OK, folks.
That is easy.
Changing the defaultTimeStep after enrolling the token?
I guess there at least 10 others out there, who can explain this! ;-)Am Donnerstag, den 25.08.2016, 02:51 -0700 schrieb Luis Gerardo:
Hi,
I need to change the validity time of a TOTP token from 30 seconds to
60. To do this I went to Config → TOTP Token Settings and I changed
the Default Time Step to a value of 60 but now the codes never
expire!!
The Default Time Window is 180 and the Default Time Shift is 0.
In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY: privacyIDEA Support Level
OK, folks.
That is easy.
Changing the defaultTimeStep after enrolling the token?
I guess there at least 10 others out there, who can explain this!
If it’s possible to change a TimeStep for a generated token from the server
(privacyIDEA) also the client (example Google Authenticator) will need to
know this time/period for generate/verify/authenticate token. Right?On Thursday, August 25, 2016 at 11:54:04 AM UTC+2, Cornelius Kölbel wrote:
OK, folks.
That is easy.
Changing the defaultTimeStep after enrolling the token?
I guess there at least 10 others out there, who can explain
this! ;-)
If it’s possible to change a TimeStep for a generated token from the
server (privacyIDEA) also the client (example Google Authenticator)
will need to know this time/period for generate/verify/authenticate
token. Right?
Hi Luis,
Sim is right. And in addition, if you change the defaultTimeStep, this
has no effect on the token. You need to change this in the token
details.
also note: The timestep does not tell, how long the OTP value is valid!
Kind regards
CorneliusAm Donnerstag, den 25.08.2016, 03:08 -0700 schrieb simvirus@gmail.com:
On Thursday, August 25, 2016 at 11:54:04 AM UTC+2, Cornelius Kölbel wrote:
In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY: privacyIDEA Support Level
Works as expected.
The default timewindow is imho 180 seconds.
I.e. system looks 180secs before and after to cope with drifting clocks.
I.e. if you wait 90secs, this looks like the clock of your totp token
would be late 90secs. Look at the tokens timeShift!Am Donnerstag, den 25.08.2016, 10:16 -0700 schrieb Luis Gerardo:
I am using FreeOTp app.
When I say “The code don’t expire” I mean that I never get a “wrong
otp value” when I use a otp from the app. Despite of wait 90 seconds
or more. I only get this error if I try to use it more than once.
El jueves, 25 de agosto de 2016, 12:55:51 (UTC+2), Cornelius Kölbel escribió:
Please really improve your questioning!
What do you mean "The code don't expire"? F***** guessing
here.
I am GUESSING you enrolled an HOTP token!
Are you using an App or a hardware TOTP token?
Kind regards
Cornelius
Am Donnerstag, den 25.08.2016, 03:49 -0700 schrieb Luis
Gerardo:
> Hi Cornelius,
>
>
> I changed the defaultTimeStep to 60. After that I created a
enrolled a
> new token but ignored the 60 seconds. When I set
defaultTimeStep to 30
> seconds again and I enrolled a new token the codes don't
expire. And I
> don't know what is happening :(
>
> El jueves, 25 de agosto de 2016, 11:54:04 (UTC+2), Cornelius Kölbel escribió:
> OK, folks.
> That is easy.
> Changing the defaultTimeStep after enrolling the
token?
>
> I guess there at least 10 others out there, who can
explain
> this! ;-)
>
> Am Donnerstag, den 25.08.2016, 02:51 -0700 schrieb
Luis
> Gerardo:
> > Hi,
> >
> >
> > I need to change the validity time of a TOTP token
from 30
> seconds to
> > 60. To do this I went to Config -> TOTP Token
Settings and I
> changed
> > the Default Time Step to a value of 60 but now the
codes
> never
> > expire!!
> >
> >
> > The Default Time Window is 180 and the Default
Time Shift is
> 0.
> >
> >
> > Does anyone know what I'm doing wrong?
