All,
When I attempt to use the privacyidea API /token/getserial/XXXXXX to check
an totp OTP key I never receive the serial number. I always receive None as
the serial.
Is there something I am missing here, should I be putting a different value
other than the 6 digit OTP key?
Thanks in advance!
Apologies for the confusion, The token in question is a 6 digit TOTP that
changes every 30 seconds. The query I am trying to run is that 6 digit code.
Say, for example, the OTP value I have showing in FreeOTP on my phone is
045432 (with approximately 25 seconds remaining until the next value is
generated). I put that value in the URL as follows:
https://2fa.example.tld/token/getserial/045432?type=totp&assigned=1
Is this correct or am I misinterpreting the purpose of /token/getserial ?On Tuesday, May 3, 2016 at 1:07:50 PM UTC-5, Cornelius Kölbel wrote:
There is no additional need.
I might not be that robust. E.g. if there is any token, that would fail
(due to error in decryption), the whole query will break.
Sometimes it is good to provide as many information as possible (token
type, assigned token or not!!, parts of the serial number)
This can be used to identify tokens that were found in the hall way and
where the administrator can not read the printed serial anymore.What is your use case?
Below you said:
Replacing XXX with a valid, working OTP key.
If you already USED this otp value (not key), it will not work anymore,
since the otp is used!Kind regards
CorneliusAm Dienstag, den 03.05.2016, 10:51 -0700 schrieb Josh Patten:
I’m now also noticing that this isn’t working from the web interface
either.On Tuesday, May 3, 2016 at 12:45:06 PM UTC-5, Josh Patten wrote:
Just updated to 2.11.2, still no serial number. Is there a
setting in PrivacyIDEA that I need to enable in order to
query?On Tuesday, May 3, 2016 at 12:33:11 PM UTC-5, Josh Patten wrote: Tried passing URLhttps://2fa.example.tld/token/getserial/XXXXXX?type=totp&assigned=1 (I
obviously obfuscated the hostname)Replacing XXXXXX with a valid, working OTP key Same result, no serial number returned. Were there any known issues with this function in 2.10.2? If so I can schedule an update to the latest version (I need to do that anyway...) On Tuesday, May 3, 2016 at 12:11:08 PM UTC-5, Cornelius Kölbel wrote: Please try to pass additional informationhttp://privacyidea.readthedocs.io/en/latest/modules/api/token.html#get--token-getserial-(otp)
assigned=1 or assigned=0 and type=totp Kind regards Cornelius Am Dienstag, den 03.05.2016, 08:03 -0700 schrieb Josh Patten: > Here's a snippet of the python script I was working on to test this: > > > import requests > import json > import sys > import base64 > from pprint import pprint > from requests.packages.urllib3.exceptions import > InsecureRequestWarning >requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
> > > payload2 = { > 'username' : 'admin', > 'password' : 'LALALALALALALA' > } > > > authurl = 'https://2fa.example.tld/auth' > tokenurl = 'https://2fa.example.tld/token/getserial' > headers = {'content-type' : 'application/json'} > > response = requests.post(authurl, verify=False, > data=json.dumps(payload2), headers=headers).json() > > if not response['result']['status']: > print "You're dumb, bad credentials..." > sys.exit(1) > token = response['result']['value']['token'] > authheader = {'Authorization' : token} > OTPKey = raw_input("Enter OTP value: ") > newURL = tokenurl + '/' + str(OTPKey) > response = requests.get(newURL, verify=False, > headers=authheader).json() > pprint(response) > > > > > > On Tuesday, May 3, 2016 at 9:10:25 AM UTC-5, Josh Patten wrote: > All, > > > When I attempt to use the privacyidea > API /token/getserial/XXXXXX to check an totp OTP key I never > receive the serial number. I always receive None as the > serial. > > > Is there something I am missing here, should I be putting a > different value other than the 6 digit OTP key? > > > Thanks in advance! > -- > Please read the blog post about getting help > https://www.privacyidea.org/getting-help/. > > For professional services and consultancy regarding two factor > authentication please visit >https://netknights.it/en/leistungen/one-time-services/
> > In an enterprise environment you should get a SERVICE LEVEL AGREEMENT > which suites your needs for SECURITY, AVAILABILITY and LIABILITY: >https://netknights.it/en/leistungen/service-level-agreements/
> --- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > Visit this group at https://groups.google.com/group/privacyidea. > To view this discussion on the web visit >> For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visitFor more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
corneliu...@netknights.it <javascript:>
+49 151 2960 1417NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
There is no additional need.
I might not be that robust. E.g. if there is any token, that would fail
(due to error in decryption), the whole query will break.
Sometimes it is good to provide as many information as possible (token
type, assigned token or not!!, parts of the serial number)
This can be used to identify tokens that were found in the hall way and
where the administrator can not read the printed serial anymore.
What is your use case?
Below you said:
Replacing XXX with a valid, working OTP key.
If you already USED this otp value (not key), it will not work anymore,
since the otp is used!
