How does setrealm works?

[Nicke]

Hello

I would like to append a realm when someone doing authentication from a specific client.

In Authorization Policy it exist the great feature setrealm that should change realm before trying to authenticate.

My problem is that I can not get it to work.

GET https://key.host.net/policy/setrealm

{
    "jsonrpc": "2.0",
    "signature": "138514975560...",
    "versionnumber": "2.18.1",
    "version": "privacyIDEA 2.18.1",
    "result": {
        "status": true,
        "value": [
            {
                "adminrealm": [],
                "name": "setrealm",
                "time": "",
                "active": true,
                "client": [
                    "46.122.207.16"
                ],
                "user": [
                    "nicke"
                ],
                "resolver": [],
                "check_all_resolvers": true,
                "action": {
                    "setrealm": "myrealm.se"
                },
                "realm": [],
                "scope": "authorization",
                "condition": 0
            }
        ]
    },
    "time": 1490620079.9427,
    "id": 1
}

POST https://key.host.net/validate/check

user: nicke

pass: password

{
    "jsonrpc": "2.0",
    "signature": "138514975560...",
    "detail": null,
    "version": "privacyIDEA 2.18.1",
    "result": {
        "status": false,
        "error": {
            "message": "ERR905: The user can not be found in any resolver in this realm!",
            "code": 905
        }
    },
    "time": 1490681246.3706,
    "id": 1
}

How can I use the feature setrealm?

[Cornelius Kölbel]

You probably have a misconfiguration in the policy in your client. 

It which realms does the user "nicke" exist anyway?