Remove PIN from Token

Hello Cornelius and all !

Is it possible to remove PIN from a Token (by WEB or API) ?

The only option that I found is to manually clean the sql table (pin_seed &
pin_hash).

Regards

Sim

Excuse me… I’ve another question…

I’ve requested token by SMS and received it.

This is the “List Challenges”:

Wed, 24 Aug 2016 09:33:28 GMT PISM0000CC7B 00155976067561524466
Wed, 24 Aug 2016 09:38:28 GMT 0

Now… I’m waiting more than 5 minutes…
And then I try to validate token… (09:43)

Result…

“matching 1 tokens”, “type”: “sms”, “serial”: “PISM0000CC7B”, “otplen”: 6}
“result”: {“status”: true, “value”: true}, “time”: 1472024584.399257, “id”:
1}

Mmmm…

This is the log

11572 - 8/24/16 09:43:04 - GET /validate/check - 1 - PISM0000CC7B - …
matching 1 tokens - OK

But the Challenges report expiration : 09:38:28

Is it a bug or a settings?
And what is the “Received: 0”?.. it’s always 0.

Regards
SimOn Wednesday, August 24, 2016 at 9:44:38 AM UTC+2, Cornelius Kölbel wrote:

Hi Sim,

regarding the failcounter:

Is this right?
https://github.com/privacyidea/privacyidea/issues/471
Or please add more description to this ticket with regards
to your problem.

Kind regards
Cornelius

Hi Cornelius,
you are right!

Setting an empty password not clear the DB record but set “empty” correctly.

Yes, i’m using otppin=none as you know but it’s not the best solution with
SMS token.

Now I’m testing otppin=tokenpin and “empty” PIN (for TOTP). It’s equal to
otppin=none,
but I can set PIN for SMS token.

It’s work correctly but there is always the “failcounter” problem for TOTP

SimOn Wednesday, August 24, 2016 at 9:22:47 AM UTC+2, Cornelius Kölbel wrote:

Hi Sim,

you can set an empty password or you can set the policy otppin=none.

Kind regards
Cornelius

Am Mittwoch, den 24.08.2016, 00:09 -0700 schrieb simv...@gmail.com
<javascript:>:

Hello Cornelius and all !

Is it possible to remove PIN from a Token (by WEB or API) ?

The only option that I found is to manually clean the sql table
(pin_seed & pin_hash).

Regards

Sim


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit

https://groups.google.com/d/msgid/privacyidea/e46596f7-7de8-43f9-9a2d-0db2b0d7daa8%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
corneliu...@netknights.it <javascript:>
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

Hi Sim,

regarding the failcounter:

Is this right?


Or please add more description to this ticket with regards
to your problem.

Kind regards
CorneliusAm Mittwoch, den 24.08.2016, 00:42 -0700 schrieb simvirus@gmail.com:

Hi Cornelius,
you are right!

Setting an empty password not clear the DB record but set “empty”
correctly.

Yes, i’m using otppin=none as you know but it’s not the best solution
with SMS token.

Now I’m testing otppin=tokenpin and “empty” PIN (for TOTP). It’s equal
to otppin=none,
but I can set PIN for SMS token.

It’s work correctly but there is always the “failcounter” problem for
TOTP

Sim

On Wednesday, August 24, 2016 at 9:22:47 AM UTC+2, Cornelius Kölbel wrote:
Hi Sim,

    you can set an empty password or you can set the policy
    otppin=none. 
    
    Kind regards 
    Cornelius 
    
    Am Mittwoch, den 24.08.2016, 00:09 -0700 schrieb
    simv...@gmail.com: 
    > Hello Cornelius and all ! 
    > 
    > Is it possible to remove PIN from a Token (by WEB or API) ? 
    > 
    > The only option that I found is to manually clean the sql
    table 
    > (pin_seed & pin_hash). 
    > 
    > Regards 
    > 
    > Sim 
    > 
    > -- 
    > Please read the blog post about getting help 
    > https://www.privacyidea.org/getting-help/. 
    >   
    > For professional services and consultancy regarding two
    factor 
    > authentication please visit 
    > https://netknights.it/en/leistungen/one-time-services/ 
    >   
    > In an enterprise environment you should get a SERVICE LEVEL
    AGREEMENT 
    > which suites your needs for SECURITY, AVAILABILITY and
    LIABILITY: 
    >
    https://netknights.it/en/leistungen/service-level-agreements/ 
    > --- 
    > You received this message because you are subscribed to the
    Google 
    > Groups "privacyidea" group. 
    > To unsubscribe from this group and stop receiving emails
    from it, send 
    > an email to privacyidea...@googlegroups.com. 
    > To post to this group, send email to
    priva...@googlegroups.com. 
    > Visit this group at
    https://groups.google.com/group/privacyidea. 
    > To view this discussion on the web visit 
    >
    https://groups.google.com/d/msgid/privacyidea/e46596f7-7de8-43f9-9a2d-0db2b0d7daa8%40googlegroups.com. 
    > For more options, visit https://groups.google.com/d/optout. 
    