> >
> >
> > Thanks,
> > Luis
> >
> >
> >
> >
> > --
> > Please read the blog post about getting help
> > https://www.privacyidea.org/getting-help/.
> >
> > For professional services and consultancy
regarding two
> factor
> > authentication please visit
> >
https://netknights.it/en/leistungen/one-time-services/
> >
> > In an enterprise environment you should get a
SERVICE LEVEL
> AGREEMENT
> > which suites your needs for SECURITY, AVAILABILITY
and
> LIABILITY:
> >
>
https://netknights.it/en/leistungen/service-level-agreements/
> > ---
> > You received this message because you are
subscribed to the
> Google
> > Groups "privacyidea" group.
> > To unsubscribe from this group and stop receiving
emails
> from it, send
> > an email to privacyidea...@googlegroups.com.
> > To post to this group, send email to
> priva...@googlegroups.com.
> > Visit this group at
> https://groups.google.com/group/privacyidea.
> > To view this discussion on the web visit
> >
>
https://groups.google.com/d/msgid/privacyidea/039c47c0-52de-46ca-bb5f-38f7ed07088d%40googlegroups.com.
> > For more options, visit
https://groups.google.com/d/optout.
>
> --
> Cornelius Kölbel
> corneliu...@netknights.it
> +49 151 2960 1417
>
> NetKnights GmbH
> http://www.netknights.it
> Landgraf-Karl-Str. 19, 34131 Kassel, Germany
> Tel: +49 561 3166797, Fax: +49 561 3166798
>
> Amtsgericht Kassel, HRB 16405
> Geschäftsführer: Cornelius Kölbel
>
>
> --
> Please read the blog post about getting help
> https://www.privacyidea.org/getting-help/.
>
> For professional services and consultancy regarding two
factor
> authentication please visit
> https://netknights.it/en/leistungen/one-time-services/
>
> In an enterprise environment you should get a SERVICE LEVEL
AGREEMENT
> which suites your needs for SECURITY, AVAILABILITY and
LIABILITY:
>
https://netknights.it/en/leistungen/service-level-agreements/
> ---
> You received this message because you are subscribed to the
Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails
from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to
priva...@googlegroups.com.
> Visit this group at
https://groups.google.com/group/privacyidea.
> To view this discussion on the web visit
>
https://groups.google.com/d/msgid/privacyidea/99a94bd0-b931-4087-8345-79c81dc8c110%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY: privacyIDEA Support Level
What do you mean “The code don’t expire”? F***** guessing here.
I am GUESSING you enrolled an HOTP token!
Are you using an App or a hardware TOTP token?
Kind regards
CorneliusAm Donnerstag, den 25.08.2016, 03:49 -0700 schrieb Luis Gerardo:
Hi Cornelius,
I changed the defaultTimeStep to 60. After that I created a enrolled a
new token but ignored the 60 seconds. When I set defaultTimeStep to 30
seconds again and I enrolled a new token the codes don’t expire. And I
don’t know what is happening
El jueves, 25 de agosto de 2016, 11:54:04 (UTC+2), Cornelius Kölbel escribió:
OK, folks.
That is easy.
Changing the defaultTimeStep after enrolling the token?
I guess there at least 10 others out there, who can explain
this! ;-)
Am Donnerstag, den 25.08.2016, 02:51 -0700 schrieb Luis
Gerardo:
> Hi,
>
>
> I need to change the validity time of a TOTP token from 30
seconds to
> 60. To do this I went to Config -> TOTP Token Settings and I
changed
> the Default Time Step to a value of 60 but now the codes
never
> expire!!
>
>
> The Default Time Window is 180 and the Default Time Shift is
0.
>
>
> Does anyone know what I'm doing wrong?
>
>
> Thanks,
> Luis
>
>
>
>
> --
> Please read the blog post about getting help
> https://www.privacyidea.org/getting-help/.
