Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The request needs to contain a valid PI-Authorization header. #2123

Closed
cartenca opened this issue Mar 21, 2020 · 6 comments
Closed

The request needs to contain a valid PI-Authorization header. #2123

cartenca opened this issue Mar 21, 2020 · 6 comments

Comments

@cartenca
Copy link

@cartenca cartenca commented Mar 21, 2020

I'm using PHP cURL API request to "GET /validate/triggerchallenge".

In your API documentation It is written that "The request needs to contain a valid PI-Authorization header."
What does it mean?

I use this php code
TO RETRIVE TOKEN (and this is correct and it works):

            $data = array("username" => "admin", "password" => "..........................");                                                                    
					$data_string = json_encode($data);                                                                                                                                                                                        
					$ch = curl_init('https://.................................../auth');                                                                      
					curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");                                                                     
					curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string);                                                                  
					curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);                                                                      
					curl_setopt($ch, CURLOPT_HTTPHEADER, array(                                                                          
					   'Content-Type: application/json',                                                                                
					   'Content-Length: ' . strlen($data_string))                                                                       
					);                                                                                                                                                                                                                
					$result = curl_exec($ch);
					var_dump(json_decode($result));
                    
					$obj = json_decode($result);
					$tkn = $obj->{'result'}->{'value'}->{'token'};
					curl_close($ch);

TO PERFOM triggerchallenge:

 $data = array("user" => "$user");                                                                    
					$data_string = json_encode($data);                                                                                                                                                                                           
					$ch = curl_init('https://................../validate/triggerchallenge');                                                                      
					curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");                                                                     
					curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string);                                                                  
					curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);                                                                      
					curl_setopt($ch, CURLOPT_HTTPHEADER, array(                                                                          
					   'Content-Type: application/json',       
					   'Authorization: OAuth $tkn',                                                                         
					   'Content-Length: ' . strlen($data_string))                                                                       
					);                                                                                                                                                                                                                
					$result = curl_exec($ch);
					var_dump(json_decode($result));
					curl_close($ch);

but I receive : 'Authentication failure. Error during decoding your token: Not enough segments'
Could you help me please?

One more thing....
Is it possible to retrive, with an API, the OTP code sends to user by the triggerchallenge above?
I have to use the OTP code to encrypt a file so that the user can decrypt it with the same OTP code sent to him by privacyidea.
Thank you very much!

Carlo

@github-actions

This comment has been minimized.

Copy link

@github-actions github-actions bot commented Mar 21, 2020

Thank you for filing an issue and sharing your observations or ideas. Please be sure to provide as many information as possible to help us working on this issue.

@cornelinux

This comment has been minimized.

Copy link
Member

@cornelinux cornelinux commented Mar 22, 2020

We do not real OAuth, so you need to pass the Authorization header a bit different:

curl_setopt($ch, CURLOPT_HTTPHEADER, array(
					   'Content-Type: application/json',
					   'Authorization: $tkn',
					   'Content-Length: ' . strlen($data_string))
);

Since in certain cases there can be clashes with other Authorization headers, we also parse for our own header and you can do it this way:

curl_setopt($ch, CURLOPT_HTTPHEADER, array(
					   'Content-Type: application/json',
					   'PI-Authorization: $tkn',
					   'Content-Length: ' . strlen($data_string))
					);   
@cartenca

This comment has been minimized.

Copy link
Author

@cartenca cartenca commented Mar 22, 2020

Thank you.
What about my second question?

Is it possible to get, with an API, the OTP code sends to user by the triggerchallenge above?
I have to use the OTP code to encrypt a file so that the user can decrypt it with the same OTP code sent to him by privacyidea.
Thank you very much!

Carlo

@cartenca

This comment has been minimized.

Copy link
Author

@cartenca cartenca commented Mar 22, 2020

I GET the same error.....

Screen:

object(stdClass)[1]
public 'jsonrpc' => string '2.0' (length=3)
public 'signature' => string '21395922826955434680144180307377356453340533425273030970429355117596273017722969180939741404597431018389192348281789774970954328289420302600379125975660355428141898476682241967046009667911999053799124845888692567381609884719239266402378915150253711899445487827207578369816275650987658372202295939595054714898577966653366304150424284565483346759265256097115195646776587359796703029678262438564173459189302796977907437296112652713882796458831956880390164858947495215819542778620285794666993985129298933565795522902'... (length=617)
public 'versionnumber' => string '2.23.5' (length=6)
public 'version' => string 'privacyIDEA 2.23.5' (length=18)
public 'result' =>
object(stdClass)[2]
public 'status' => boolean true
public 'value' =>
object(stdClass)[3]
public 'username' => string 'admin' (length=5)
public 'realm' => string '' (length=0)
public 'rights' =>
array (size=84)
...
public 'default_tokentype' => string 'hotp' (length=4)
public 'user_details' => boolean false
public 'log_level' => int 20
public 'timeout_action' => string 'lockscreeen' (length=11)
public 'logout_time' => int 120
public 'token_wizard_2nd' => boolean false
public 'token_wizard' => boolean false
public 'menus' =>
array (size=6)
...
public 'token' => string 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwibm9uY2UiOiI0YzI4ODIxYTVlNWY0MmZhZDgzY2I1ZDZhZDNhY2UxY2UyMmQyZDZiIiwiYXV0aHR5cGUiOiJwYXNzd29yZCIsInJlYWxtIjoiIiwicmlnaHRzIjpbInJlc2V0Iiwic3Bhc3Nfb3RwX3Bpbl9jb250ZW50cyIsInNldHBpbiIsInJldm9rZSIsImF1ZGl0bG9nX2FnZSIsImFkZHVzZXIiLCJlbnJvbGxTTVMiLCJwb2xpY3lkZWxldGUiLCJtYW5hZ2VzdWJzY3JpcHRpb24iLCJzdGF0aXN0aWNzX3JlYWQiLCJlbnJvbGxUSVFSIiwiY29uZmlnZGVsZXRlIiwibWFjaGluZWxpc3QiLCJyYWRpdXNzZXJ2ZXJfd3JpdGUiLCJzZXQiLCJyZXN5bmMiLCJ1bmFzc2lnbiIsInNtc2dhdGV3YXl'... (length=2020)
public 'search_on_enter' => boolean false
public 'user_page_size' => int 15
public 'subscription_status' => int 0
public 'role' => string 'admin' (length=5)
public 'token_page_size' => int 15
public 'policy_template_url' => string 'https://raw.githubusercontent.com/privacyidea/policy-templates/master/templates/' (length=80)
public 'hide_welcome' => boolean false
public 'time' => float 1584863088.5377
public 'id' => int 1
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwibm9uY2UiOiI0YzI4ODIxYTVlNWY0MmZhZDgzY2I1ZDZhZDNhY2UxY2UyMmQyZDZiIiwiYXV0aHR5cGUiOiJwYXNzd29yZCIsInJlYWxtIjoiIiwicmlnaHRzIjpbInJlc2V0Iiwic3Bhc3Nfb3RwX3Bpbl9jb250ZW50cyIsInNldHBpbiIsInJldm9rZSIsImF1ZGl0bG9nX2FnZSIsImFkZHVzZXIiLCJlbnJvbGxTTVMiLCJwb2xpY3lkZWxldGUiLCJtYW5hZ2VzdWJzY3JpcHRpb24iLCJzdGF0aXN0aWNzX3JlYWQiLCJlbnJvbGxUSVFSIiwiY29uZmlnZGVsZXRlIiwibWFjaGluZWxpc3QiLCJyYWRpdXNzZXJ2ZXJfd3JpdGUiLCJzZXQiLCJyZXN5bmMiLCJ1bmFzc2lnbiIsInNtc2dhdGV3YXlfd3JpdGUiLCJ0b2tlbnJlYWxtcyIsImVucm9sbFRPVFAiLCJlbnJvbGxTUEFTUyIsImV2ZW50aGFuZGxpbmdfd3JpdGUiLCJhdWRpdGxvZyIsImF1ZGl0bG9nX2Rvd25sb2FkIiwicHJpdmFjeWlkZWFzZXJ2ZXJfd3JpdGUiLCJzZXR0b2tlbmluZm8iLCJjbGllbnR0eXBlIiwicmVzb2x2ZXJkZWxldGUiLCJzdGF0aXN0aWNzX2RlbGV0ZSIsImVucm9sbFBXIiwiZW5yb2xsNEVZRVMiLCJlbnJvbGxIT1RQIiwiZW5yb2xsUVVFU1RJT04iLCJlbnJvbGxDRVJUSUZJQ0FURSIsInRvdHBfMnN0ZXAiLCJjb3B5dG9rZW51c2VyIiwiZW5yb2xsTU9UUCIsImNvbmZpZ3dyaXRlIiwiZ2V0c2VyaWFsIiwiZW5yb2xsUkVHSVNUUkFUSU9OIiwic3Bhc3Nfb3RwX3Bpbl9tYXhsZW5ndGgiLCJ0cmlnZ2VyY2hhbGxlbmdlIiwiZW5yb2xsWVVCSUtFWSIsIm90cF9waW5fY29udGVudHMiLCJlbmFibGUiLCJlbnJvbGxVMkYiLCJtYW5hZ2VfbWFjaGluZV90b2tlbnMiLCJlbnJvbGxQQVBFUiIsImdldHJhbmRvbSIsInBvbGljeXdyaXRlIiwidXNlcmxpc3QiLCJob3RwXzJzdGVwIiwiZGVsZXRldXNlciIsInBlcmlvZGljdGFza193cml0ZSIsImVucm9sbFZBU0NPIiwiZW5yb2xscGluIiwiY2Fjb25uZWN0b3JkZWxldGUiLCJjYWNvbm5lY3RvcndyaXRlIiwiZGlzYWJsZSIsInNwYXNzX290cF9waW5fbWlubGVuZ3RoIiwibXJlc29sdmVyZGVsZXRlIiwiY29weXRva2VucGluIiwiZW5yb2xsUkFESVVTIiwiZW5yb2xsT0NSQSIsImVucm9sbFlVQklDTyIsInNldF9oc21fcGFzc3dvcmQiLCJ1cGRhdGV1c2VyIiwic3lzdGVtX2RvY3VtZW50YXRpb24iLCJnZXRjaGFsbGVuZ2VzIiwiZmV0Y2hfYXV0aGVudGljYXRpb25faXRlbXMiLCJzbXRwc2VydmVyX3dyaXRlIiwibG9zdHRva2VuIiwiZW5yb2xsVEFOIiwiZW5yb2xsRU1BSUwiLCJlbnJvbGxSRU1PVEUiLCJtcmVzb2x2ZXJ3cml0ZSIsImFzc2lnbiIsIm90cF9waW5fbWF4bGVuZ3RoIiwiZW5yb2xsU1NIS0VZIiwiaW1wb3J0dG9rZW5zIiwib3RwX3Bpbl9taW5sZW5ndGgiLCJlbnJvbGxEQVBMVUciLCJyZXNvbHZlcndyaXRlIiwiZGVsZXRlIl0sInJvbGUiOiJhZG1pbiIsImV4cCI6MTU4NDg2NjY4OH0.FAtrfRkzJb-X5nQCyOUr9aOAeDgaLTPwLsv1NfCddy0