    -- 
    Cornelius Kölbel 
    corneliu...@netknights.it 
    +49 151 2960 1417 
    
    NetKnights GmbH 
    http://www.netknights.it 
    Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
    Tel: +49 561 3166797, Fax: +49 561 3166798 
    
    Amtsgericht Kassel, HRB 16405 
    Geschäftsführer: Cornelius Kölbel 


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/7c4d5e77-88dc-42ef-a524-5a5ccf3b9ae0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)

Hi Sim,

you can set an empty password or you can set the policy otppin=none.

Kind regards
CorneliusAm Mittwoch, den 24.08.2016, 00:09 -0700 schrieb simvirus@gmail.com:

Hello Cornelius and all !

Is it possible to remove PIN from a Token (by WEB or API) ?

The only option that I found is to manually clean the sql table
(pin_seed & pin_hash).

Regards

Sim


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/e46596f7-7de8-43f9-9a2d-0db2b0d7daa8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)

Hi Sim,

the “0” is the received_count. Roughly It is increased if an invalid
response for this transactinId was retrieved.

The expiration date of a challenge is checked here:

So there might be some confusions with the datatime and your database
column.

You could add a

log.error(c_now)
log.error(self.expiration)

So we would know, what might be wrong there.

Kind regards
CorneliusAm Mittwoch, den 24.08.2016, 00:51 -0700 schrieb simvirus@gmail.com:

Excuse me… I’ve another question…

I’ve requested token by SMS and received it.

This is the “List Challenges”:

Wed, 24 Aug 2016 09:33:28 GMT PISM0000CC7B
00155976067561524466 Wed, 24 Aug 2016 09:38:28 GMT 0

Now… I’m waiting more than 5 minutes…
And then I try to validate token… (09:43)

Result…

“matching 1 tokens”, “type”: “sms”, “serial”: “PISM0000CC7B”,
“otplen”: 6}
“result”: {“status”: true, “value”: true}, “time”: 1472024584.399257,
“id”: 1}

Mmmm…

This is the log

11572 - 8/24/16 09:43:04 - GET /validate/check - 1 - PISM0000CC7B

  • … matching 1 tokens - OK

But the Challenges report expiration : 09:38:28

Is it a bug or a settings?
And what is the “Received: 0”?.. it’s always 0.

Regards
Sim

On Wednesday, August 24, 2016 at 9:44:38 AM UTC+2, Cornelius Kölbel wrote:
Hi Sim,

    regarding the failcounter: 
    
    Is this right? 
    https://github.com/privacyidea/privacyidea/issues/471 
    Or please add more description to this ticket with regards 
    to your problem. 
    
    Kind regards 
    Cornelius 


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/053ab032-2bab-4254-ac14-4bb182958cf3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)

  • This is the code

    def is_valid(self):
    ""“
    Returns true, if the expiration time has not passed, yet.
    :return: True if valid
    :rtype: bool
    ”""
    ret = False
    c_now = datetime.now()
    log.error(“XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX”)
    log.error(c_now)
    log.error(self.expiration)
    if c_now < self.expiration:
    ret = True
    return ret

  • enabled PI_LOGLEVEL = logging.DEBUG

  • rm /usr/lib/python2.7/dist-packages/privacyidea/models.pyc

  • restarted Apache

  • request SMS PIN and used it (/validate/check?user=…) before expire (for
    a test)

…but not “XXXXX…” in /var/log/privacyidea/privacyidea.log …

mmm…On Thursday, August 25, 2016 at 12:38:58 PM UTC+2, Cornelius Kölbel wrote:

Yes, that’s right.

Am Donnerstag, den 25.08.2016, 02:58 -0700 schrieb simv...@gmail.com
<javascript:>:

Well, I can add

log.error(c_now)
log.error(self.expiration)

in the middle of 1090 and 1091, right?

Regards
Sim

On Thursday, August 25, 2016 at 11:48:47 AM UTC+2, Cornelius Kölbel wrote:
Hi Sim,

    the "0" is the received_count. Roughly It is increased if an 
    invalid 
    response for this transactinId was retrieved. 
    