Kind regards
CorneliusAm Dienstag, den 03.05.2016, 10:51 -0700 schrieb Josh Patten:
I’m now also noticing that this isn’t working from the web interface
either.On Tuesday, May 3, 2016 at 12:45:06 PM UTC-5, Josh Patten wrote:
Just updated to 2.11.2, still no serial number. Is there a
setting in PrivacyIDEA that I need to enable in order to
query?On Tuesday, May 3, 2016 at 12:33:11 PM UTC-5, Josh Patten wrote: Tried passing URL https://2fa.example.tld/token/getserial/XXXXXX?type=totp&assigned=1 (I obviously obfuscated the hostname) Replacing XXXXXX with a valid, working OTP key Same result, no serial number returned. Were there any known issues with this function in 2.10.2? If so I can schedule an update to the latest version (I need to do that anyway...) On Tuesday, May 3, 2016 at 12:11:08 PM UTC-5, Cornelius Kölbel wrote: Please try to pass additional information http://privacyidea.readthedocs.io/en/latest/modules/api/token.html#get--token-getserial-(otp) assigned=1 or assigned=0 and type=totp Kind regards Cornelius Am Dienstag, den 03.05.2016, 08:03 -0700 schrieb Josh Patten: > Here's a snippet of the python script I was working on to test this: > > > import requests > import json > import sys > import base64 > from pprint import pprint > from requests.packages.urllib3.exceptions import > InsecureRequestWarning > requests.packages.urllib3.disable_warnings(InsecureRequestWarning) > > > payload2 = { > 'username' : 'admin', > 'password' : 'LALALALALALALA' > } > > > authurl = 'https://2fa.example.tld/auth' > tokenurl = 'https://2fa.example.tld/token/getserial' > headers = {'content-type' : 'application/json'} > > response = requests.post(authurl, verify=False, > data=json.dumps(payload2), headers=headers).json() > > if not response['result']['status']: > print "You're dumb, bad credentials..." > sys.exit(1) > token = response['result']['value']['token'] > authheader = {'Authorization' : token} > OTPKey = raw_input("Enter OTP value: ") > newURL = tokenurl + '/' + str(OTPKey) > response = requests.get(newURL, verify=False, > headers=authheader).json() > pprint(response) > > > > > > On Tuesday, May 3, 2016 at 9:10:25 AM UTC-5, Josh Patten wrote: > All, > > > When I attempt to use the privacyidea > API /token/getserial/XXXXXX to check an totp OTP key I never > receive the serial number. I always receive None as the > serial. > > > Is there something I am missing here, should I be putting a > different value other than the 6 digit OTP key? > > > Thanks in advance! > -- > Please read the blog post about getting help > https://www.privacyidea.org/getting-help/. > > For professional services and consultancy regarding two factor > authentication please visit > https://netknights.it/en/leistungen/one-time-services/ > > In an enterprise environment you should get a SERVICE LEVEL AGREEMENT > which suites your needs for SECURITY, AVAILABILITY and LIABILITY: > https://netknights.it/en/leistungen/service-level-agreements/ > --- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > Visit this group at https://groups.google.com/group/privacyidea. > To view this discussion on the web visit > https://groups.google.com/d/msgid/privacyidea/6ff99093-68f5-4a45-a8f8-149a7136079b%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/6e01841c-e9f7-44b4-afc0-9a33456ef719%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (836 Bytes)
Tried passing URL
https://2fa.example.tld/token/getserial/XXXXXX?type=totp&assigned=1 (I
obviously obfuscated the hostname)
Replacing XXXXXX with a valid, working OTP key
Same result, no serial number returned.
Were there any known issues with this function in 2.10.2? If so I can
schedule an update to the latest version (I need to do that anyway…)On Tuesday, May 3, 2016 at 12:11:08 PM UTC-5, Cornelius Kölbel wrote:
Please try to pass additional information
http://privacyidea.readthedocs.io/en/latest/modules/api/token.html#get--token-getserial-(otp)
assigned=1 or
assigned=0and type=totp
Kind regards
CorneliusAm Dienstag, den 03.05.2016, 08:03 -0700 schrieb Josh Patten:
Here’s a snippet of the python script I was working on to test this:
import requests
import json
import sys
import base64
from pprint import pprint
from requests.packages.urllib3.exceptions import
InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)payload2 = {
‘username’ : ‘admin’,
‘password’ : ‘LALALALALALALA’
}authurl = 'https://2fa.example.tld/auth’
tokenurl = 'https://2fa.example.tld/token/getserial’
headers = {‘content-type’ : ‘application/json’}response = requests.post(authurl, verify=False,
data=json.dumps(payload2), headers=headers).json()if not response[‘result’][‘status’]:
print "You’re dumb, bad credentials…"
sys.exit(1)
token = response[‘result’][‘value’][‘token’]
authheader = {‘Authorization’ : token}
OTPKey = raw_input("Enter OTP value: ")
newURL = tokenurl + ‘/’ + str(OTPKey)
response = requests.get(newURL, verify=False,
headers=authheader).json()
pprint(response)On Tuesday, May 3, 2016 at 9:10:25 AM UTC-5, Josh Patten wrote:
All,When I attempt to use the privacyidea API /token/getserial/XXXXXX to check an totp OTP key I never receive the serial number. I always receive None as the serial. Is there something I am missing here, should I be putting a different value other than the 6 digit OTP key? Thanks in advance!–
Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visitFor more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
corneliu...@netknights.it <javascript:>
+49 151 2960 1417NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
OK, here’s a query I did, narrowing it to a single token:
https://2fa.example.tld/token/getserial/412308?type=totp&assigned=1&serial=TOTP003364F42
I’ve obfuscated the values, but I forced it to narrow to a single serial
(the serial for which I’m testing) and I still get a None returned for
serial.On Tuesday, May 3, 2016 at 2:22:26 PM UTC-5, Cornelius Kölbel wrote:
Hi Josh,
this is the intended purpose.
assigned=1 means you are only searching within TOTP tokens, that are
assigned to users. Is your token assigned to a user?Searching tokens takes looooots of time. Since privacyIDEA needs to
calculate all OTP values (I think the default is 10) per token.This is why you can reduce the group of searched tokens like
assined tokens (assigned=1) or unassigned tokens (assigned=0) …Try adding some portion of your serial number, just to assure that in
basically works.Kind regards
CorneliusAm Dienstag, den 03.05.2016, 11:21 -0700 schrieb Josh Patten:
Apologies for the confusion, The token in question is a 6 digit TOTP
that changes every 30 seconds. The query I am trying to run is that 6
digit code.Say, for example, the OTP value I have showing in FreeOTP on my phone
is 045432 (with approximately 25 seconds remaining until the next
value is generated). I put that value in the URL as follows:https://2fa.example.tld/token/getserial/045432?type=totp&assigned=1
Is this correct or am I misinterpreting the purpose
of /token/getserial ?On Tuesday, May 3, 2016 at 1:07:50 PM UTC-5, Cornelius Kölbel wrote:
There is no additional need.
