ADFS TOTP with PrivacyIDEA setup

Good day,
Having an issue connection PrivacyIDEA 3.2.2 server running on Ubuntu 18.04, all configuration (with small changes from official sources) done according to this article: https://blog.quickbreach.io/posts/setup-a-free-2fa-solution-on-owa/
the issue is following:
user access owa page, gets redirected to adfs, pass with log in and password to 2FA step (TOTP) and the gets error Login failed! Please try again!
on ADFS Server there are 2 error messages in eventlog:

  1. PrivacyIDEA Provider:
    validateOTP: The request was aborted: Could not create SSL/TLS secure channel.

System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
at System.Net.WebClient.UploadValues(Uri address, String method, NameValueCollection data)
at privacyIDEAADFSProvider.OTPprovider.validateOTP(String OTPuser, String OTPpin, String realm, String transaction_id)
2) Schannel:
A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.

Could not create SSL/TLS secure channel

Does your PI server have a valid SSL cert?

selfsigned cert and it is imported in trusted root ca on ADFS server. ADFS on the other hand signed by Let’s Encrypt Authority X3.

Might be this:

1 Like

You`re the legend, was thinking that this the TLS 1.x issue, but did not got that deep into apache2 configuration.
OPT working good now.