    The expiration date of a challenge is checked here: 

https://github.com/privacyidea/privacyidea/blob/master/privacyidea/models.py#L1083

    So there might be some confusions with the datatime and your 
    database 
    column. 
    
    You could add a 
    
      log.error(c_now) 
      log.error(self.expiration) 
    
    So we would know, what might be wrong there. 
    
    Kind regards 
    Cornelius 
    
    Am Mittwoch, den 24.08.2016, 00:51 -0700 schrieb 
    simv...@gmail.com: 
    > Excuse me... I've another question..... 
    > 
    > I've requested token by SMS and received it. 
    > 
    > This is the "List Challenges": 
    > 
    > Wed, 24 Aug 2016 09:33:28 GMT     PISM0000CC7B 
    > 00155976067561524466     Wed, 24 Aug 2016 09:38:28 GMT 
    0 
    > 
    > Now... I'm waiting more than 5 minutes..... 
    > And then I try to validate token.. (09:43) 
    > 
    > Result.. 
    > 
    > "matching 1 tokens", "type": "sms", "serial": 
    "PISM0000CC7B", 
    > "otplen": 6} 
    > "result": {"status": true, "value": true}, "time": 
    1472024584.399257, 
    > "id": 1} 
    > 
    > Mmmm.... 
    > 
    > This is the log 
    > 
    > 11572 - 8/24/16 09:43:04 - GET /validate/check - 1 - 
    PISM0000CC7B 
    > - ... matching 1 tokens - OK 
    > 
    > But the Challenges report expiration : 09:38:28 
    > 
    > Is it a bug or a settings? 
    > And what is the "Received: 0"?... it's always 0. 
    > 
    > Regards 
    > Sim 
    > 
    > 
    > 
    > On Wednesday, August 24, 2016 at 9:44:38 AM UTC+2, Cornelius  Kölbel  wrote: 
    >         Hi Sim, 
    >         
    >         regarding the failcounter: 
    >         
    >         Is this right? 
    > 
    https://github.com/privacyidea/privacyidea/issues/471 
    >         Or please add more description to this ticket with 
    regards 
    >         to your problem. 
    >         
    >         Kind regards 
    >         Cornelius 
    >         
    > -- 
    > Please read the blog post about getting help 
    > https://www.privacyidea.org/getting-help/. 
    >   
    > For professional services and consultancy regarding two 
    factor 
    > authentication please visit 
    > https://netknights.it/en/leistungen/one-time-services/ 
    >   
    > In an enterprise environment you should get a SERVICE LEVEL 
    AGREEMENT 
    > which suites your needs for SECURITY, AVAILABILITY and 
    LIABILITY: 
    > 
    https://netknights.it/en/leistungen/service-level-agreements/ 
    > --- 
    > You received this message because you are subscribed to the 
    Google 
    > Groups "privacyidea" group. 
    > To unsubscribe from this group and stop receiving emails 
    from it, send 
    > an email to privacyidea...@googlegroups.com. 
    > To post to this group, send email to 
    priva...@googlegroups.com. 
    > Visit this group at 
    https://groups.google.com/group/privacyidea. 
    > To view this discussion on the web visit 
    > 

https://groups.google.com/d/msgid/privacyidea/053ab032-2bab-4254-ac14-4bb182958cf3%40googlegroups.com.

    > For more options, visit https://groups.google.com/d/optout. 
    
    -- 
    Cornelius Kölbel 
    corneliu...@netknights.it 
    +49 151 2960 1417 
    
    NetKnights GmbH 
    http://www.netknights.it 
    Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
    Tel: +49 561 3166797, Fax: +49 561 3166798 
    
    Amtsgericht Kassel, HRB 16405 
    Geschäftsführer: Cornelius Kölbel 


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit

https://groups.google.com/d/msgid/privacyidea/289b29e0-54e4-4d65-b47a-c8fd016049d6%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
corneliu...@netknights.it <javascript:>
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

Yes, that’s right.Am Donnerstag, den 25.08.2016, 02:58 -0700 schrieb simvirus@gmail.com:

Well, I can add

log.error(c_now)
log.error(self.expiration)

in the middle of 1090 and 1091, right?

Regards
Sim

On Thursday, August 25, 2016 at 11:48:47 AM UTC+2, Cornelius Kölbel wrote:
Hi Sim,

    the "0" is the received_count. Roughly It is increased if an
    invalid 
    response for this transactinId was retrieved. 
    
