SMS Token - Proxy / websms.de support

shade · October 19, 2015, 1:55pm

Hey Guys,

me again… SMS Token configuration works now. But it seems that with this
config:

{ “URL” : “https://api.websms.com/rest/smsmessaging/simple”,
“PARAMETER” : {
“access_token”:“1234567890”,
“test”:“false”
},
“SMS_PHONENUMBER_KEY”:“recipientAddressList”,
“SMS_TEXT_KEY”:“messageContent”,
“HTTP_Method”:“GET”,
“PROXY”:“http://192.168.1.11:3128”,
“RETURN_SUCCESS”:“OK”
}

the proxy isn’t working at all. Because there is no connection made to the
proxy from our PrivacyIDEA host.
I test it with a radius client and i get “Reply-Message = “wrong otp pin””,
which is correct because i only sent the OTP Pin but no OTP itself.
The user has a valid sms token assiged. I also testet the websms.de syntax
it via a simple GET request with curl directly and the sms arrived on my
mobile.

This URL works on the shell via
curl: https://api.websms.com/rest/smsmessaging/simple?access_token=1234567890&recipientAddressList=49160123467&messageContent=hello%20world!&test=false

Thanks for your help!

Wolfgang

Joost_Vaarhorst · October 19, 2015, 1:59pm

I have exactly the same problem with my own SMS gateway and on Centos 7.

I’ve followed the instructions on:

https://www.privacyidea.org/two-factor-authentication-with-otp-on-centos-7/

And I’ve created several different policies like:

“otppin”: “userstore”
“smsautosend”: true

Etc.Op maandag 19 oktober 2015 15:55:53 UTC+2 schreef sh…@shade.sh:

Hey Guys,

me again… SMS Token configuration works now. But it seems that with this
config:

{ “URL” : “https://api.websms.com/rest/smsmessaging/simple”,
“PARAMETER” : {
“access_token”:“1234567890”,
“test”:“false”
},
“SMS_PHONENUMBER_KEY”:“recipientAddressList”,
“SMS_TEXT_KEY”:“messageContent”,
“HTTP_Method”:“GET”,
“PROXY”:“http://192.168.1.11:3128”,
“RETURN_SUCCESS”:“OK”
}

the proxy isn’t working at all. Because there is no connection made to the
proxy from our PrivacyIDEA host.
I test it with a radius client and i get “Reply-Message = “wrong otp
pin””, which is correct because i only sent the OTP Pin but no OTP itself.
The user has a valid sms token assiged. I also testet the websms.de
syntax it via a simple GET request with curl directly and the sms arrived
on my mobile.

This URL works on the shell via curl:
https://api.websms.com/rest/smsmessaging/simple?access_token=1234567890&recipientAddressList=49160123467&messageContent=hello%20world!&test=false

Thanks for your help!

Wolfgang

cornelinux · October 19, 2015, 4:24pm

Hi,

you can also use privacyIDEA API to test this.

Call

https://yourserver/validate/check?user=youruser&pass=otppin

The you get “wrong otp pin”, you probably have entered the wrong otp
pin.

In the response of the API call you will see a detail->message, which
will tell you, if the SMS was send (in fact if the http-url could be
called).

The correct OTP PIN triggers the sending of the SMS. If - for what
reason ever - the otppin is wrong, the SMS will not be triggered.

I suspect it is a similar problem like with the email token.
The SMS token is always a challenge response token, but it is inherited
from the hotptoken, which can act as challenge response.

Please try creating a policy
scope:authentication
action:challenge_response=sms

Drop me a note, if this triggers the SMS.