I might not be that robust. E.g. if there is any token, that
would fail
(due to error in decryption), the whole query will break.
Sometimes it is good to provide as many information as
possible (token
type, assigned token or not!!, parts of the serial number)
This can be used to identify tokens that were found in the
hall way and
where the administrator can not read the printed serial
anymore.What is your use case? Below you said: Replacing XXX with a valid, working OTP key. If you already USED this otp value (not key), it will not work anymore, since the otp is used! Kind regards Cornelius Am Dienstag, den 03.05.2016, 10:51 -0700 schrieb Josh Patten: > I'm now also noticing that this isn't working from the web interface > either. > > On Tuesday, May 3, 2016 at 12:45:06 PM UTC-5, Josh Patten wrote: > Just updated to 2.11.2, still no serial number. Is there a > setting in PrivacyIDEA that I need to enable in order to > query? > > On Tuesday, May 3, 2016 at 12:33:11 PM UTC-5, Josh Patten wrote: > Tried passing URL >https://2fa.example.tld/token/getserial/XXXXXX?type=totp&assigned=1 (I
obviously obfuscated the hostname)> > > Replacing XXXXXX with a valid, working OTP key > > > Same result, no serial number returned. > > > Were there any known issues with this function in > 2.10.2? If so I can schedule an update to the latest > version (I need to do that anyway...) > > On Tuesday, May 3, 2016 at 12:11:08 PM UTC-5, Cornelius Kölbel wrote: > Please try to pass additional information >http://privacyidea.readthedocs.io/en/latest/modules/api/token.html#get--token-getserial-(otp)
> > assigned=1 or > assigned=0 > > and type=totp > > Kind regards > Cornelius > > Am Dienstag, den 03.05.2016, 08:03 -0700 > schrieb Josh Patten: > > Here's a snippet of the python script I was > working on to test this: > > > > > > import requests > > import json > > import sys > > import base64 > > from pprint import pprint > > from requests.packages.urllib3.exceptions > import > > InsecureRequestWarning > > >requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
> > > > > > payload2 = { > > 'username' : 'admin', > > 'password' : 'LALALALALALALA' > > } > > > > > > authurl = 'https://2fa.example.tld/auth' > > tokenurl = > 'https://2fa.example.tld/token/getserial' > > headers = {'content-type' : > 'application/json'} > > > > response = requests.post(authurl, > verify=False, > > data=json.dumps(payload2), > headers=headers).json() > > > > if not response['result']['status']: > > print "You're dumb, bad > credentials..." > > sys.exit(1) > > token = > response['result']['value']['token'] > > authheader = {'Authorization' : token} > > OTPKey = raw_input("Enter OTP value: ") > > newURL = tokenurl + '/' + str(OTPKey) > > response = requests.get(newURL, > verify=False, > > headers=authheader).json() > > pprint(response) > > > > > > > > > > > > On Tuesday, May 3, 2016 at 9:10:25 AM UTC-5, Josh Patten wrote: > > All, > > > > > > When I attempt to use the > privacyidea > > API /token/getserial/XXXXXX to check > an totp OTP key I never > > receive the serial number. I always > receive None as the > > serial. > > > > > > Is there something I am missing > here, should I be putting a > > different value other than the 6 > digit OTP key? > > > > > > Thanks in advance! > > -- > > Please read the blog post about getting > help > > https://www.privacyidea.org/getting-help/. > > > > For professional services and consultancy > regarding two factor > > authentication please visit > > > https://netknights.it/en/leistungen/one-time-services/ > > > > In an enterprise environment you should get > a SERVICE LEVEL AGREEMENT > > which suites your needs for SECURITY, > AVAILABILITY and LIABILITY: > > > https://netknights.it/en/leistungen/service-level-agreements/ > > --- > > You received this message because you are > subscribed to the Google > > Groups "privacyidea" group. > > To unsubscribe from this group and stop > receiving emails from it, send > > an email to > privacyidea...@googlegroups.com. > > To post to this group, send email to > priva...@googlegroups.com. > > Visit this group at > https://groups.google.com/group/privacyidea. > > To view this discussion on the web visit > > >> > For more options, visit > https://groups.google.com/d/optout. > > -- > Cornelius Kölbel > corneliu...@netknights.it > +49 151 2960 1417 > > NetKnights GmbH > http://www.netknights.it > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > Tel: +49 561 3166797, Fax: +49 561 3166798 > > Amtsgericht Kassel, HRB 16405 > Geschäftsführer: Cornelius Kölbel > > > -- > Please read the blog post about getting help > https://www.privacyidea.org/getting-help/. > > For professional services and consultancy regarding two factor > authentication please visit > https://netknights.it/en/leistungen/one-time-services/ > > In an enterprise environment you should get a SERVICE LEVEL AGREEMENT > which suites your needs for SECURITY, AVAILABILITY and LIABILITY: > https://netknights.it/en/leistungen/service-level-agreements/ > --- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > Visit this group at https://groups.google.com/group/privacyidea. > To view this discussion on the web visit >> For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visitFor more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
corneliu...@netknights.it <javascript:>
+49 151 2960 1417NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
I’m now also noticing that this isn’t working from the web interface either.On Tuesday, May 3, 2016 at 12:45:06 PM UTC-5, Josh Patten wrote:
Just updated to 2.11.2, still no serial number. Is there a setting in
PrivacyIDEA that I need to enable in order to query?On Tuesday, May 3, 2016 at 12:33:11 PM UTC-5, Josh Patten wrote:
Tried passing URL
https://2fa.example.tld/token/getserial/XXXXXX?type=totp&assigned=1 (I
obviously obfuscated the hostname)Replacing XXXXXX with a valid, working OTP key
Same result, no serial number returned.
Were there any known issues with this function in 2.10.2? If so I can
schedule an update to the latest version (I need to do that anyway…)On Tuesday, May 3, 2016 at 12:11:08 PM UTC-5, Cornelius Kölbel wrote:
Please try to pass additional information
http://privacyidea.readthedocs.io/en/latest/modules/api/token.html#get--token-getserial-(otp)
assigned=1 or
assigned=0and type=totp
Kind regards
CorneliusAm Dienstag, den 03.05.2016, 08:03 -0700 schrieb Josh Patten:
Here’s a snippet of the python script I was working on to test this:
import requests
import json
import sys
import base64
from pprint import pprint
from requests.packages.urllib3.exceptions import
InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)payload2 = {
‘username’ : ‘admin’,
‘password’ : ‘LALALALALALALA’
}authurl = 'https://2fa.example.tld/auth’
tokenurl = 'https://2fa.example.tld/token/getserial’
headers = {‘content-type’ : ‘application/json’}response = requests.post(authurl, verify=False,
data=json.dumps(payload2), headers=headers).json()if not response[‘result’][‘status’]:
print "You’re dumb, bad credentials…"
sys.exit(1)
token = response[‘result’][‘value’][‘token’]
authheader = {‘Authorization’ : token}
OTPKey = raw_input("Enter OTP value: ")
newURL = tokenurl + ‘/’ + str(OTPKey)
response = requests.get(newURL, verify=False,
headers=authheader).json()
pprint(response)On Tuesday, May 3, 2016 at 9:10:25 AM UTC-5, Josh Patten wrote:
All,When I attempt to use the privacyidea API /token/getserial/XXXXXX to check an totp OTP key I never receive the serial number. I always receive None as the serial. Is there something I am missing here, should I be putting a different value other than the 6 digit OTP key? Thanks in advance!–
Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visitFor more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
That was it! Setting window=300 found the OTP serial.
Thanks!On Tuesday, May 3, 2016 at 3:15:21 PM UTC-5, Cornelius Kölbel wrote:
Hi Josh,
I can confirm this is a kind of bug.
The TOTPTokenCLass.check_otp_exist takes the window value and uses it as
seconds. I think it should use it as the multiplier for the timestep in
case of TOTP.Anyways. If you choose the “window” to be lets say 180 or 300 it will
work out for TOTP.Kind regards
CorneliusAm Dienstag, den 03.05.2016, 12:50 -0700 schrieb Josh Patten:
OK, here’s a query I did, narrowing it to a single token:
https://2fa.example.tld/token/getserial/412308?type=totp&assigned=1&serial=TOTP003364F42
I’ve obfuscated the values, but I forced it to narrow to a single
serial (the serial for which I’m testing) and I still get a None
returned for serial.On Tuesday, May 3, 2016 at 2:22:26 PM UTC-5, Cornelius Kölbel wrote:
Hi Josh,this is the intended purpose. assigned=1 means you are only searching within TOTP tokens, that are assigned to users. Is your token assigned to a user? Searching tokens takes looooots of time. Since privacyIDEA needs to calculate _all_ OTP values (I think the default is 10) per token. This is why you can reduce the group of searched tokens like assined tokens (assigned=1) or unassigned tokens (assigned=0) ... Try adding some portion of your serial number, just to assure that in basically works. Kind regards Cornelius Am Dienstag, den 03.05.2016, 11:21 -0700 schrieb Josh Patten: > Apologies for the confusion, The token in question is a 6 digit TOTP > that changes every 30 seconds. The query I am trying to run is that 6 > digit code. > > > Say, for example, the OTP value I have showing in FreeOTP on my phone > is 045432 (with approximately 25 seconds remaining until the next > value is generated). I put that value in the URL as follows: > > >https://2fa.example.tld/token/getserial/045432?type=totp&assigned=1
> > > Is this correct or am I misinterpreting the purpose > of /token/getserial ? > > On Tuesday, May 3, 2016 at 1:07:50 PM UTC-5, Cornelius Kölbel wrote: > There is no additional need. > I might not be that robust. E.g. if there is any token, that > would fail > (due to error in decryption), the whole query will break. > Sometimes it is good to provide as many information as > possible (token > type, assigned token or not!!, parts of the serial number) > This can be used to identify tokens that were found in the > hall way and > where the administrator can not read the printed serial > anymore. > > What is your use case? > > Below you said: > > Replacing XXX with a valid, working OTP key. > If you already USED this otp value (not key), it will not work > anymore, > since the otp is used! > > Kind regards > Cornelius > > Am Dienstag, den 03.05.2016, 10:51 -0700 schrieb Josh Patten: > > I'm now also noticing that this isn't working from the web > interface > > either. > > > > On Tuesday, May 3, 2016 at 12:45:06 PM UTC-5, Josh Patten wrote: > > Just updated to 2.11.2, still no serial number. Is > there a > > setting in PrivacyIDEA that I need to enable in > order to > > query? > > > > On Tuesday, May 3, 2016 at 12:33:11 PM UTC-5, Josh Patten wrote: > > Tried passing URL > > >https://2fa.example.tld/token/getserial/XXXXXX?type=totp&assigned=1 (I
obviously obfuscated the hostname)> > > > > > Replacing XXXXXX with a valid, working OTP > key > > > > > > Same result, no serial number returned. > > > > > > Were there any known issues with this > function in > > 2.10.2? If so I can schedule an update to > the latest > > version (I need to do that anyway...) > > > > On Tuesday, May 3, 2016 at 12:11:08 PM UTC-5, Cornelius Kölbel wrote: > > Please try to pass additional > information > > >http://privacyidea.readthedocs.io/en/latest/modules/api/token.html#get--token-getserial-(otp)
> > > > assigned=1 or > > assigned=0 > > > > and type=totp > > > > Kind regards > > Cornelius > > > > Am Dienstag, den 03.05.2016, 08:03 > -0700 > > schrieb Josh Patten: > > > Here's a snippet of the python > script I was > > working on to test this: > > > > > > > > > import requests > > > import json > > > import sys > > > import base64 > > > from pprint import pprint > > > from > requests.packages.urllib3.exceptions > > import > > > InsecureRequestWarning > > > > > >requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
> > > > > > > > > payload2 = { > > > 'username' : 'admin', > > > 'password' : > 'LALALALALALALA' > > > } > > > > > > > > > authurl = > 'https://2fa.example.tld/auth' > > > tokenurl = > > > 'https://2fa.example.tld/token/getserial' > > > headers = {'content-type' : > > 'application/json'} > > > > > > response = requests.post(authurl, > > verify=False, > > > data=json.dumps(payload2), > > headers=headers).json() > > > > > > if not > response['result']['status']: > > > print "You're dumb, bad > > credentials..." > > > sys.exit(1) > > > token = > > > response['result']['value']['token'] > > > authheader = {'Authorization' : > token} > > > OTPKey = raw_input("Enter OTP > value: ") > > > newURL = tokenurl + '/' + > str(OTPKey) > > > response = requests.get(newURL, > > verify=False, > > > headers=authheader).json() > > > pprint(response) > > > > > > > > > > > > > > > > > > On Tuesday, May 3, 2016 at 9:10:25 AM UTC-5, Josh Patten wrote: > > > All, > > > > > > > > > When I attempt to use the > > privacyidea > > > > API /token/getserial/XXXXXX to check > > an totp OTP key I never > > > receive the serial number. > I always > > receive None as the > > > serial. > > > > > > > > > Is there something I am > missing > > here, should I be putting a > > > different value other than > the 6 > > digit OTP key? > > > > > > > > > Thanks in advance! > > > -- > > > Please read the blog post about > getting > > help > > > > https://www.privacyidea.org/getting-help/. > > > > > > For professional services and > consultancy > > regarding two factor > > > authentication please visit > > > > > > https://netknights.it/en/leistungen/one-time-services/ > > > > > > In an enterprise environment you > should get > > a SERVICE LEVEL AGREEMENT > > > which suites your needs for > SECURITY, > > AVAILABILITY and LIABILITY: > > > > > > https://netknights.it/en/leistungen/service-level-agreements/ > > > --- > > > You received this message because > you are > > subscribed to the Google > > > Groups "privacyidea" group. > > > To unsubscribe from this group and > stop > > receiving emails from it, send > > > an email to > > privacyidea...@googlegroups.com. > > > To post to this group, send email > to > > priva...@googlegroups.com. > > > Visit this group at > > > https://groups.google.com/group/privacyidea. > > > To view this discussion on the web > visit > > > > > >> > > For more options, visit > > https://groups.google.com/d/optout. > > > > -- > > Cornelius Kölbel > > corneliu...@netknights.it > > +49 151 2960 1417 > > > > NetKnights GmbH > > http://www.netknights.it > > Landgraf-Karl-Str. 19, 34131 Kassel, > Germany > > Tel: +49 561 3166797, Fax: +49 561 > 3166798 > > > > Amtsgericht Kassel, HRB 16405 > > Geschäftsführer: Cornelius Kölbel > > > > > > -- > > Please read the blog post about getting help > > https://www.privacyidea.org/getting-help/. > > > > For professional services and consultancy regarding two > factor > > authentication please visit > > https://netknights.it/en/leistungen/one-time-services/ > > > > In an enterprise environment you should get a SERVICE LEVEL > AGREEMENT > > which suites your needs for SECURITY, AVAILABILITY and > LIABILITY: > > > https://netknights.it/en/leistungen/service-level-agreements/ > > --- > > You received this message because you are subscribed to the > Google > > Groups "privacyidea" group. > > To unsubscribe from this group and stop receiving emails > from it, send > > an email to privacyidea...@googlegroups.com. > > To post to this group, send email to > priva...@googlegroups.com. > > Visit this group at > https://groups.google.com/group/privacyidea. > > To view this discussion on the web visit > > >> > For more options, visit https://groups.google.com/d/optout. > > -- > Cornelius Kölbel > corneliu...@netknights.it > +49 151 2960 1417 > > NetKnights GmbH > http://www.netknights.it > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > Tel: +49 561 3166797, Fax: +49 561 3166798 > > Amtsgericht Kassel, HRB 16405 > Geschäftsführer: Cornelius Kölbel > > > -- > Please read the blog post about getting help > https://www.privacyidea.org/getting-help/. > > For professional services and consultancy regarding two factor > authentication please visit > https://netknights.it/en/leistungen/one-time-services/ > > In an enterprise environment you should get a SERVICE LEVEL AGREEMENT > which suites your needs for SECURITY, AVAILABILITY and LIABILITY: > https://netknights.it/en/leistungen/service-level-agreements/ > --- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > Visit this group at https://groups.google.com/group/privacyidea. > To view this discussion on the web visit >> For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visitFor more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
corneliu...@netknights.it <javascript:>
+49 151 2960 1417NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
Hi Josh,
this is the intended purpose.
assigned=1 means you are only searching within TOTP tokens, that are
assigned to users. Is your token assigned to a user?
Searching tokens takes looooots of time. Since privacyIDEA needs to
calculate all OTP values (I think the default is 10) per token.
This is why you can reduce the group of searched tokens like
assined tokens (assigned=1) or unassigned tokens (assigned=0) …
Try adding some portion of your serial number, just to assure that in
basically works.
Kind regards
CorneliusAm Dienstag, den 03.05.2016, 11:21 -0700 schrieb Josh Patten:
Apologies for the confusion, The token in question is a 6 digit TOTP
that changes every 30 seconds. The query I am trying to run is that 6
digit code.Say, for example, the OTP value I have showing in FreeOTP on my phone
is 045432 (with approximately 25 seconds remaining until the next
value is generated). I put that value in the URL as follows:https://2fa.example.tld/token/getserial/045432?type=totp&assigned=1
Is this correct or am I misinterpreting the purpose
of /token/getserial ?On Tuesday, May 3, 2016 at 1:07:50 PM UTC-5, Cornelius Kölbel wrote:
There is no additional need.
I might not be that robust. E.g. if there is any token, that
would fail
(due to error in decryption), the whole query will break.
Sometimes it is good to provide as many information as
possible (token
type, assigned token or not!!, parts of the serial number)
This can be used to identify tokens that were found in the
hall way and
where the administrator can not read the printed serial
anymore.What is your use case? Below you said: Replacing XXX with a valid, working OTP key. If you already USED this otp value (not key), it will not work anymore, since the otp is used! Kind regards Cornelius Am Dienstag, den 03.05.2016, 10:51 -0700 schrieb Josh Patten: > I'm now also noticing that this isn't working from the web interface > either. > > On Tuesday, May 3, 2016 at 12:45:06 PM UTC-5, Josh Patten wrote: > Just updated to 2.11.2, still no serial number. Is there a > setting in PrivacyIDEA that I need to enable in order to > query? > > On Tuesday, May 3, 2016 at 12:33:11 PM UTC-5, Josh Patten wrote: > Tried passing URL > https://2fa.example.tld/token/getserial/XXXXXX?type=totp&assigned=1 (I obviously obfuscated the hostname) > > > Replacing XXXXXX with a valid, working OTP key > > > Same result, no serial number returned. > > > Were there any known issues with this function in > 2.10.2? If so I can schedule an update to the latest > version (I need to do that anyway...) > > On Tuesday, May 3, 2016 at 12:11:08 PM UTC-5, Cornelius Kölbel wrote: > Please try to pass additional information > http://privacyidea.readthedocs.io/en/latest/modules/api/token.html#get--token-getserial-(otp) > > assigned=1 or > assigned=0 > > and type=totp > > Kind regards > Cornelius > > Am Dienstag, den 03.05.2016, 08:03 -0700 > schrieb Josh Patten: > > Here's a snippet of the python script I was > working on to test this: > > > > > > import requests > > import json > > import sys > > import base64 > > from pprint import pprint > > from requests.packages.urllib3.exceptions > import > > InsecureRequestWarning > > > requests.packages.urllib3.disable_warnings(InsecureRequestWarning) > > > > > > payload2 = { > > 'username' : 'admin', > > 'password' : 'LALALALALALALA' > > } > > > > > > authurl = 'https://2fa.example.tld/auth' > > tokenurl = > 'https://2fa.example.tld/token/getserial' > > headers = {'content-type' : > 'application/json'} > > > > response = requests.post(authurl, > verify=False, > > data=json.dumps(payload2), > headers=headers).json() > > > > if not response['result']['status']: > > print "You're dumb, bad > credentials..." > > sys.exit(1) > > token = > response['result']['value']['token'] > > authheader = {'Authorization' : token} > > OTPKey = raw_input("Enter OTP value: ") > > newURL = tokenurl + '/' + str(OTPKey) > > response = requests.get(newURL, > verify=False, > > headers=authheader).json() > > pprint(response) > > > > > > > > > > > > On Tuesday, May 3, 2016 at 9:10:25 AM UTC-5, Josh Patten wrote: > > All, > > > > > > When I attempt to use the > privacyidea > > API /token/getserial/XXXXXX to check > an totp OTP key I never > > receive the serial number. I always > receive None as the > > serial. > > > > > > Is there something I am missing > here, should I be putting a > > different value other than the 6 > digit OTP key? > > > > > > Thanks in advance! > > -- > > Please read the blog post about getting > help > > https://www.privacyidea.org/getting-help/. > > > > For professional services and consultancy > regarding two factor > > authentication please visit > > > https://netknights.it/en/leistungen/one-time-services/ > > > > In an enterprise environment you should get > a SERVICE LEVEL AGREEMENT > > which suites your needs for SECURITY, > AVAILABILITY and LIABILITY: > > > https://netknights.it/en/leistungen/service-level-agreements/ > > --- > > You received this message because you are > subscribed to the Google > > Groups "privacyidea" group. > > To unsubscribe from this group and stop > receiving emails from it, send > > an email to > privacyidea...@googlegroups.com. > > To post to this group, send email to > priva...@googlegroups.com. > > Visit this group at > https://groups.google.com/group/privacyidea. > > To view this discussion on the web visit > > > https://groups.google.com/d/msgid/privacyidea/6ff99093-68f5-4a45-a8f8-149a7136079b%40googlegroups.com. > > For more options, visit > https://groups.google.com/d/optout. > > -- > Cornelius Kölbel > corneliu...@netknights.it > +49 151 2960 1417 > > NetKnights GmbH > http://www.netknights.it > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > Tel: +49 561 3166797, Fax: +49 561 3166798 > > Amtsgericht Kassel, HRB 16405 > Geschäftsführer: Cornelius Kölbel > > > -- > Please read the blog post about getting help > https://www.privacyidea.org/getting-help/. > > For professional services and consultancy regarding two factor > authentication please visit > https://netknights.it/en/leistungen/one-time-services/ > > In an enterprise environment you should get a SERVICE LEVEL AGREEMENT > which suites your needs for SECURITY, AVAILABILITY and LIABILITY: > https://netknights.it/en/leistungen/service-level-agreements/ > --- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > Visit this group at https://groups.google.com/group/privacyidea. > To view this discussion on the web visit > https://groups.google.com/d/msgid/privacyidea/6e01841c-e9f7-44b4-afc0-9a33456ef719%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/ed1d3236-1553-4975-89af-f4a05b0df296%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (836 Bytes)
Hi Josh,
I can confirm this is a kind of bug.
The TOTPTokenCLass.check_otp_exist takes the window value and uses it as
seconds. I think it should use it as the multiplier for the timestep in
case of TOTP.
Anyways. If you choose the “window” to be lets say 180 or 300 it will
work out for TOTP.
Kind regards
CorneliusAm Dienstag, den 03.05.2016, 12:50 -0700 schrieb Josh Patten:
OK, here’s a query I did, narrowing it to a single token:
https://2fa.example.tld/token/getserial/412308?type=totp&assigned=1&serial=TOTP003364F42
I’ve obfuscated the values, but I forced it to narrow to a single
serial (the serial for which I’m testing) and I still get a None
returned for serial.On Tuesday, May 3, 2016 at 2:22:26 PM UTC-5, Cornelius Kölbel wrote:
Hi Josh,this is the intended purpose. assigned=1 means you are only searching within TOTP tokens, that are assigned to users. Is your token assigned to a user? Searching tokens takes looooots of time. Since privacyIDEA needs to calculate _all_ OTP values (I think the default is 10) per token. This is why you can reduce the group of searched tokens like assined tokens (assigned=1) or unassigned tokens (assigned=0) ... Try adding some portion of your serial number, just to assure that in basically works. Kind regards Cornelius Am Dienstag, den 03.05.2016, 11:21 -0700 schrieb Josh Patten: > Apologies for the confusion, The token in question is a 6 digit TOTP > that changes every 30 seconds. The query I am trying to run is that 6 > digit code. > > > Say, for example, the OTP value I have showing in FreeOTP on my phone > is 045432 (with approximately 25 seconds remaining until the next > value is generated). I put that value in the URL as follows: > > > https://2fa.example.tld/token/getserial/045432?type=totp&assigned=1 > > > Is this correct or am I misinterpreting the purpose > of /token/getserial ? > > On Tuesday, May 3, 2016 at 1:07:50 PM UTC-5, Cornelius Kölbel wrote: > There is no additional need. > I might not be that robust. E.g. if there is any token, that > would fail > (due to error in decryption), the whole query will break. > Sometimes it is good to provide as many information as > possible (token > type, assigned token or not!!, parts of the serial number) > This can be used to identify tokens that were found in the > hall way and > where the administrator can not read the printed serial > anymore. > > What is your use case? > > Below you said: > > Replacing XXX with a valid, working OTP key. > If you already USED this otp value (not key), it will not work > anymore, > since the otp is used! > > Kind regards > Cornelius > > Am Dienstag, den 03.05.2016, 10:51 -0700 schrieb Josh Patten: > > I'm now also noticing that this isn't working from the web > interface > > either. > > > > On Tuesday, May 3, 2016 at 12:45:06 PM UTC-5, Josh Patten wrote: > > Just updated to 2.11.2, still no serial number. Is > there a > > setting in PrivacyIDEA that I need to enable in > order to > > query? > > > > On Tuesday, May 3, 2016 at 12:33:11 PM UTC-5, Josh Patten wrote: > > Tried passing URL > > > https://2fa.example.tld/token/getserial/XXXXXX?type=totp&assigned=1 (I obviously obfuscated the hostname) > > > > > > Replacing XXXXXX with a valid, working OTP > key > > > > > > Same result, no serial number returned. > > > > > > Were there any known issues with this > function in > > 2.10.2? If so I can schedule an update to > the latest > > version (I need to do that anyway...) > > > > On Tuesday, May 3, 2016 at 12:11:08 PM UTC-5, Cornelius Kölbel wrote: > > Please try to pass additional > information > > > http://privacyidea.readthedocs.io/en/latest/modules/api/token.html#get--token-getserial-(otp) > > > > assigned=1 or > > assigned=0 > > > > and type=totp > > > > Kind regards > > Cornelius > > > > Am Dienstag, den 03.05.2016, 08:03 > -0700 > > schrieb Josh Patten: > > > Here's a snippet of the python > script I was > > working on to test this: > > > > > > > > > import requests > > > import json > > > import sys > > > import base64 > > > from pprint import pprint > > > from > requests.packages.urllib3.exceptions > > import > > > InsecureRequestWarning > > > > > > requests.packages.urllib3.disable_warnings(InsecureRequestWarning) > > > > > > > > > payload2 = { > > > 'username' : 'admin', > > > 'password' : > 'LALALALALALALA' > > > } > > > > > > > > > authurl = > 'https://2fa.example.tld/auth' > > > tokenurl = > > > 'https://2fa.example.tld/token/getserial' > > > headers = {'content-type' : > > 'application/json'} > > > > > > response = requests.post(authurl, > > verify=False, > > > data=json.dumps(payload2), > > headers=headers).json() > > > > > > if not > response['result']['status']: > > > print "You're dumb, bad > > credentials..." > > > sys.exit(1) > > > token = > > > response['result']['value']['token'] > > > authheader = {'Authorization' : > token} > > > OTPKey = raw_input("Enter OTP > value: ") > > > newURL = tokenurl + '/' + > str(OTPKey) > > > response = requests.get(newURL, > > verify=False, > > > headers=authheader).json() > > > pprint(response) > > > > > > > > > > > > > > > > > > On Tuesday, May 3, 2016 at 9:10:25 