    The expiration date of a challenge is checked here: 
    
    https://github.com/privacyidea/privacyidea/blob/master/privacyidea/models.py#L1083 
    
    So there might be some confusions with the datatime and your
    database 
    column. 
    
    You could add a 
    
      log.error(c_now) 
      log.error(self.expiration) 
    
    So we would know, what might be wrong there. 
    
    Kind regards 
    Cornelius 
    
    Am Mittwoch, den 24.08.2016, 00:51 -0700 schrieb
    simv...@gmail.com: 
    > Excuse me... I've another question..... 
    > 
    > I've requested token by SMS and received it. 
    > 
    > This is the "List Challenges": 
    > 
    > Wed, 24 Aug 2016 09:33:28 GMT     PISM0000CC7B 
    > 00155976067561524466     Wed, 24 Aug 2016 09:38:28 GMT
    0 
    > 
    > Now... I'm waiting more than 5 minutes..... 
    > And then I try to validate token.. (09:43) 
    > 
    > Result.. 
    > 
    > "matching 1 tokens", "type": "sms", "serial":
    "PISM0000CC7B", 
    > "otplen": 6} 
    > "result": {"status": true, "value": true}, "time":
    1472024584.399257, 
    > "id": 1} 
    > 
    > Mmmm.... 
    > 
    > This is the log 
    > 
    > 11572 - 8/24/16 09:43:04 - GET /validate/check - 1 -
    PISM0000CC7B 
    > - ... matching 1 tokens - OK 
    > 
    > But the Challenges report expiration : 09:38:28 
    > 
    > Is it a bug or a settings? 
    > And what is the "Received: 0"?... it's always 0. 
    > 
    > Regards 
    > Sim 
    > 
    > 
    > 
    > On Wednesday, August 24, 2016 at 9:44:38 AM UTC+2, Cornelius Kölbel  wrote: 
    >         Hi Sim, 
    >         
    >         regarding the failcounter: 
    >         
    >         Is this right? 
    >
    https://github.com/privacyidea/privacyidea/issues/471 
    >         Or please add more description to this ticket with
    regards 
    >         to your problem. 
    >         
    >         Kind regards 
    >         Cornelius 
    >         
    > -- 
    > Please read the blog post about getting help 
    > https://www.privacyidea.org/getting-help/. 
    >   
    > For professional services and consultancy regarding two
    factor 
    > authentication please visit 
    > https://netknights.it/en/leistungen/one-time-services/ 
    >   
    > In an enterprise environment you should get a SERVICE LEVEL
    AGREEMENT 
    > which suites your needs for SECURITY, AVAILABILITY and
    LIABILITY: 
    >
    https://netknights.it/en/leistungen/service-level-agreements/ 
    > --- 
    > You received this message because you are subscribed to the
    Google 
    > Groups "privacyidea" group. 
    > To unsubscribe from this group and stop receiving emails
    from it, send 
    > an email to privacyidea...@googlegroups.com. 
    > To post to this group, send email to
    priva...@googlegroups.com. 
    > Visit this group at
    https://groups.google.com/group/privacyidea. 
    > To view this discussion on the web visit 
    >
    https://groups.google.com/d/msgid/privacyidea/053ab032-2bab-4254-ac14-4bb182958cf3%40googlegroups.com. 
    > For more options, visit https://groups.google.com/d/optout. 
    
    -- 
    Cornelius Kölbel 
    corneliu...@netknights.it 
    +49 151 2960 1417 
    
    NetKnights GmbH 
    http://www.netknights.it 
    Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
    Tel: +49 561 3166797, Fax: +49 561 3166798 
    
    Amtsgericht Kassel, HRB 16405 
    Geschäftsführer: Cornelius Kölbel 


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/289b29e0-54e4-4d65-b47a-c8fd016049d6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)

Well, I can add

log.error(c_now)
log.error(self.expiration)

in the middle of 1090 and 1091, right?

Regards
SimOn Thursday, August 25, 2016 at 11:48:47 AM UTC+2, Cornelius Kölbel wrote:

Hi Sim,

the “0” is the received_count. Roughly It is increased if an invalid
response for this transactinId was retrieved.

The expiration date of a challenge is checked here:

https://github.com/privacyidea/privacyidea/blob/master/privacyidea/models.py#L1083

So there might be some confusions with the datatime and your database
column.

You could add a

log.error(c_now)
log.error(self.expiration)

So we would know, what might be wrong there.

Kind regards
Cornelius

Am Mittwoch, den 24.08.2016, 00:51 -0700 schrieb simv...@gmail.com
<javascript:>:

Excuse me… I’ve another question…

I’ve requested token by SMS and received it.