THanks a lot and kind regards
CorneliusAm Montag, den 19.10.2015, 06:55 -0700 schrieb shade@shade.sh:

Hey Guys,

me again… SMS Token configuration works now. But it seems that with
this config:

{ “URL” : “https://api.websms.com/rest/smsmessaging/simple”,
“PARAMETER” : {
“access_token”:“1234567890”,
“test”:“false”
},
“SMS_PHONENUMBER_KEY”:“recipientAddressList”,
“SMS_TEXT_KEY”:“messageContent”,
“HTTP_Method”:“GET”,
“PROXY”:“http://192.168.1.11:3128”,
“RETURN_SUCCESS”:“OK”
}

the proxy isn’t working at all. Because there is no connection made to
the proxy from our PrivacyIDEA host.
I test it with a radius client and i get “Reply-Message = “wrong otp
pin””, which is correct because i only sent the OTP Pin but no OTP
itself.
The user has a valid sms token assiged. I also testet the websms.de
syntax it via a simple GET request with curl directly and the sms
arrived on my mobile.

This URL works on the shell via
curl: https://api.websms.com/rest/smsmessaging/simple?access_token=1234567890&recipientAddressList=49160123467&messageContent=hello%20world!&test=false

Thanks for your help!

Wolfgang

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/10fb578e-9686-4ecc-8c84-fcbb3677f574%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)

Joost_Vaarhorst · October 20, 2015, 6:49am

I can succesfully authentice with the following policy:

“challenge_response”: “sms”
“otppin”: “tokenpin”

Now the pincode activates sending a sms and de pincode with the sms
response will succesfully authentice me.

ThanksOp maandag 19 oktober 2015 18:24:32 UTC+2 schreef Cornelinux K:

Hi,

you can also use privacyIDEA API to test this.

Call

https://yourserver/validate/check?user=youruser&pass=otppin

The you get “wrong otp pin”, you probably have entered the wrong otp
pin.

In the response of the API call you will see a detail->message, which
will tell you, if the SMS was send (in fact if the http-url could be
called).

The correct OTP PIN triggers the sending of the SMS. If - for what
reason ever - the otppin is wrong, the SMS will not be triggered.

I suspect it is a similar problem like with the email token.
The SMS token is always a challenge response token, but it is inherited
from the hotptoken, which can act as challenge response.

Please try creating a policy
scope:authentication
action:challenge_response=sms

Drop me a note, if this triggers the SMS.

THanks a lot and kind regards
Cornelius

Am Montag, den 19.10.2015, 06:55 -0700 schrieb shade@shade.sh:

Hey Guys,

me again… SMS Token configuration works now. But it seems that with
this config:

{ “URL” : “https://api.websms.com/rest/smsmessaging/simple”,
“PARAMETER” : {
“access_token”:“1234567890”,
“test”:“false”
},
“SMS_PHONENUMBER_KEY”:“recipientAddressList”,
“SMS_TEXT_KEY”:“messageContent”,
“HTTP_Method”:“GET”,
“PROXY”:“http://192.168.1.11:3128”,
“RETURN_SUCCESS”:“OK”
}

the proxy isn’t working at all. Because there is no connection made to
the proxy from our PrivacyIDEA host.
I test it with a radius client and i get “Reply-Message = “wrong otp
pin””, which is correct because i only sent the OTP Pin but no OTP
itself.
The user has a valid sms token assiged. I also testet the websms.de
syntax it via a simple GET request with curl directly and the sms
arrived on my mobile.

This URL works on the shell via
curl:
https://api.websms.com/rest/smsmessaging/simple?access_token=1234567890&recipientAddressList=49160123467&messageContent=hello%20world!&test=false

Thanks for your help!

Wolfgang

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit

https://groups.google.com/d/msgid/privacyidea/10fb578e-9686-4ecc-8c84-fcbb3677f574%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

–
Cornelius Kölbel
corneliu…@netknights.it <javascript:>
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

cornelinux · October 20, 2015, 9:29am

Thanks for the feedback.
I will create an issue - since the sms token should do chalresp without
this policy.

