I have been trying to get OATH tokens working - both HOTP and TOTP.
Neither of them are properly validated, even without a set Pin.
Is there a way to debug the validation of these types of tokens?
The version I am using is 2.4 (installed via pip). The app used to generate
tokens is FreeOTP.
You can also take a look at the event validate/check in the audit log
(tab “audit” in the webui). Some additional information are there, too.
So you installed via pip.
How are you running privacyIDEA. Are you running via wsgi in Apache2?
Kind regards
CorneliusAm Dienstag, den 30.06.2015, 05:50 -0700 schrieb r_pi:
Hello,
I have been trying to get OATH tokens working - both HOTP and TOTP.
Neither of them are properly validated, even without a set Pin.
Is there a way to debug the validation of these types of tokens?
The version I am using is 2.4 (installed via pip). The app used to
generate tokens is FreeOTP.
I found out that actually HOTP works well with FreeOTP after some initial
attempts have failed.
FreeOTP should also be capable of using different hashing algorithms, as it
display some other algorithms besides SHA1 in the manual config dialogue.
Naturally, for that to work, the algorithm has to be included in the
othpauth://-URI. [1]
Kind regards
CorneliusAm Dienstag, den 30.06.2015, 05:50 -0700 schrieb r_pi:
Hello,
I have been trying to get OATH tokens working - both HOTP and TOTP.
Neither of them are properly validated, even without a set Pin.
Is there a way to debug the validation of these types of tokens?
The version I am using is 2.4 (installed via pip). The app used to
generate tokens is FreeOTP.
…indeed FreeOTP works with HOTP.
Was not aware of this :-)Am Dienstag, den 30.06.2015, 19:24 +0200 schrieb Cornelius Kölbel:
Oh, this is new to me, that FreeOTP supports HOTP.
What version on which device are you running?
Am Dienstag, den 30.06.2015, 09:54 -0700 schrieb r_pi:
Hello,
I found out that actually HOTP works well with FreeOTP after some
initial attempts have failed.
FreeOTP should also be capable of using different hashing algorithms,
as it display some other algorithms besides SHA1 in the manual config
dialogue.
Naturally, for that to work, the algorithm has to be included in the
othpauth://-URI. [1]
Hi Robin,
by the way: FreeOTP only works with TOTP.
In case of TOTP you need to check that
* the clocks are in sync
* Sha1 is used!
* the timestep is set to 30secs.
Kind regards
Cornelius
Oh, this is new to me, that FreeOTP supports HOTP.
What version on which device are you running?Am Dienstag, den 30.06.2015, 09:54 -0700 schrieb r_pi:
Hello,
I found out that actually HOTP works well with FreeOTP after some
initial attempts have failed.
FreeOTP should also be capable of using different hashing algorithms,
as it display some other algorithms besides SHA1 in the manual config
dialogue.
Naturally, for that to work, the algorithm has to be included in the
othpauth://-URI. [1]
Hi Robin,
by the way: FreeOTP only works with TOTP.
In case of TOTP you need to check that
* the clocks are in sync
* Sha1 is used!
* the timestep is set to 30secs.
Kind regards
Cornelius
I think there might be an issue with the first counter when enrolling
HOTP token resulting in that the first OTP value generated by the e.g.
Google Authenticator will not work but the second one.
Kind regards
CorneliusAm Donnerstag, den 02.07.2015, 02:01 -0700 schrieb r_pi:
Sadly, at the time these errors occurred, I did not have
an appropriate log level configured, hence I have no idea what might
have caused it.
After some further attempts it suddenly worked.
I will post my findings, though, in case this behavior reoccurs.
Kind regards,
Robin
Great,
do you know what the problem was?
maybe we should improve the docs.
Kind regards
cornelius
Sadly, at the time these errors occurred, I did not have an appropriate log
level configured, hence I have no idea what might have caused it.
After some further attempts it suddenly worked.
I will post my findings, though, in case this behavior reoccurs.
Kind regards,
Robin
Great,> do you know what the problem was?
maybe we should improve the docs.
Kind regards
cornelius