This is the “List Challenges”:

Wed, 24 Aug 2016 09:33:28 GMT PISM0000CC7B
00155976067561524466 Wed, 24 Aug 2016 09:38:28 GMT 0

Now… I’m waiting more than 5 minutes…
And then I try to validate token… (09:43)

Result…

“matching 1 tokens”, “type”: “sms”, “serial”: “PISM0000CC7B”,
“otplen”: 6}
“result”: {“status”: true, “value”: true}, “time”: 1472024584.399257,
“id”: 1}

Mmmm…

This is the log

11572 - 8/24/16 09:43:04 - GET /validate/check - 1 - PISM0000CC7B

  • … matching 1 tokens - OK

But the Challenges report expiration : 09:38:28

Is it a bug or a settings?
And what is the “Received: 0”?.. it’s always 0.

Regards
Sim

On Wednesday, August 24, 2016 at 9:44:38 AM UTC+2, Cornelius Kölbel wrote:
Hi Sim,

    regarding the failcounter: 
    
    Is this right? 
    https://github.com/privacyidea/privacyidea/issues/471 
    Or please add more description to this ticket with regards 
    to your problem. 
    
    Kind regards 
    Cornelius 


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit

https://groups.google.com/d/msgid/privacyidea/053ab032-2bab-4254-ac14-4bb182958cf3%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
corneliu...@netknights.it <javascript:>
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

Excuse me again…

Any idea about this?

Regards
SimOn Wednesday, August 24, 2016 at 9:51:53 AM UTC+2, simv...@gmail.com wrote:

Excuse me… I’ve another question…

I’ve requested token by SMS and received it.

This is the “List Challenges”:

Wed, 24 Aug 2016 09:33:28 GMT PISM0000CC7B 00155976067561524466
Wed, 24 Aug 2016 09:38:28 GMT 0

Now… I’m waiting more than 5 minutes…
And then I try to validate token… (09:43)

Result…

“matching 1 tokens”, “type”: “sms”, “serial”: “PISM0000CC7B”, “otplen”: 6}
“result”: {“status”: true, “value”: true}, “time”: 1472024584.399257,
“id”: 1}

Mmmm…

This is the log

11572 - 8/24/16 09:43:04 - GET /validate/check - 1 - PISM0000CC7B - …
matching 1 tokens - OK

But the Challenges report expiration : 09:38:28

Is it a bug or a settings?
And what is the “Received: 0”?.. it’s always 0.

Regards
Sim

Hi Sim,

I am not sure if this is a bug or a misunderstanding.
I opened an issue on github


since for me the mailing list is the wrong place to track this.

Kind regards
CorneliusAm Donnerstag, den 25.08.2016, 08:09 -0700 schrieb simvirus@gmail.com:

  • This is the code

    def is_valid(self):
    “”"
    Returns true, if the expiration time has not passed, yet.
    :return: True if valid
    :rtype: bool
    “”"
    ret = False
    c_now = datetime.now()
    log.error(“XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX”)
    log.error(c_now)
    log.error(self.expiration)
    if c_now < self.expiration:
    ret = True
    return ret

  • enabled PI_LOGLEVEL = logging.DEBUG

  • rm /usr/lib/python2.7/dist-packages/privacyidea/models.pyc

  • restarted Apache

  • request SMS PIN and used it (/validate/check?user=…) before expire
    (for a test)

…but not “XXXXX…” in /var/log/privacyidea/privacyidea.log …

mmm…

On Thursday, August 25, 2016 at 12:38:58 PM UTC+2, Cornelius Kölbel wrote:
Yes, that’s right.

    Am Donnerstag, den 25.08.2016, 02:58 -0700 schrieb
    simv...@gmail.com: 
    > Well, I can add 
    > 
    >   log.error(c_now) 
    >   log.error(self.expiration) 
    > 
    > in the middle of 1090 and 1091, right? 
    > 
    > Regards 
    > Sim 
    > 
    > 
    > On Thursday, August 25, 2016 at 11:48:47 AM UTC+2, Cornelius Kölbel  wrote: 
    >         Hi Sim, 
    >         
    >         the "0" is the received_count. Roughly It is
    increased if an 
    >         invalid 
    >         response for this transactinId was retrieved. 
    >         
    >         The expiration date of a challenge is checked here: 
    >         
    >
    https://github.com/privacyidea/privacyidea/blob/master/privacyidea/models.py#L1083 
    >         
    >         So there might be some confusions with the datatime
    and your 
    >         database 
    >         column. 
    >         
    >         You could add a 
    >         
    >           log.error(c_now) 
    >           log.error(self.expiration) 
    >         
    >         So we would know, what might be wrong there. 
    >         
    >         Kind regards 
    >         Cornelius 
    >         
    >         Am Mittwoch, den 24.08.2016, 00:51 -0700 schrieb 
    >         simv...@gmail.com: 
    >         > Excuse me... I've another question..... 
    >         > 
    >         > I've requested token by SMS and received it. 
    >         > 
    >         > This is the "List Challenges": 
    >         > 
    >         > Wed, 24 Aug 2016 09:33:28 GMT     PISM0000CC7B 
    >         > 00155976067561524466     Wed, 24 Aug 2016 09:38:28
    GMT 
    >         0 
    >         > 
    >         > Now... I'm waiting more than 5 minutes..... 
    >         > And then I try to validate token.. (09:43) 
    >         > 
    >         > Result.. 
    >         > 
    >         > "matching 1 tokens", "type": "sms", "serial": 
    >         "PISM0000CC7B", 
    >         > "otplen": 6} 
    >         > "result": {"status": true, "value": true},
    "time": 
    >         1472024584.399257, 
    >         > "id": 1} 
    >         > 
    >         > Mmmm.... 
    >         > 
    >         > This is the log 
    >         > 
    >         > 11572 - 8/24/16 09:43:04 - GET /validate/check - 1
    - 
    >         PISM0000CC7B 
    >         > - ... matching 1 tokens - OK 
    >         > 
    >         > But the Challenges report expiration : 09:38:28 
    >         > 
    >         > Is it a bug or a settings? 
    >         > And what is the "Received: 0"?... it's always 0. 
    >         > 
    >         > Regards 
    >         > Sim 
    >         > 
    >         > 
    >         > 
    >         > On Wednesday, August 24, 2016 at 9:44:38 AM UTC+2, Cornelius  Kölbel  wrote: 
    >         >         Hi Sim, 
    >         >         
    >         >         regarding the failcounter: 
    >         >         
    >         >         Is this right? 
    >         > 
    >
    https://github.com/privacyidea/privacyidea/issues/471 
    >         >         Or please add more description to this
    ticket with 
    >         regards 
    >         >         to your problem. 
    >         >         
    >         >         Kind regards 
    >         >         Cornelius 
    >         >         
    >         > -- 
    >         > Please read the blog post about getting help 
    >         > https://www.privacyidea.org/getting-help/. 
    >         >   
    >         > For professional services and consultancy
    regarding two 
    >         factor 
    >         > authentication please visit 
    >         >
    https://netknights.it/en/leistungen/one-time-services/ 
    >         >   
    >         > In an enterprise environment you should get a
    SERVICE LEVEL 
    >         AGREEMENT 
    >         > which suites your needs for SECURITY, AVAILABILITY
    and 
    >         LIABILITY: 
    >         > 
    >
    https://netknights.it/en/leistungen/service-level-agreements/ 
    >         > --- 
    >         > You received this message because you are
    subscribed to the 
    >         Google 
    >         > Groups "privacyidea" group. 
    >         > To unsubscribe from this group and stop receiving
    emails 
    >         from it, send 
    >         > an email to privacyidea...@googlegroups.com. 
    >         > To post to this group, send email to 
    >         priva...@googlegroups.com. 
    >         > Visit this group at 
    >         https://groups.google.com/group/privacyidea. 
    >         > To view this discussion on the web visit 
    >         > 
    >
    https://groups.google.com/d/msgid/privacyidea/053ab032-2bab-4254-ac14-4bb182958cf3%40googlegroups.com. 
    >         > For more options, visit
    https://groups.google.com/d/optout. 
    >         
    >         -- 
    >         Cornelius Kölbel 
    >         corneliu...@netknights.it 
    >         +49 151 2960 1417 
    >         
    >         NetKnights GmbH 
    >         http://www.netknights.it 
    >         Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
    >         Tel: +49 561 3166797, Fax: +49 561 3166798 
    >         
    >         Amtsgericht Kassel, HRB 16405 
    >         Geschäftsführer: Cornelius Kölbel 
    >         
    >         
    > -- 
    > Please read the blog post about getting help 
    > https://www.privacyidea.org/getting-help/. 
    >   
    > For professional services and consultancy regarding two
    factor 
    > authentication please visit 
    > https://netknights.it/en/leistungen/one-time-services/ 
    >   
    > In an enterprise environment you should get a SERVICE LEVEL
    AGREEMENT 
    > which suites your needs for SECURITY, AVAILABILITY and
    LIABILITY: 
    >
    https://netknights.it/en/leistungen/service-level-agreements/ 
    > --- 
    > You received this message because you are subscribed to the
    Google 
    > Groups "privacyidea" group. 
    > To unsubscribe from this group and stop receiving emails
    from it, send 
    > an email to privacyidea...@googlegroups.com. 
    > To post to this group, send email to
    priva...@googlegroups.com. 
    > Visit this group at
    https://groups.google.com/group/privacyidea. 
    > To view this discussion on the web visit 
    >
    https://groups.google.com/d/msgid/privacyidea/289b29e0-54e4-4d65-b47a-c8fd016049d6%40googlegroups.com. 
    > For more options, visit https://groups.google.com/d/optout. 
    
