New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pi-server can't decode response (not enough segments) #49
Comments
I gave it another look and solved the issue. Apparently a file .netrc existed in my local system which held some basic authorization data. This info was used by the admin tool, causing the issue. Changing the header field name to PI-Authorization prevents the required auth information to be overwritten by the my local system. Removing the file resolved it. Note: Communication with the API through the "httpie" http tool did NOT use this information, therefore cause no issue. |
We could however enance the privacyidea tool by adding a parameter, that allows to use PI-Authoriztation. I propose an additional boolean parameter I am happily willing to add this in the new click setup. @laclaro what do you think? I am willing to reopen this issue. |
A command line parameter can be used to use the PI-Authorization header instead of the Authorization header. This way we keep up the backward compatibility and allow more flexibility in the future. Closes #49
This is perfectly fine for me. Since the cause of such an error is not obvious, we should hint to it in the documentation also. |
Hi,
similar as in privacyidea/privacyidea#2123, the request sent to privacyIDEA should contain a PI-Authorization header. The privacyidea admin tool does only sends "Authorization".
privacyideaadm/privacyideautils/clientutils.py
Line 141 in ad4dcf1
Apparently, under normal circumstances, this does not cause any issues. However, in my current local Ubuntu 18.04 machine, the any privacyidea server requested throws an error. The privacyideaadm tool is installed via venv and pip.
Testing the same privacyideaadm installation scheme from within a Ubuntu 18.04 VM does not cause any problems. The same PI servers respond correctly.
Debugging this behavior lead to the fact, that the Authorization header containing the jwt is not present on the server side, when the error occurs. However, wireshark reports that it is sent to the server. With pycharm in debug mode, I found only a basic Authorization http header (I don't know for what purpose it is used). This header only contains a base64-string which privacyidea tries to decode and does (of course) no succeed.
To make a long story short: exchanging Authorization for PI-Authorization solves the problem of my (very strange?) machine. I think this is not really worth to dig further.
Best
Henning
The text was updated successfully, but these errors were encountered: