Comments (6)
Thank you for filing an issue and sharing your observations or ideas. Please be sure to provide as much information as possible to help us to work on this issue.
from privacyidea.
Can be closed(or changed to future request) I have found in log, that "No subscription for your client." and finale answer at community, but anyway I suggest to add token to applications(i.e. to pi-ldapproxy and FreeRADIUS ) to protect from unauthorised requests and add more detailed return code(something like "Error 400 No subscription for your client.").
from privacyidea.
We already use the user-agent value to determine the plugin (and it's corresponding subscription).
We'll have to discuss if we want to augment the 400 error-message.
from privacyidea.
Yes, but the plugin could be standalone and communicate via public network not only localhost interface, it seems using token for protection could be good Idea, maybe add token to subscription to additional verification?
from privacyidea.
Yes, but the plugin could be standalone and communicate via public network not only localhost interface, it seems using token for protection could be good Idea, maybe add token to subscription to additional verification?
Hi @gitalexch i am not sure if i understand You correctly. Do You mean adding some kind of secret token to the user-agent
string? Like User-Agent: privacyIDEA-LDAP-Proxy/10/<secret token>
?
We can already require a valid API-key:
https://privacyidea.readthedocs.io/en/v3.9.2/policies/authorization.html#api-key-required
from privacyidea.
Hi, Yes, I mean something like API-key, maybe not in User-Agent attribute, but separate in Authorization or PI-Authorization attribute and built into subscription with subscription expiration date and so on...
And, I think it would be correct if you change label to Feature request....
from privacyidea.
Related Issues (20)
- pi-manage admin change --help documentation is not clear HOT 1
- Failure accessing from different networks - PyO3 modules may only be initialized once per interpreter process HOT 4
- Parameter confusion between "user" and "username" in POST /user/ request
- dpkg: error processing package privacyidea-apache2 (--configure) HOT 2
- E: The repository 'http://lancelot.netknights.it/community/bionic/stable focal Release' does not have a Release file. HOT 1
- Label policies for PUSH token enroll via validate/check
- Allow to change the text during multichallenge enrollment
- EventHandler: Order of stacking with policies
- Additional Event Condition: Result->Authentication
- Fix policy description
- login_text in webui policy is not applied HOT 12
- 2 person login HOT 3
- Mark privacyidea token in the qr code
- Development environment fails to upgrade the DB schema in regards to nodes. HOT 3
- Email format validation during enroll via multichallenge HOT 1
- Support button: Create support request HOT 1
- Add index to Challenge.expiration column HOT 2
- Wrong confirmDelete() call in JS
- Wrong text during enrolling email via multichallenge
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from privacyidea.