>
> For professional services and consultancy regarding two
factor
> authentication please visit
> https://netknights.it/en/leistungen/one-time-services/
>
> In an enterprise environment you should get a SERVICE LEVEL
AGREEMENT
> which suites your needs for SECURITY, AVAILABILITY and
LIABILITY:
>
https://netknights.it/en/leistungen/service-level-agreements/
> ---
> You received this message because you are subscribed to the
Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails
from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to
priva...@googlegroups.com.
> Visit this group at
https://groups.google.com/group/privacyidea.
> To view this discussion on the web visit
>
https://groups.google.com/d/msgid/privacyidea/039c47c0-52de-46ca-bb5f-38f7ed07088d%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY: privacyIDEA Support Level
But there are too many parameters missing. In my opinion the behaviour
is right - since RFC6238 implementation is right. But I can not explain
to you WHY this is happening (due to missing parameters).
And I am not born into this world to request every single parameter one
by one here to explain this behaviour.
You may take a look at the tests.
If you are convince the behaviour is wrong, please add a corresponding
test.
Kind regards
CorneliusAm Freitag, den 26.08.2016, 02:58 -0700 schrieb Luis Gerardo:
Hi Cornelius,
I’ve made the test below:
I enroll a token with timeStep: 30 and timeWindow: 120 (so, the otp
is valid for 120 seconds, and in this time 4 otps will be generated.
Is it?)
I wait until I have 5 different otp
I test the token with the first otp I get and I get a success with
a timeShift of -280
I don’t understand this results. It would fail the test. Does it have
sense?
Kind regards
Luis
El jueves, 25 de agosto de 2016, 22:46:55 (UTC+2), Cornelius Kölbel escribió:
Works as expected.
The default timewindow is imho 180 seconds.
I.e. system looks 180secs before and after to cope with
drifting clocks.
I.e. if you wait 90secs, this looks like the clock of your
totp token
would be late 90secs. Look at the tokens timeShift!
Am Donnerstag, den 25.08.2016, 10:16 -0700 schrieb Luis
Gerardo:
> I am using FreeOTp app.
>
>
> When I say "The code don't expire" I mean that I never get a
"wrong
> otp value" when I use a otp from the app. Despite of wait 90
seconds
> or more. I only get this error if I try to use it more than
once.
>
> El jueves, 25 de agosto de 2016, 12:55:51 (UTC+2), Cornelius Kölbel escribió:
> Please really improve your questioning!
>
> What do you mean "The code don't expire"? F*****
guessing
> here.
> I am GUESSING you enrolled an HOTP token!
>
> Are you using an App or a hardware TOTP token?
>
> Kind regards
> Cornelius
>
> Am Donnerstag, den 25.08.2016, 03:49 -0700 schrieb
Luis
> Gerardo:
> > Hi Cornelius,
> >
> >
> > I changed the defaultTimeStep to 60. After that I
created a
> enrolled a
> > new token but ignored the 60 seconds. When I set
> defaultTimeStep to 30
> > seconds again and I enrolled a new token the codes
don't
> expire. And I
> > don't know what is happening :(
> >
> > El jueves, 25 de agosto de 2016, 11:54:04 (UTC+2), Cornelius Kölbel escribió:
> > OK, folks.
> > That is easy.
> > Changing the defaultTimeStep after
enrolling the
> token?
> >
> > I guess there at least 10 others out
there, who can
> explain
> > this! ;-)
> >
> > Am Donnerstag, den 25.08.2016, 02:51 -0700 schrieb
> Luis
> > Gerardo:
> > > Hi,
> > >
> > >
> > > I need to change the validity time of a
TOTP token
> from 30
> > seconds to
> > > 60. To do this I went to Config -> TOTP
Token
> Settings and I
> > changed
> > > the Default Time Step to a value of 60
but now the
> codes
> > never
> > > expire!!
> > >
> > >
> > > The Default Time Window is 180 and the
Default
> Time Shift is
> > 0.
> > >
> > >
> > > Does anyone know what I'm doing wrong?
> > >
> > >
> > > Thanks,
> > > Luis
> > >
> > >
> > >
> > >
> > > --
> > > Please read the blog post about getting
help
> > >
https://www.privacyidea.org/getting-help/.