Kind regards
CorneliusAm Montag, den 19.10.2015, 23:49 -0700 schrieb Joost Vaarhorst:

I can succesfully authentice with the following policy:

“challenge_response”: “sms”
“otppin”: “tokenpin”

Now the pincode activates sending a sms and de pincode with the sms
response will succesfully authentice me.

Thanks

Op maandag 19 oktober 2015 18:24:32 UTC+2 schreef Cornelinux K:
Hi,

    you can also use privacyIDEA API to test this. 
    
    Call 
    
    https://yourserver/validate/check?user=youruser&pass=otppin 
    
    The you get "wrong otp pin", you probably have entered the
    wrong otp 
    pin. 
    
    In the response of the API call you will see a
    detail->message, which 
    will tell you, if the SMS was send (in fact if the http-url
    could be 
    called). 
    
    The correct OTP PIN triggers the sending of the SMS. If - for
    what 
    reason ever - the otppin is wrong, the SMS will not be
    triggered. 
    
    I suspect it is a similar problem like with the email token. 
    The SMS token is always a challenge response token, but it is
    inherited 
    from the hotptoken, which can act as challenge response. 
    
    Please try creating a policy 
     scope:authentication 
     action:challenge_response=sms 
    
    Drop me a note, if this triggers the SMS. 
    
    THanks a lot and kind regards 
    Cornelius 
    
    
    Am Montag, den 19.10.2015, 06:55 -0700 schrieb
    shade@shade.sh: 
    > Hey Guys, 
    > 
    > 
    > me again.. SMS Token configuration works now. But it seems
    that with 
    > this config: 
    > 
    > 
    > { "URL" :
    "https://api.websms.com/rest/smsmessaging/simple", 
    >   "PARAMETER" : { 
    >                   "access_token":"1234567890", 
    >                   "test":"false" 
    >                 }, 
    >   "SMS_PHONENUMBER_KEY":"recipientAddressList", 
    >   "SMS_TEXT_KEY":"messageContent", 
    >   "HTTP_Method":"GET", 
    >   "PROXY":"http://192.168.1.11:3128", 
    >  "RETURN_SUCCESS":"OK" 
    > } 
    > 
    > 
    > the proxy isn't working at all. Because there is no
    connection made to 
    > the proxy from our PrivacyIDEA host. 
    > I test it with a radius client and i get "Reply-Message =
    "wrong otp 
    > pin"", which is correct because i only sent the OTP Pin but
    no OTP 
    > itself. 
    > The user has a valid sms token assiged. I also testet the
    websms.de 
    > syntax it via a simple GET request with curl directly and
    the sms 
    > arrived on my mobile. 
    > 
    > 
    > This URL works on the shell via 
    > curl:
    https://api.websms.com/rest/smsmessaging/simple?access_token=1234567890&recipientAddressList=49160123467&messageContent=hello%20world!&test=false 
    > 
    > 
    > Thanks for your help! 
    > 
    > 
    > Wolfgang 
    > -- 
    > You received this message because you are subscribed to the
    Google 
    > Groups "privacyidea" group. 
    > To unsubscribe from this group and stop receiving emails
    from it, send 
    > an email to privacyidea...@googlegroups.com. 
    > To post to this group, send email to
    priva...@googlegroups.com. 
    > To view this discussion on the web visit 
    >
    https://groups.google.com/d/msgid/privacyidea/10fb578e-9686-4ecc-8c84-fcbb3677f574%40googlegroups.com. 
    > For more options, visit https://groups.google.com/d/optout. 
    
    -- 
    Cornelius Kölbel 
    corneliu...@netknights.it 
    +49 151 2960 1417 
    
    NetKnights GmbH 
    http://www.netknights.it 
    Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
    Tel: +49 561 3166797, Fax: +49 561 3166798 
    
    Amtsgericht Kassel, HRB 16405 
    Geschäftsführer: Cornelius Kölbel

–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/5d3c2c15-d09d-4a2b-90a5-86dbbe6f76a7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)