With one enrollment policy, "There are conflicting tokenlabel definitions!"
24 views
Skip to first unread message
Evan Stoner
May 19, 2016, 9:50:50 AM5/19/16
to privacyidea
Hi there,
We are looking forward to using PrivacyIDEA with OwnCloud and several other applications. However, we are facing some simple problems with the policy.
We have one enrollment policy defined that sets tokenissuer and tokenlabel to some sensible values for our organization. When I attempt to create a token, I receive an error -- "There are conflicting tokenlabel definitions!". If I remove the tokenlabel value from the policy, I get the same error for "tokenissuer" definitions. Is this a bug? Is there a default enrollment policy I need to clear?
I saw https://groups.google.com/forum/#!topic/privacyidea/rRTsUu22Fl8, but we only have policy that defines tokenlabel.
PrivacyIDEA 2.11.3 installed from the PPA.
Thanks!
Cornelius Kölbel
May 19, 2016, 10:12:48 AM5/19/16
to priva...@googlegroups.com
Hi Evan,
first I want to point out this great joke, which I stumbled upon a few
days ago:
https://twitter.com/highmeh/status/731660976584425472
No. One policy should not produce conflicting policies.
Can you please send your policy definition?
Thanks a lot
Cornelius
> --
> Please read the blog post about getting help
> https://www.privacyidea.org/getting-help/.
>
> For professional services and consultancy regarding two factor
> authentication please visit
> https://netknights.it/en/leistungen/one-time-services/
>
> In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
> which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
> https://netknights.it/en/leistungen/service-level-agreements/
> ---
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> Visit this group at https://groups.google.com/group/privacyidea.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/153066f2-97ac-4717-9941-032280e1b955%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
first I want to point out this great joke, which I stumbled upon a few
days ago:
https://twitter.com/highmeh/status/731660976584425472
No. One policy should not produce conflicting policies.
Can you please send your policy definition?
Thanks a lot
Cornelius
> Please read the blog post about getting help
> https://www.privacyidea.org/getting-help/.
>
> For professional services and consultancy regarding two factor
> authentication please visit
> https://netknights.it/en/leistungen/one-time-services/
>
> In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
> which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
> https://netknights.it/en/leistungen/service-level-agreements/
> ---
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> Visit this group at https://groups.google.com/group/privacyidea.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/153066f2-97ac-4717-9941-032280e1b955%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
Evan Stoner
May 19, 2016, 10:27:19 AM5/19/16
to privacyidea
I should have mentioned, we also have an admin policy (allow everything for user "admin" on any realm/resolver) and a webui policy (default tokentype for any user/realm/resolver), but I don't see where those would cause the conflict.
name: enrollment
scope: enrollment
action:
- tokenissuer: Organization OTP
- tokenlabel: <u>@<r> (<s>)
user-realm: none
user-resolver: none
user: none
client: none
Cornelius Kölbel
May 19, 2016, 10:37:26 AM5/19/16
to priva...@googlegroups.com
Hi Evan,
ok - you might not be pleased.
But please remove the blanks from the tokenissuer and tokenlabel.
-> "Organization_OTP"
-> "<u>@<r>(<s>)"
Youknow,blanksarethebeginningofallevilandeatawayourdiskstorage... ;-)
Kind regards
Cornelius
> https://groups.google.com/d/msgid/privacyidea/f1ead21d-293a-4cf4-9779-05e5593756ec%40googlegroups.com.
ok - you might not be pleased.
But please remove the blanks from the tokenissuer and tokenlabel.
-> "Organization_OTP"
-> "<u>@<r>(<s>)"
Youknow,blanksarethebeginningofallevilandeatawayourdiskstorage... ;-)
Kind regards
Cornelius
Evan Stoner
May 19, 2016, 10:52:06 AM5/19/16
to privacyidea
Ah got it, it's working now without spaces. I missed that note in get_action_values().
By the way, I did try with single quotes, and the token was created, but Google Authenticator said it was invalid.
Thanks Cornelius!
Evan Stoner
May 19, 2016, 10:55:53 AM5/19/16
to privacyidea
Looks like you have URL-encode special strings to Google Authenticator: https://github.com/google/google-authenticator/wiki/Key-Uri-Format
Maybe a future enhancement. :)
Cornelius Kölbel
May 19, 2016, 11:07:06 AM5/19/16
to priva...@googlegroups.com
I just fixed the white spaces. Not big hassle.
I am just running the tests.
Will be in 2.13, which will be released next week.
Kind regards
Cornelius
> https://groups.google.com/d/msgid/privacyidea/441650da-b058-4c8e-b599-94dbc410c34b%40googlegroups.com.
I am just running the tests.
Will be in 2.13, which will be released next week.
Kind regards
Cornelius
Cornelius Kölbel
May 21, 2016, 2:17:05 AM5/21/16
to priva...@googlegroups.com
Hello Even,
thanks a lot.
I just fixed this.
https://github.com/privacyidea/privacyidea/commit/0052243a3402fdf252ba5565fa4a435716b3a791
Kind regards
Cornelius
Am Donnerstag, den 19.05.2016, 07:55 -0700 schrieb Evan Stoner:
> https://groups.google.com/d/msgid/privacyidea/441650da-b058-4c8e-b599-94dbc410c34b%40googlegroups.com.
thanks a lot.
I just fixed this.
https://github.com/privacyidea/privacyidea/commit/0052243a3402fdf252ba5565fa4a435716b3a791
Kind regards
Cornelius
Am Donnerstag, den 19.05.2016, 07:55 -0700 schrieb Evan Stoner:
Reply all
Reply to author
Forward
0 new messages