object(stdClass)[4]
public 'jsonrpc' => string '2.0' (length=3)
public 'signature' => string '12316517632138395189632461287149406328390439375478872819310228352061054981679177119501176421759990246995774081037306845215448228191687595244216845265633980427977138877124803332710780107789008218049261445715242496885793780461257110777841433761749670572987412489617905045320228812425932645545623505248730792937196817850494416706872130554223962635811643048198806357531646751775614833831767422437044195665204228033067035253780798018674918390560411057868577264537753688145763095347864291064872833757020383644805796021'... (length=617)
public 'detail' => null
public 'version' => string 'privacyIDEA 2.23.5' (length=18)
public 'result' =>
object(stdClass)[5]
public 'status' => boolean false
public 'error' =>
object(stdClass)[6]
public 'message' => string 'Authentication failure. Error during decoding your token: Not enough segments' (length=77)
public 'code' => int 4304
public 'time' => float 1584863089.2937
public 'id' => int 1

@cornelinux

This comment has been minimized.

Copy link
Member

@cornelinux cornelinux commented Mar 22, 2020

Then you are probably doing another mistake.
See https://privacyidea.readthedocs.io/en/latest/modules/api/auth.html#authentication-endpoints

For questions how to use privacyIDEA and concepts (your 2nd one) please got to https://community.privacyidea.org

@cornelinux cornelinux closed this Mar 22, 2020
@cornelinux

This comment has been minimized.

Copy link
Member

@cornelinux cornelinux commented Mar 22, 2020

@cartenca You may want to take a look at the implementation of our simpleSAMLphp module, which also uses the trigger challenge or at our ownCloud Plugin. Thus you can see how we did it in PHP.
https://github.com/privacyidea/simplesamlphp-module-privacyidea/
https://github.com/privacyidea/privacyidea-owncloud-app

I closed this issue, because it is not an issue with privacyIDEA.
Please understand, that we are using the github issues to develop the privacyIDEA software, not to help other using privacyIDEA or integrating it.
For this, please go to the beforementioned community forum.
Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.