Hi all, I am having some issues in testing my tokens, its the same outcome for both totp and hotp.
ERROR is “OTP Verification Fails”
Background:
Token type HOTP - set to both 256 and 512 with the same error
Using Google Authenticator on my mobile phone
Using the test OTP only command for the token.
OS is RedHat 8.3
Using VirtualEnv
Using Python 3.6
Using PrivacyIdea 3.5.2 (I had the same errors while on 3.5.1 and upgraded to see if that fixed it, but it didnt)
Below is an extract from the error files using Debug mode, the only error that stands out to me is:
[privacyidea.api.lib.utils:254] Can not get param: Expecting value: line 1 column 1 (char 0)
The rest of the extract:
[2021-04-10 15:52:34,493][1279][139653445302016][DEBUG][privacyidea.lib.token:186] Entering check_otp with arguments (‘OATH000051D8’, ‘964784’) and keywords {}
[2021-04-10 15:52:34,493][1279][139653445302016][DEBUG][privacyidea.lib.token:186] Entering get_tokens with arguments () and keywords {‘serial’: ‘OATH000051D8’}
[2021-04-10 15:52:34,496][1279][139653445302016][DEBUG][privacyidea.lib.token:186] Entering create_tokenclass_object with arguments (<<class ‘privacyidea.models.Token’> {"’_sa_instance_state’": ‘<sqlalchemy.orm.state.InstanceState object at 0x7f037b247da0>’, “‘key_enc’”: “‘Enc Key Is The Same’”, “‘tokentype’”: “‘hotp’”, “‘count_window’”: ‘10’, “‘key_iv’”: “‘5504b8a59cd863d9dfb3a8ec4b659931’”, “‘user_pin’”: “’’”, “‘sync_window’”: ‘1000’, “‘maxfail’”: ‘10’, “‘user_pin_iv’”: “’’”, “‘rollout_state’”: “’’”, “‘id’”: ‘337’, “‘active’”: ‘True’, “‘so_pin’”: “’’”, “‘revoked’”: ‘False’, “‘so_pin_iv’”: “’’”, “‘locked’”: ‘False’, “‘pin_seed’”: “’’”, “‘failcount’”: ‘0’, “‘description’”: “’’”, “‘otplen’”: ‘6’, “‘serial’”: “‘OATH000051D8’”, “‘count’”: ‘0’, “‘pin_hash’”: “’$argon2id$v=19$m=102400,t=9,p=8$8D6nlLL23hujtDbGmHOOcQ$H2O1OD9h4OU7ZS9ldS/hVA’”}>,) and keywords {}
[2021-04-10 15:52:34,497][1279][139653445302016][DEBUG][privacyidea.lib.tokens.hotptoken:186] Entering init with arguments (<<class ‘privacyidea.lib.tokens.hotptoken.HotpTokenClass’> {}>, <<class ‘privacyidea.models.Token’> {"’_sa_instance_state’": ‘<sqlalchemy.orm.state.InstanceState object at 0x7f037b247da0>’, “‘key_enc’”: “‘Enc Key Is The Same’”, “‘tokentype’”: “‘hotp’”, “‘count_window’”: ‘10’, “‘key_iv’”: “‘5504b8a59cd863d9dfb3a8ec4b659931’”, “‘user_pin’”: “’’”, “‘sync_window’”: ‘1000’, “‘maxfail’”: ‘10’, “‘user_pin_iv’”: “’’”, “‘rollout_state’”: “’’”, “‘id’”: ‘337’, “‘active’”: ‘True’, “‘so_pin’”: “’’”, “‘revoked’”: ‘False’, “‘so_pin_iv’”: “’’”, “‘locked’”: ‘False’, “‘pin_seed’”: “’’”, “‘failcount’”: ‘0’, “‘description’”: “’’”, “‘otplen’”: ‘6’, “‘serial’”: “‘OATH000051D8’”, “‘count’”: ‘0’, “‘pin_hash’”: “’$argon2id$v=19$m=102400,t=9,p=8$8D6nlLL23hujtDbGmHOOcQ$H2O1OD9h4OU7ZS9ldS/hVA’”}>) and keywords {}
[2021-04-10 15:52:34,498][1279][139653445302016][DEBUG][privacyidea.lib.tokenclass:186] Entering init with arguments (<<class ‘privacyidea.lib.tokens.hotptoken.HotpTokenClass’> {}>, <<class ‘privacyidea.models.Token’> {"’_sa_instance_state’": ‘<sqlalchemy.orm.state.InstanceState object at 0x7f037b247da0>’, “‘key_enc’”: “‘Enc Key Is The Same’”, “‘tokentype’”: “‘hotp’”, “‘count_window’”: ‘10’, “‘key_iv’”: “‘5504b8a59cd863d9dfb3a8ec4b659931’”, “‘user_pin’”: “’’”, “‘sync_window’”: ‘1000’, “‘maxfail’”: ‘10’, “‘user_pin_iv’”: “’’”, “‘rollout_state’”: “’’”, “‘id’”: ‘337’, “‘active’”: ‘True’, “‘so_pin’”: “’’”, “‘revoked’”: ‘False’, “‘so_pin_iv’”: “’’”, “‘locked’”: ‘False’, “‘pin_seed’”: “’’”, “‘failcount’”: ‘0’, “‘description’”: “’’”, “‘otplen’”: ‘6’, “‘serial’”: “‘OATH000051D8’”, “‘count’”: ‘0’, “‘pin_hash’”: “’$argon2id$v=19$m=102400,t=9,p=8$8D6nlLL23hujtDbGmHOOcQ$H2O1OD9h4OU7ZS9ldS/hVA’”}>) and keywords {}
[2021-04-10 15:52:34,498][1279][139653445302016][DEBUG][privacyidea.lib.tokenclass:198] Exiting init with result None
[2021-04-10 15:52:34,498][1279][139653445302016][DEBUG][privacyidea.lib.tokens.hotptoken:198] Exiting init with result None
[2021-04-10 15:52:34,499][1279][139653445302016][DEBUG][privacyidea.lib.token:198] Exiting create_tokenclass_object with result <<class ‘privacyidea.lib.tokens.hotptoken.HotpTokenClass’> {"‘token’": ‘<<class ‘privacyidea.models.Token’> {"’_sa_instance_state’": ‘<sqlalchemy.orm.state.InstanceState object at 0x7f037b247da0>’, “‘key_enc’”: “‘Enc Key Is The Same’”, “‘tokentype’”: “‘hotp’”, “‘count_window’”: ‘10’, “‘key_iv’”: “‘5504b8a59cd863d9dfb3a8ec4b659931’”, “‘user_pin’”: “’’”, “‘sync_window’”: ‘1000’, “‘maxfail’”: ‘10’, “‘user_pin_iv’”: “’’”, “‘rollout_state’”: “’’”, “‘id’”: ‘337’, “‘active’”: ‘True’, “‘so_pin’”: “’’”, “‘revoked’”: ‘False’, “‘so_pin_iv’”: “’’”, “‘locked’”: ‘False’, “‘pin_seed’”: “’’”, “‘failcount’”: ‘0’, “‘description’”: “’’”, “‘otplen’”: ‘6’, “‘serial’”: “‘OATH000051D8’”, “‘count’”: ‘0’, “‘pin_hash’”: “’$argon2id$v=19$m=102400,t=9,p=8$8D6nlLL23hujtDbGmHOOcQ$H2O1OD9h4OU7ZS9ldS/hVA’”}>’, “‘type’”: “‘hotp’”, “‘init_details’”: ‘{}’, “‘auth_details’”: ‘{}’, “‘hKeyRequired’”: ‘True’}>
[2021-04-10 15:52:34,499][1279][139653445302016][DEBUG][privacyidea.lib.token:198] Exiting get_tokens with result [<<class ‘privacyidea.lib.tokens.hotptoken.HotpTokenClass’> {"‘token’": ‘<<class ‘privacyidea.models.Token’> {"’_sa_instance_state’": ‘<sqlalchemy.orm.state.InstanceState object at 0x7f037b247da0>’, “‘key_enc’”: “‘Enc Key Is The Same’”, “‘tokentype’”: “‘hotp’”, “‘count_window’”: ‘10’, “‘key_iv’”: “‘5504b8a59cd863d9dfb3a8ec4b659931’”, “‘user_pin’”: “’’”, “‘sync_window’”: ‘1000’, “‘maxfail’”: ‘10’, “‘user_pin_iv’”: “’’”, “‘rollout_state’”: “’’”, “‘id’”: ‘337’, “‘active’”: ‘True’, “‘so_pin’”: “’’”, “‘revoked’”: ‘False’, “‘so_pin_iv’”: “’’”, “‘locked’”: ‘False’, “‘pin_seed’”: “’’”, “‘failcount’”: ‘0’, “‘description’”: “’’”, “‘otplen’”: ‘6’, “‘serial’”: “‘OATH000051D8’”, “‘count’”: ‘0’, “‘pin_hash’”: “’$argon2id$v=19$m=102400,t=9,p=8$8D6nlLL23hujtDbGmHOOcQ$H2O1OD9h4OU7ZS9ldS/hVA’”}>’, “‘type’”: “‘hotp’”, “‘init_details’”: ‘{}’, “‘auth_details’”: ‘{}’, “‘hKeyRequired’”: ‘True’}>]
[2021-04-10 15:52:34,500][1279][139653445302016][DEBUG][privacyidea.lib.tokens.hotptoken:186] Entering check_otp with arguments (<<class ‘privacyidea.lib.tokens.hotptoken.HotpTokenClass’> {"‘token’": ‘<<class ‘privacyidea.models.Token’> {"’_sa_instance_state’": ‘<sqlalchemy.orm.state.InstanceState object at 0x7f037b247da0>’, “‘key_enc’”: “‘Enc Key Is The Same’”, “‘tokentype’”: “‘hotp’”, “‘count_window’”: ‘10’, “‘key_iv’”: “‘5504b8a59cd863d9dfb3a8ec4b659931’”, “‘user_pin’”: “’’”, “‘sync_window’”: ‘1000’, “‘maxfail’”: ‘10’, “‘user_pin_iv’”: “’’”, “‘rollout_state’”: “’’”, “‘id’”: ‘337’, “‘active’”: ‘True’, “‘so_pin’”: “’’”, “‘revoked’”: ‘False’, “‘so_pin_iv’”: “’’”, “‘locked’”: ‘False’, “‘pin_seed’”: “’’”, “‘failcount’”: ‘0’, “‘description’”: “’’”, “‘otplen’”: ‘6’, “‘serial’”: “‘OATH000051D8’”, “‘count’”: ‘0’, “‘pin_hash’”: “’$argon2id$v=19$m=102400,t=9,p=8$8D6nlLL23hujtDbGmHOOcQ$H2O1OD9h4OU7ZS9ldS/hVA’”}>’, “‘type’”: “‘hotp’”, “‘init_details’”: ‘{}’, “‘auth_details’”: ‘{}’, “‘hKeyRequired’”: ‘True’}>, ‘964784’) and keywords {}
[2021-04-10 15:52:34,501][1279][139653445302016][DEBUG][privacyidea.models:186] Entering get_otpkey with arguments (<<class ‘privacyidea.models.Token’> {"’_sa_instance_state’": ‘<sqlalchemy.orm.state.InstanceState object at 0x7f037b247da0>’, “‘key_enc’”: “‘Enc Key Is The Same’”, “‘tokentype’”: “‘hotp’”, “‘count_window’”: ‘10’, “‘key_iv’”: “‘5504b8a59cd863d9dfb3a8ec4b659931’”, “‘user_pin’”: “’’”, “‘sync_window’”: ‘1000’, “‘maxfail’”: ‘10’, “‘user_pin_iv’”: “’’”, “‘rollout_state’”: “’’”, “‘id’”: ‘337’, “‘active’”: ‘True’, “‘so_pin’”: “’’”, “‘revoked’”: ‘False’, “‘so_pin_iv’”: “’’”, “‘locked’”: ‘False’, “‘pin_seed’”: “’’”, “‘failcount’”: ‘0’, “‘description’”: “’’”, “‘otplen’”: ‘6’, “‘serial’”: “‘OATH000051D8’”, “‘count’”: ‘0’, “‘pin_hash’”: “’$argon2id$v=19$m=102400,t=9,p=8$8D6nlLL23hujtDbGmHOOcQ$H2O1OD9h4OU7ZS9ldS/hVA’”}>,) and keywords {}
[2021-04-10 15:52:34,501][1279][139653445302016][DEBUG][privacyidea.models:198] Exiting get_otpkey with result <privacyidea.lib.crypto.SecretObj object at 0x7f037b24fef0>
[2021-04-10 15:52:34,503][1279][139653445302016][DEBUG][privacyidea.lib.tokens.HMAC:186] Entering checkOtp with arguments (<privacyidea.lib.tokens.HMAC.HmacOtp object at 0x7f037b24fba8>, ‘964784’, 10) and keywords {}
[2021-04-10 15:52:34,503][1279][139653445302016][DEBUG][privacyidea.lib.tokens.HMAC:153] OTP range counter: 0 - 10
[2021-04-10 15:52:34,503][1279][139653445302016][DEBUG][privacyidea.lib.crypto:186] Entering decrypt with arguments (b’\x9bhWR{{\x02Y\x83K\x12\x05\x93 \xd6\xf3\xe7\xa3\x1a\xc1\xf4\xba ‘4\xb5\xb7\xdb\xd8\x91\x19\x82\xc9\xcb\xb9v\xde<\xd1\xcf"\x97\x01\xa5\x9d\x91{~{E6\x92S\xd8\xa0g\xca\x91\x83>\xe8\xe9\xc1\xe6\n\x99\x01\xfa\x87k\xb1\xbd\x86m>BEF\xf9\xb0A\x05\xd0\xdf\xc1(\x91\x11gA\xfagfNNw\xd7\xf2\xd0X*\xac\x15R<\xc8\xd5\xd8\x0fH\xdb\xbc(\x1a\\x11\xa1!\xdf1p\x0b\t\x9a\x9eGQvUx\xe2\xa7\xb2\xa2\xc4\xee\xf2\x07 \xc4\xd9\x10\x02}’, b’U\x04\xb8\xa5\x9c\xd8c\xd9\xdf\xb3\xa8\xecKe\x991’) and keywords {}
[2021-04-10 15:52:34,504][1279][139653445302016][DEBUG][privacyidea.lib.crypto:186] Entering aes_cbc_decrypt with arguments (b’\xb6@a\x9c\x8e\xd5\x07>S\xfdF\xc5S\xefe\xe9\x0b4\xbb\xdb\x18\xb54KZ\xde\xea\xb8\xbe\xe4p\xd3’, b’U\x04\xb8\xa5\x9c\xd8c\xd9\xdf\xb3\xa8\xecKe\x991’, b’\x9bhWR{{\x02Y\x83K\x12\x05\x93 \xd6\xf3\xe7\xa3\x1a\xc1\xf4\xba ‘4\xb5\xb7\xdb\xd8\x91\x19\x82\xc9\xcb\xb9v\xde<\xd1\xcf"\x97\x01\xa5\x9d\x91{~{E6\x92S\xd8\xa0g\xca\x91\x83>\xe8\xe9\xc1\xe6\n\x99\x01\xfa\x87k\xb1\xbd\x86m>BEF\xf9\xb0A\x05\xd0\xdf\xc1(\x91\x11gA\xfagfNNw\xd7\xf2\xd0X*\xac\x15R<\xc8\xd5\xd8\x0fH\xdb\xbc(\x1a\\x11\xa1!\xdf1p\x0b\t\x9a\x9eGQvUx\xe2\xa7\xb2\xa2\xc4\xee\xf2\x07 \xc4\xd9\x10\x02}’) and keywords {}
[2021-04-10 15:52:34,504][1279][139653445302016][DEBUG][privacyidea.lib.crypto:200] Exiting aes_cbc_decrypt with result HIDDEN
[2021-04-10 15:52:34,504][1279][139653445302016][DEBUG][privacyidea.lib.crypto:200] Exiting decrypt with result HIDDEN
[2021-04-10 15:52:34,505][1279][139653445302016][DEBUG][privacyidea.lib.tokens.HMAC:198] Exiting checkOtp with result -1
[2021-04-10 15:52:34,505][1279][139653445302016][DEBUG][privacyidea.lib.tokens.hotptoken:186] Entering _autosync with arguments (<<class ‘privacyidea.lib.tokens.hotptoken.HotpTokenClass’> {"‘token’": ‘<<class ‘privacyidea.models.Token’> {"’_sa_instance_state’": ‘<sqlalchemy.orm.state.InstanceState object at 0x7f037b247da0>’, “‘key_enc’”: “‘Enc Key Is The Same’”, “‘tokentype’”: “‘hotp’”, “‘count_window’”: ‘10’, “‘key_iv’”: “‘5504b8a59cd863d9dfb3a8ec4b659931’”, “‘user_pin’”: “’’”, “‘sync_window’”: ‘1000’, “‘maxfail’”: ‘10’, “‘user_pin_iv’”: “’’”, “‘rollout_state’”: “’’”, “‘id’”: ‘337’, “‘active’”: ‘True’, “‘so_pin’”: “’’”, “‘revoked’”: ‘False’, “‘so_pin_iv’”: “’’”, “‘locked’”: ‘False’, “‘pin_seed’”: “’’”, “‘failcount’”: ‘0’, “‘description’”: “’’”, “‘otplen’”: ‘6’, “‘serial’”: “‘OATH000051D8’”, “‘count’”: ‘0’, “‘pin_hash’”: “’$argon2id$v=19$m=102400,t=9,p=8$8D6nlLL23hujtDbGmHOOcQ$H2O1OD9h4OU7ZS9ldS/hVA’”, “‘info_list’”: ‘[<TokenInfo 1058>, <TokenInfo 1051>]’}>’, “‘type’”: “‘hotp’”, “‘init_details’”: ‘{}’, “‘auth_details’”: ‘{}’, “‘hKeyRequired’”: ‘True’}>, <privacyidea.lib.tokens.HMAC.HmacOtp object at 0x7f037b24fba8>, ‘964784’) and keywords {}
[2021-04-10 15:52:34,506][1279][139653445302016][DEBUG][privacyidea.lib.config:186] Entering get_from_config with arguments (‘AutoResync’, False) and keywords {‘return_bool’: True}
[2021-04-10 15:52:34,506][1279][139653445302016][DEBUG][privacyidea.lib.config:198] Exiting get_from_config with result True
[2021-04-10 15:52:34,506][1279][139653445302016][DEBUG][privacyidea.lib.tokens.HMAC:186] Entering checkOtp with arguments (<privacyidea.lib.tokens.HMAC.HmacOtp object at 0x7f037b24fba8>, ‘964784’, 1000) and keywords {}
[2021-04-10 15:52:34,506][1279][139653445302016][DEBUG][privacyidea.lib.tokens.HMAC:153] OTP range counter: 10 - 1010
[2021-04-10 15:52:34,523][1279][139653445302016][DEBUG][privacyidea.lib.tokens.HMAC:198] Exiting checkOtp with result -1
[2021-04-10 15:52:34,524][1279][139653445302016][DEBUG][privacyidea.lib.tokens.hotptoken:198] Exiting _autosync with result -1
[2021-04-10 15:52:34,524][1279][139653445302016][DEBUG][privacyidea.lib.tokens.hotptoken:198] Exiting check_otp with result -1
[2021-04-10 15:52:34,524][1279][139653445302016][DEBUG][privacyidea.lib.token:198] Exiting check_otp with result (False, {‘message’: ‘OTP verification failed.’})
[2021-04-10 15:52:34,524][1279][139653445302016][DEBUG][privacyidea.lib.auditmodules.base:186] Entering log with arguments (<privacyidea.lib.auditmodules.sqlaudit.Audit object at 0x7f037b2d8630>, {‘info’: ‘OTP verification failed.’, ‘success’: False, ‘serial’: ‘OATH000051D8’, ‘token_type’: None}) and keywords {}
[2021-04-10 15:52:34,524][1279][139653445302016][DEBUG][privacyidea.lib.auditmodules.base:198] Exiting log with result None