> > >
> > > For professional services and
consultancy
> regarding two
> > factor
> > > authentication please visit
> > >
>
https://netknights.it/en/leistungen/one-time-services/
> > >
> > > In an enterprise environment you should
get a
> SERVICE LEVEL
> > AGREEMENT
> > > which suites your needs for SECURITY,
AVAILABILITY
> and
> > LIABILITY:
> > >
> >
>
https://netknights.it/en/leistungen/service-level-agreements/
> > > ---
> > > You received this message because you
are
> subscribed to the
> > Google
> > > Groups "privacyidea" group.
> > > To unsubscribe from this group and stop
receiving
> emails
> > from it, send
> > > an email to
privacyidea...@googlegroups.com.
> > > To post to this group, send email to
> > priva...@googlegroups.com.
> > > Visit this group at
> >
https://groups.google.com/group/privacyidea.
> > > To view this discussion on the web
visit
> > >
> >
>
https://groups.google.com/d/msgid/privacyidea/039c47c0-52de-46ca-bb5f-38f7ed07088d%40googlegroups.com.
> > > For more options, visit
> https://groups.google.com/d/optout.
> >
> > --
> > Cornelius Kölbel
> > corneliu...@netknights.it
> > +49 151 2960 1417
> >
> > NetKnights GmbH
> > http://www.netknights.it
> > Landgraf-Karl-Str. 19, 34131 Kassel,
Germany
> > Tel: +49 561 3166797, Fax: +49 561
3166798
> >
> > Amtsgericht Kassel, HRB 16405
> > Geschäftsführer: Cornelius Kölbel
> >
> >
> > --
> > Please read the blog post about getting help
> > https://www.privacyidea.org/getting-help/.
> >
> > For professional services and consultancy
regarding two
> factor
> > authentication please visit
> >
https://netknights.it/en/leistungen/one-time-services/
> >
> > In an enterprise environment you should get a
SERVICE LEVEL
> AGREEMENT
> > which suites your needs for SECURITY, AVAILABILITY
and
> LIABILITY:
> >
>
https://netknights.it/en/leistungen/service-level-agreements/
> > ---
> > You received this message because you are
subscribed to the
> Google
> > Groups "privacyidea" group.
> > To unsubscribe from this group and stop receiving
emails
> from it, send
> > an email to privacyidea...@googlegroups.com.
> > To post to this group, send email to
> priva...@googlegroups.com.
> > Visit this group at
> https://groups.google.com/group/privacyidea.
> > To view this discussion on the web visit
> >
>
https://groups.google.com/d/msgid/privacyidea/99a94bd0-b931-4087-8345-79c81dc8c110%40googlegroups.com.
> > For more options, visit
https://groups.google.com/d/optout.
>
> --
> Cornelius Kölbel
> corneliu...@netknights.it
> +49 151 2960 1417
>
> NetKnights GmbH
> http://www.netknights.it
> Landgraf-Karl-Str. 19, 34131 Kassel, Germany
> Tel: +49 561 3166797, Fax: +49 561 3166798
>
> Amtsgericht Kassel, HRB 16405
> Geschäftsführer: Cornelius Kölbel
>
>
> --
> Please read the blog post about getting help
> https://www.privacyidea.org/getting-help/.
>
> For professional services and consultancy regarding two
factor
> authentication please visit
> https://netknights.it/en/leistungen/one-time-services/
>
> In an enterprise environment you should get a SERVICE LEVEL
AGREEMENT
> which suites your needs for SECURITY, AVAILABILITY and
LIABILITY:
>
https://netknights.it/en/leistungen/service-level-agreements/
> ---
> You received this message because you are subscribed to the
Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails
from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to
priva...@googlegroups.com.
> Visit this group at
https://groups.google.com/group/privacyidea.
> To view this discussion on the web visit
>
https://groups.google.com/d/msgid/privacyidea/03f9af56-9ee2-491a-acc2-af00d946e95c%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY: privacyIDEA Support Level