Is there anything unique that needs to be configured to use TOTP?
I have user authentication working using HOTP however fails when using TOTP.
When I test the code and token in PI I get the following:
maybe you configured sha256 or sha512 and your token-app (Google, MS..) can’t cope with it. Try sha1 or use PI-Authenticator
1 Like
I am using the PI app. The config is:
-
assignment_date: 2026-01-14T05:18:59+00:00
-
count_auth: 15
-
creation_date: 2026-01-14T05:18:59+00:00
-
hashlib: sha1
-
timeShift: 0.0
-
timeStep: 30
-
timeWindow: 1
-
tokenkind: software
I have not specified a PIN. Is this required for TOTP?
timewindow is the time in seconds, that the systems looks before the current time and after the current time.
So with timewindow=1 you are telling privacyIDEA to actually only look “now”, not even within the 30 seconds interval but really, right NOW. This will of course always fail, since the user can not enter the OTP value “NOW”.
Set this to the sensible value like 90, 120. You think you can set it to 30, but this will again also fail in 50% of the cases.
Worked, thank you.
-
assignment_date: 2026-01-16T02:28:47+00:00
-
count_auth: 1
-
count_auth_success: 1
-
creation_date: 2026-01-16T02:28:47+00:00
-
hashlib: sha1
-
last_auth: 2026-01-16 13:30:09.874640+1100
-
timeShift: -9.0
-
timeStep: 30
-
timeWindow: 120
-
tokenkind: software
1 Like