Issues with enrollment of PUSH tokens

Question
1

Hi everyone,
I’m having some issues setting up PUSH tokens in my enviroment.
I can create the token, but when my endpoint (my android phone) tries to connect it gets the following error:
"
Sending public RSA key failed

Rolling out token PIPU0001B918 failed
Status Code 525
"
My phone pings the server with no issue.
We are running version 3.9.2, and since this is a test enviroment we are using the dummy subscription

Here is a screenshot of my policies:

Screenshot
Screenshot1808×366 32.4 KB

Am i missing something?

Thanks in advance for any help.

2

  1. Check in the Audit log, if the correct policies are used. You are using realm names in policies, this can be a reason for a different expected logic. I recommend to keep the poliicies as basic/simple as possible.

  2. Most probably you do not have a valid certificate on your registraion url. Check if you have configure push_ssl_verify=0 in your enrollment poliy!

  3. On your smartphone check if you can actually open the registration URL in your browser.

3

Hi,

Thanks for the suggestions!

I’ll what you’ve suggest and let you know what i figure out.

4

Hi again,

I tried some of the suggestions, removing realm names from policies and moving push_ssl_verify=0 to enrollment policy.
Screenshot

Screenshot3
Screenshot31809×353 30.6 KB

My phone can access the enrollment url but still fails when adding to the authenticator app. I’m getting a new error

"
Sending public RSA key failed

Rolling out token PIPU00021D8E failed
Status Code 405
"

Do you have any suggestions what to do from here?

P.S i also added a Let’s Encrypt certificate, i don’t know if that is relevant.

5

hi,
you need to add /ttype/push to the end of your enrollment url.

1 Like
6

This worked!

Thank you so much :slight_smile:

In conclusion i had the realms set incorrectly, push_ssl_verify on the wrong policy, and was missing /ttype/push at the end of my URL.

Thanks to the help everyone!

1 Like