-help/.
>
> For professional services and consultancy regarding two factor
> authentication please visit
> https://netknights.it/en/leistungen/one-time-services/
>
> In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
> which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
> https://netknights.it/en/leistungen/service-level-agreements/
> ---
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> Visit this group at https://groups.google.com/group/privacyidea.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/c69c7e99-07c9-48dd-b5fd-22509dffc71a%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
As soon as you define a policy in scope "admin" (or scope "user")
all admins are checked for policies.
Thus, if the original "superadmin" would not be located in
helpdesk-admin-policy, the superadmin will end up with no rights.
The best practice is to always start with a superadmin.
Thanks for reporting back.
Kind regards
Cornelius
> Please read the blog post about getting help
> https://www.privacyidea.org/getting-help/.
>
> For professional services and consultancy regarding two factor
> authentication please visit
> https://netknights.it/en/leistungen/one-time-services/
>
> In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
> which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
> https://netknights.it/en/leistungen/service-level-agreements/
> ---
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> Visit this group at https://groups.google.com/group/privacyidea.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/c69c7e99-07c9-48dd-b5fd-22509dffc71a%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
Reply all
Reply to author
Forward
0 new messages