-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Users can login to a Libki session on the PC without inputting their PIN (SIP2) #351
Comments
This sounds like your ILS SIP service response is out of spec. Can you post
some of the Libki server logs from when you authenticate? The logs should
contain the SIP request and response.
…On Wed, Apr 10, 2024 at 9:33 AM Phodrum ***@***.***> wrote:
Users can login to a Libki session on the PC without inputting their PIN.
(Authentication from user’s borrower account on Civica Spydus via SIP2)
• When user signs in with Borrower number only and no PIN - they gain
access into PC.
• When user signs in with Borrower number and wrong PIN – they do not get
access PC. (As expected.)
• When user signs in with Borrower number and correct PIN – they gain
access to PC. (As expected.)
*To Reproduce*
Login to PC via Libki client using only the borrower number and no PIN.
*Expected behavior*
Users to be blocked from entering a session on the PC if they do not input
their PIN.
*Libki Vesion*
Libki Install: 20.05 (Server – Ubuntu 20.4.6 LTS
Client install: 20.11 installed on PCs running Windows 11
*Additional context*
Configured Libki to authenticate users in Civica Spydus via SIP2.
Have tried adding the “deny_on_field AD:Your PIN is incorrect” line into
the libki_local.conf file but this prevents all users from logging in
regardless of whether or not they input a PIN.
enable 1 host xxx.xxx.xxx.xxx location xxx username xx password xx
terminator CR require_sip_auth 1 enable_split_messages 0 no_password_check
0 deny_on_field AD:Your PIN is incorrect category_field AD
pattern_personal_name ,
Has anyone seen this issue previously? Any help or advice would be greatly
appreciated – Thank you
—
Reply to this email directly, view it on GitHub
<#351>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAMK2ILLFWNFFUPHKLDUK3Y4U5TDAVCNFSM6AAAAABGAO3BVGVHI2DSMVQWIX3LMV43ASLTON2WKOZSGIZTKNRRGQ2TMMY>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
--
Kyle M. Hall
Loose Cannon, ByWater Solutions
***@***.***
https://bywatersolutions.com <http://bywatersolutions.com/>
*What is Koha? <http://bywatersolutions.com/what-is-koha/>*
|
Thanks for your help Kyle. Here's an extract from our libki_server.log 2024/04/09-08:43:23 Server closing! Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 329. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 339. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 329. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 339. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Libki/Controller/API/Client/v1_0.pm line 249. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 329. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 339. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/Use of uninitialized value in string eq at /home/libki/libki-server/lib/Libki/Controller/API/Client/v1_0.pm line 249. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 329. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 339. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 329. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 339. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Libki/Controller/API/Client/v1_0.pm line 249. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 329. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 339. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 329. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 339. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Libki/Controller/API/Client/v1_0.pm line 249. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 329. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 339. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 329. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 339. WARNING: MYSQL_OPT_RECONNECT is deprecated and will be removed in a future version. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 339. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Libki/Controller/API/Client/v1_0.pm line 249. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 329. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 339. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 329. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 339. WARNING: MYSQL_OPT_RECONNECT is deprecated and will be removed in a future version. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 329. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 339. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 329. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 339. DBIx::Class::Storage::DBI::_dbh_execute(): DBI Exception: DBD::mysql::st execute failed: Duplicate entry '172' for key 'sessions.c lient_id' [for Statement "INSERT INTO Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 329. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 339. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 329. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 339. DBIx::Class::Storage::DBI::_dbh_execute(): DBI Exception: DBD::mysql::st execute failed: Duplicate entry '172' for key 'sessions.c lient_id' [for Statement "INSERT INTO DBIx::Class::Storage::DBI::_dbh_execute(): DBI Exception: DBD::mysql::st execute failed: Duplicate entry '172' for key 'sessions.c lient_id' [for Statement "INSERT INTO DBIx::Class::Storage::DBI::_dbh_execute(): DBI Exception: DBD::mysql::st execute failed: Duplicate entry '172' for key 'sessions.c lient_id' [for Statement "INSERT INTO DBIx::Class::Storage::DBI::_dbh_execute(): DBI Exception: DBD::mysql::st exent/v1_0.pm line 361 DBIx::Class::Storage::DBI::_dbh_execute(): DBI Exception: DBD::mysql::st execute failed: Duplicate entry '172' for key 'sessions.c lient_id' [for Statement "INSERT INTO DBIx::Class::Storage::DBI::_dbh_execute(): DBI Exception: DBD::mysql::st execute failed: Duplicate entry '172' for key 'sessions.c lient_id' [for Statement "INSERT INTO DBIx::Class::Storage::DBI::_dbh_execute(): DBI Exception: DBD::mysql::st execute failed: Duplicate entry '172' for key 'sessions.c lient_id' [for Statement "INSERT INTO DBIx::Class::Storage::DBI::_dbh_execute(): DBI Exception: DBD::mysql::st execute failed: Duplicate entry '172' for key 'sessions.c lient_id' [for Statement "INSERT INTO DBIx::Class::Storage::DBI::_dbh_execute(): DBI Exception: DBD::mysql::st execute failed: Duplicate entry '172' for key 'sessions.c lient_id' [for Statement "INSERT INTO DBIx::Class::Storage::DBI::_dbh_execute(): DBI Exception: DBD::mysql::st execute failed: Duplicate entry '172' for key 'sessions.c lient_id' [for Statement "INSERT INTO DBIx::Class::Storage::DBI::_dbh_execute(): DBI Exception: DBD::mysql::st execute failed: Duplicate entry '172' for key 'sessions.c lient_id' [for Statement "INSERT INTO DBIx::Class::Storage::DBI::_dbh_execute(): DBI Exception: DBD::mysql::st execute failed: Duplicate entry '172' for key 'sessions.c lient_id' [for Statement "INSERT INTO DBIx::Class::Storage::DBI::_dbh_execute(): DBI Exception: DBD::mysql::st execute failed: Duplicate entry '172' for key 'sessions.c lient_id' [for Statement "INSERT INTO DBIx::Class::Storage::DBI::_dbh_execute(): DBI Exception: DBD::mysql::st execute failed: Duplicate entry '172' for key 'sessions.c lient_id' [for Statement "INSERT INTO DBIx::Class::Storage::DBI::_dbh_execute(): DBI Exception: DBD::mysql::st execute failed: Duplicate entry '172' for key 'sessions.c lient_id' [for Statement "INSERT INTO DBIx::Class::Storage::DBI::_dbh_execute(): DBI Exception: DBD::mysql::st execute failed: Duplicate entry '172' for key 'sessions.c lient_id' [for Statement "INSERT INTO DBIx::Class::Storage::DBI::_dbh_execute(): DBI Exception: DBD::mysql::st execute failed: Duplicate entry '172' for key 'sessions.c lient_id' [for Statement "INSERT INTO tive', 5=4644] at /home/libki/libki-server/lib/Libki/Controller/API/Client/v1_0.pm line 361 DBIx::Class::Storage::DBI::_dbh_execute(): DBI Exception: DBD::mysql::st execute failed: Duplicate entry '172' for key 'sessions.c lient_id' [for Statement "INSERT INTO DBIx::Class::Storage::DBI::_dbh_execute(): DBI Exception: DBD::mysql::st execute failed: Duplicate entry '172' for key 'sessions.c lient_id' [for Statement "INSERT INTO worker 1686 died, status:0 DBIx::Class::Storage::DBI::_dbh_execute(): DBI Exception: DBD::mysql::st execute failed: Duplicate entry '186' for key 'sessions.c lient_id' [for Statement "INSERT INTO DBIx::Class::Storage::DBI::_dbh_execute(): DBI Exception: DBD::mysql::st execute failed: Duplicate Use of uninitialized value in s tring eq at /home/libki/libki-server/lib/Libki/Controller/API/Client/v1_0.pm line 249. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 329. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 339. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 329. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 339. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Libki/Controller/API/Client/v1_0.pm line 249. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 329. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 339. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 329. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 339. DBIx::Class::Storage::DBI::_dbh_execute(): DBI Exception: DBD::mysql::st execute failed: Duplicate entry '168' for key 'sessions.c lient_id' [for Statement "INSERT INTO DBIx::Class::Storage::DBI::_dbh_execute(): DBI Exception: DBD::mysql::st execute failed: Duplicate entry '168' for key 'sessions.c lient_id' [for Statement "INSERT INTO DBIx::Class::Storage::DBI::_dbh_execute(): DBI Exception: DBD::mysql::st execute failed: Duplicate entry '168' for key 'sessions.c lient_id' [for Statement "INSERT INTO Use of uninitialized value in string eq at /home/libki/libki-server/lib/Libki/Controller/API/Client/v1_0.pm line 249. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 329. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 339. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 329. Use of uninitialized value in string eq at /homentry '186' for key 'sessions.client_id' [for Statement "INSERT INTO Argument "" isn't numeric in subtraction (-) at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 317. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Libki/Controller/API/Client/v1_0.pm line 249. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 329. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 339. Use of uninitialized value in string eq at /home/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm line 329. Use of uninitialized value in string eq at /home/libki/libki-server/libe/libki/libki-server/lib/Catalyst/Plugin/LibkiSetting.pm li ne 339. WARNING: MYSQL_OPT_RECONNECT is deprecated and will be removed in a future version. WARNING: MYSQL_OPT_RECONNECT is deprecated and will be removed in a future version. |
Can you confirm to me that you are not using SIP? |
I can confirm I have been been using SIP to authenticate Libki users against their borrower account for three years with over 3000 unique users. (ILS - Spydus) I can see SIP noted in the "Creation source" column in the "users" tab as well as their names and borrower numbers. (All pulled down from Spydus) |
Can you find any lines in your logs with |
Hi Kyle, no sign of READ or SEND in 3000 lines taken from the libki_server.log this afternoon directly after logging in new user into Libki. (Authenticating credentials via SIP) |
What version of the Libki server are you running? |
Libki r20.11 - Libki Server v4.2.4 |
That is quite old, nearly 4 years old! Have you tried a newer version? I'd recommend making a backup of your database and upgrading to r24.01. It should be cross-compatible with your currently clients, the clients just won't support any new client side features that show up in the server settings. |
I did confirm that even on 20.11 Libki is logging SIP messages. What are the contents of your log4perl conf? Are you running Libki server in docker or on a host os? |
Running Libki on Ubuntu 20.4.6 LTS I'm pretty sure I have a newer version running on a test server - I'll get SIP setup and try authenticating some users and let you know how I get on - Thank you Kyle. Contents of log4perl.conf log4perl.rootLogger = INFO, LOGFILE, SCREEN log4perl.appender.LOGFILE = Log::Log4perl::Appender::File log4perl.appender.SCREEN = Log::Log4perl::Appender::Screen |
I think if you change |
Thank you Kyle, that's the SIP messages appearing in the log file now. I'd be grateful if you could have a look at both and maybe assess why a blank PIN filed on the client is allowing users to log in? Libki::Controller::API::Client::v1_0 - username: B220010, client_name: Test PC1 SIP CONFIG
|
@Phodrum thanks! The reason Libki is allowing the user in is because your ILS is telling Libki the empty password is valid. You should look to find a setting in ILS to disable this behavior. For example, in the Koha ILS there is a SIP config option |
Thank you so much for your help @kylemhall |
Users can login to a Libki session on the PC without inputting their PIN. (Authentication from user’s borrower account on Civica Spydus via SIP2)
• When user signs in with Borrower number only and no PIN - they gain access into PC.
• When user signs in with Borrower number and wrong PIN – they do not get access PC. (As expected.)
• When user signs in with Borrower number and correct PIN – they gain access to PC. (As expected.)
To Reproduce
Login to PC via Libki client using only the borrower number and no PIN.
Expected behavior
Users to be blocked from entering a session on the PC if they do not input their PIN.
Libki Vesion
Libki Install: 20.05 (Server – Ubuntu 20.4.6 LTS
Client install: 20.11 installed on PCs running Windows 11
Additional context
Configured Libki to authenticate users in Civica Spydus via SIP2.
Have tried adding the “deny_on_field AD:Your PIN is incorrect” line into the libki_local.conf file but this prevents all users from logging in regardless of whether or not they input a PIN.
enable 1 host xxx.xxx.xxx.xxx location xxx username xx password xx terminator CR require_sip_auth 1 enable_split_messages 0 no_password_check 0 deny_on_field AD:Your PIN is incorrect category_field AD pattern_personal_name ,Has anyone seen this issue previously? Any help or advice would be greatly appreciated – Thank you
The text was updated successfully, but these errors were encountered: