client ip when using simplesamlphp
22 views
Skip to first unread message
tbi
Mar 12, 2017, 9:22:08 AM3/12/17
to privacyidea
Hi all
I am using privacyIDEA together with simplesamlphp. Both is installed at the same machine.
Now I have the problem, when a system is using SAML 2.0 to authenticate against simplesamlphp, I can never see the client ip in the audit log. I always see 127.0.0.1 as client ip.
This means, I cannot assign any policies to a specific client.
As I can see in the code of the simplesaml plugin, this should not happen:
/**
* privacyidea authentication module.
* 2017-02-13 Cornelius Kölbel <corneliu...@netknights.it>
* Forward the client IP to privacyIDEA
Since the change is quite new, I am not sure if this feature is implemented correctly yet. Does this work for anyone?
Best regards
Tobias
Jochen Hein
Mar 13, 2017, 12:11:11 AM3/13/17
to tbi, privacyidea
Hi Tobias,
tbi <tbal...@gmail.com> writes:
> Now I have the problem, when a system is using SAML 2.0 to authenticate
> against simplesamlphp, I can never see the client ip in the audit log. I
> always see 127.0.0.1 as client ip.
client IP? See Configuration -> System Configuration and
http://privacyidea.readthedocs.io/en/latest/configuration/system_config.html#override-authorization-client
for details.
Jochen
--
This space is intentionally left blank.
tbi
Mar 13, 2017, 2:27:21 AM3/13/17
to privacyidea, tbal...@gmail.com
Hi Jochen
Oh no, I wasn't aware that this is necessary. Thanks for the tip.
Regards Tobias
Jochen Hein
Mar 13, 2017, 12:23:35 PM3/13/17
to tbi, privacyidea
tbi <tbal...@gmail.com> writes:
> Hi Jochen
>
> Oh no, I wasn't aware that this is necessary. Thanks for the tip.
If I remember correctly, /var/log/privacyidea/privacyidea.log should
> Hi Jochen
>
> Oh no, I wasn't aware that this is necessary. Thanks for the tip.
have messages that the client is not allowed to overwrite the IP.
Did you have such messages?
Reply all
Reply to author
Forward
0 new messages