    -- 
    Cornelius Kölbel 
    corneliu...@netknights.it 
    +49 151 2960 1417 
    
    NetKnights GmbH 
    http://www.netknights.it 
    Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
    Tel: +49 561 3166797, Fax: +49 561 3166798 
    
    Amtsgericht Kassel, HRB 16405 
    Geschäftsführer: Cornelius Kölbel 


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/be113139-2821-40eb-97d5-5aa7a5902db0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)

Hi Sim,

could it be, that you are authenticating like this:

  1. username
    password

-> you get your SMS with OTP

  1. username
    password + otp

Kind regards
CorneliusAm Donnerstag, den 25.08.2016, 08:09 -0700 schrieb simvirus@gmail.com:

  • This is the code

    def is_valid(self):
    “”"
    Returns true, if the expiration time has not passed, yet.
    :return: True if valid
    :rtype: bool
    “”"
    ret = False
    c_now = datetime.now()
    log.error(“XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX”)
    log.error(c_now)
    log.error(self.expiration)
    if c_now < self.expiration:
    ret = True
    return ret

  • enabled PI_LOGLEVEL = logging.DEBUG

  • rm /usr/lib/python2.7/dist-packages/privacyidea/models.pyc

  • restarted Apache

  • request SMS PIN and used it (/validate/check?user=…) before expire
    (for a test)

…but not “XXXXX…” in /var/log/privacyidea/privacyidea.log …

mmm…

On Thursday, August 25, 2016 at 12:38:58 PM UTC+2, Cornelius Kölbel wrote:
Yes, that’s right.

    Am Donnerstag, den 25.08.2016, 02:58 -0700 schrieb
    simv...@gmail.com: 
    > Well, I can add 
    > 
    >   log.error(c_now) 
    >   log.error(self.expiration) 
    > 
    > in the middle of 1090 and 1091, right? 
    > 
    > Regards 
    > Sim 
    > 
    > 
    > On Thursday, August 25, 2016 at 11:48:47 AM UTC+2, Cornelius Kölbel  wrote: 
    >         Hi Sim, 
    >         
    >         the "0" is the received_count. Roughly It is
    increased if an 
    >         invalid 
    >         response for this transactinId was retrieved. 
    >         
    >         The expiration date of a challenge is checked here: 
    >         
    >
    https://github.com/privacyidea/privacyidea/blob/master/privacyidea/models.py#L1083 
    >         
    >         So there might be some confusions with the datatime
    and your 
    >         database 
    >         column. 
    >         
    >         You could add a 
    >         
    >           log.error(c_now) 
    >           log.error(self.expiration) 
    >         
    >         So we would know, what might be wrong there. 
    >         
    >         Kind regards 
    >         Cornelius 
    >         
    >         Am Mittwoch, den 24.08.2016, 00:51 -0700 schrieb 
    >         simv...@gmail.com: 
    >         > Excuse me... I've another question..... 
    >         > 
    >         > I've requested token by SMS and received it. 
    >         > 
    >         > This is the "List Challenges": 
    >         > 
    >         > Wed, 24 Aug 2016 09:33:28 GMT     PISM0000CC7B 
    >         > 00155976067561524466     Wed, 24 Aug 2016 09:38:28
    GMT 
    >         0 
    >         > 
    >         > Now... I'm waiting more than 5 minutes..... 
    >         > And then I try to validate token.. (09:43) 
    >         > 
    >         > Result.. 
    >         > 
    >         > "matching 1 tokens", "type": "sms", "serial": 
    >         "PISM0000CC7B", 
    >         > "otplen": 6} 
    >         > "result": {"status": true, "value": true},
    "time": 
    >         1472024584.399257, 
    >         > "id": 1} 
    >         > 
    >         > Mmmm.... 
    >         > 
    >         > This is the log 
    >         > 
    >         > 11572 - 8/24/16 09:43:04 - GET /validate/check - 1
    - 
    >         PISM0000CC7B 
    >         > - ... matching 1 tokens - OK 
    >         > 
    >         > But the Challenges report expiration : 09:38:28 
    >         > 
    >         > Is it a bug or a settings? 
    >         > And what is the "Received: 0"?... it's always 0. 
    >         > 
    >         > Regards 
    >         > Sim 
    >         > 
    >         > 
    >         > 
    >         > On Wednesday, August 24, 2016 at 9:44:38 AM UTC+2, Cornelius  Kölbel  wrote: 
    >         >         Hi Sim, 
    >         >         
    >         >         regarding the failcounter: 
    >         >         
    >         >         Is this right? 
    >         > 
    >
    https://github.com/privacyidea/privacyidea/issues/471 
    >         >         Or please add more description to this
    ticket with 
    >         regards 
    >         >         to your problem. 
    >         >         
    >         >         Kind regards 
    >         >         Cornelius 
    >         >         
    >         > -- 
    >         > Please read the blog post about getting help 
    >         > https://www.privacyidea.org/getting-help/. 
    >         >   
    >         > For professional services and consultancy
    regarding two 
    >         factor 
    >         > authentication please visit 
    >         >
    https://netknights.it/en/leistungen/one-time-services/ 
    >         >   
    >         > In an enterprise environment you should get a
    SERVICE LEVEL 
    >         AGREEMENT 
    >         > which suites your needs for SECURITY, AVAILABILITY
    and 
    >         LIABILITY: 
    >         > 
    >
    https://netknights.it/en/leistungen/service-level-agreements/ 
    >         > --- 
    >         > You received this message because you are
    subscribed to the 
    >         Google 
    >         > Groups "privacyidea" group. 
    >         > To unsubscribe from this group and stop receiving
    emails 
    >         from it, send 
    >         > an email to privacyidea...@googlegroups.com. 
    >         > To post to this group, send email to 
    >         priva...@googlegroups.com. 
    >         > Visit this group at 
    >         https://groups.google.com/group/privacyidea. 
    >         > To view this discussion on the web visit 
    >         > 
    >
    https://groups.google.com/d/msgid/privacyidea/053ab032-2bab-4254-ac14-4bb182958cf3%40googlegroups.com. 
    >         > For more options, visit
    https://groups.google.com/d/optout. 
    >         
    >         -- 
    >         Cornelius Kölbel 
    >         corneliu...@netknights.it 
    >         +49 151 2960 1417 
    >         
    >         NetKnights GmbH 
    >         http://www.netknights.it 
    >         Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
    >         Tel: +49 561 3166797, Fax: +49 561 3166798 
    >         
    >         Amtsgericht Kassel, HRB 16405 
    >         Geschäftsführer: Cornelius Kölbel 
    >         
    >         
    > -- 
    > Please read the blog post about getting help 
    > https://www.privacyidea.org/getting-help/. 
    >   
    > For professional services and consultancy regarding two
    factor 
    > authentication please visit 
    > https://netknights.it/en/leistungen/one-time-services/ 
    >   
    > In an enterprise environment you should get a SERVICE LEVEL
    AGREEMENT 
    > which suites your needs for SECURITY, AVAILABILITY and
    LIABILITY: 
    >
    https://netknights.it/en/leistungen/service-level-agreements/ 
    > --- 
    > You received this message because you are subscribed to the
    Google 
    > Groups "privacyidea" group. 
    > To unsubscribe from this group and stop receiving emails
    from it, send 
    > an email to privacyidea...@googlegroups.com. 
    > To post to this group, send email to
    priva...@googlegroups.com. 
    > Visit this group at
    https://groups.google.com/group/privacyidea. 
    > To view this discussion on the web visit 
    >
    https://groups.google.com/d/msgid/privacyidea/289b29e0-54e4-4d65-b47a-c8fd016049d6%40googlegroups.com. 
    > For more options, visit https://groups.google.com/d/optout. 
    
    -- 
    Cornelius Kölbel 
    corneliu...@netknights.it 
    +49 151 2960 1417 
    
    NetKnights GmbH 
    http://www.netknights.it 
    Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
    Tel: +49 561 3166797, Fax: +49 561 3166798 
    
    Amtsgericht Kassel, HRB 16405 
    Geschäftsführer: Cornelius Kölbel 


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/be113139-2821-40eb-97d5-5aa7a5902db0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)