I have been testing and messing around with PrivacyIDEA for few hours now and it looks great !
I am using the latest stable version on top of Debian Jessie, I have a very simple WebUI policy that authenticate against PrivacyIDEA itself and using LDAP resolver, I enrolled the following tokens and all assigned to a single user:
All works perfectly but once I assigned the AES one, only the AES one can actually login and the rest getting error below in the logs:
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1817, in wsgi_app
response = self.full_dispatch_request()
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1477, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1381, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1475, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1461, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/usr/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py", line 96, in policy_wrapper
response = wrapped_function(*args, **kwds)
File "/usr/lib/python2.7/dist-packages/privacyidea/api/auth.py", line 234, in get_auth_token
superuser_realms)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py", line 81, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py", line 477, in login_mode
return wrapped_function(*args, **kwds)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/auth.py", line 130, in check_webui_user
check, details = check_user_pass(user_obj, password, options=options)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py", line 81, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py", line 274, in auth_user_timelimit
res, reply_dict = wrapped_function(user_object, passw, options)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py", line 81, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py", line 360, in auth_lastauth
res, reply_dict = wrapped_function(user_or_serial, passw, options)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py", line 81, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py", line 251, in auth_user_passthru
return wrapped_function(user_object, passw, options)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py", line 81, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py", line 175, in auth_user_has_no_token
return wrapped_function(user_object, passw, options)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py", line 81, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py", line 210, in auth_user_does_not_exist
return wrapped_function(user_object, passw, options)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py", line 125, in log_wrapper
f_result = func(*args, **kwds)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/token.py", line 1803, in check_user_pass
options=options)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py", line 125, in log_wrapper
f_result = func(*args, **kwds)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/token.py", line 1861, in check_token_list
options=options)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/decorators.py", line 45, in token_locked_wrapper
f_result = func(*args, **kwds)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/tokenclass.py", line 388, in authenticate
otp_counter = self.check_otp(otpval, options=options)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py", line 125, in log_wrapper
f_result = func(*args, **kwds)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/decorators.py", line 45, in token_locked_wrapper
f_result = func(*args, **kwds)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/yubikeytoken.py", line 191, in check_otp
otp_bin = modhex_decode(yubi_otp)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/utils.py", line 104, in modhex_decode
[mod2HexDict[c] for c in m]
KeyError: u'8'
unassign the AES token, and everything works perfectly again.