AM UTC-5, Josh Patten wrote: > > > All, > > > > > > > > > When I attempt to use the > > privacyidea > > > > API /token/getserial/XXXXXX to check > > an totp OTP key I never > > > receive the serial number. > I always > > receive None as the > > > serial. > > > > > > > > > Is there something I am > missing > > here, should I be putting a > > > different value other than > the 6 > > digit OTP key? > > > > > > > > > Thanks in advance! > > > -- > > > Please read the blog post about > getting > > help > > > > https://www.privacyidea.org/getting-help/. > > > > > > For professional services and > consultancy > > regarding two factor > > > authentication please visit > > > > > > https://netknights.it/en/leistungen/one-time-services/ > > > > > > In an enterprise environment you > should get > > a SERVICE LEVEL AGREEMENT > > > which suites your needs for > SECURITY, > > AVAILABILITY and LIABILITY: > > > > > > https://netknights.it/en/leistungen/service-level-agreements/ > > > --- > > > You received this message because > you are > > subscribed to the Google > > > Groups "privacyidea" group. > > > To unsubscribe from this group and > stop > > receiving emails from it, send > > > an email to > > privacyidea...@googlegroups.com. > > > To post to this group, send email > to > > priva...@googlegroups.com. > > > Visit this group at > > > https://groups.google.com/group/privacyidea. > > > To view this discussion on the web > visit > > > > > > https://groups.google.com/d/msgid/privacyidea/6ff99093-68f5-4a45-a8f8-149a7136079b%40googlegroups.com. > > > For more options, visit > > https://groups.google.com/d/optout. > > > > -- > > Cornelius Kölbel > > corneliu...@netknights.it > > +49 151 2960 1417 > > > > NetKnights GmbH > > http://www.netknights.it > > Landgraf-Karl-Str. 19, 34131 Kassel, > Germany > > Tel: +49 561 3166797, Fax: +49 561 > 3166798 > > > > Amtsgericht Kassel, HRB 16405 > > Geschäftsführer: Cornelius Kölbel > > > > > > -- > > Please read the blog post about getting help > > https://www.privacyidea.org/getting-help/. > > > > For professional services and consultancy regarding two > factor > > authentication please visit > > https://netknights.it/en/leistungen/one-time-services/ > > > > In an enterprise environment you should get a SERVICE LEVEL > AGREEMENT > > which suites your needs for SECURITY, AVAILABILITY and > LIABILITY: > > > https://netknights.it/en/leistungen/service-level-agreements/ > > --- > > You received this message because you are subscribed to the > Google > > Groups "privacyidea" group. > > To unsubscribe from this group and stop receiving emails > from it, send > > an email to privacyidea...@googlegroups.com. > > To post to this group, send email to > priva...@googlegroups.com. > > Visit this group at > https://groups.google.com/group/privacyidea. > > To view this discussion on the web visit > > > https://groups.google.com/d/msgid/privacyidea/6e01841c-e9f7-44b4-afc0-9a33456ef719%40googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. > > -- > Cornelius Kölbel > corneliu...@netknights.it > +49 151 2960 1417 > > NetKnights GmbH > http://www.netknights.it > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > Tel: +49 561 3166797, Fax: +49 561 3166798 > > Amtsgericht Kassel, HRB 16405 > Geschäftsführer: Cornelius Kölbel > > > -- > Please read the blog post about getting help > https://www.privacyidea.org/getting-help/. > > For professional services and consultancy regarding two factor > authentication please visit > https://netknights.it/en/leistungen/one-time-services/ > > In an enterprise environment you should get a SERVICE LEVEL AGREEMENT > which suites your needs for SECURITY, AVAILABILITY and LIABILITY: > https://netknights.it/en/leistungen/service-level-agreements/ > --- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > Visit this group at https://groups.google.com/group/privacyidea. > To view this discussion on the web visit > https://groups.google.com/d/msgid/privacyidea/ed1d3236-1553-4975-89af-f4a05b0df296%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/daf23a4a-f310-44bf-8b8a-2212b6f2e7a7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (836 Bytes)
Please try to pass additional information
http://privacyidea.readthedocs.io/en/latest/modules/api/token.html#get--token-getserial-(otp)
assigned=1 or
assigned=0
and type=totp
Kind regards
CorneliusAm Dienstag, den 03.05.2016, 08:03 -0700 schrieb Josh Patten:
Here’s a snippet of the python script I was working on to test this:
import requests
import json
import sys
import base64
from pprint import pprint
from requests.packages.urllib3.exceptions import
InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)payload2 = {
‘username’ : ‘admin’,
‘password’ : ‘LALALALALALALA’
}authurl = ‘https://2fa.example.tld/auth’
tokenurl = ‘https://2fa.example.tld/token/getserial’
headers = {‘content-type’ : ‘application/json’}response = requests.post(authurl, verify=False,
data=json.dumps(payload2), headers=headers).json()if not response[‘result’][‘status’]:
print “You’re dumb, bad credentials…”
sys.exit(1)
token = response[‘result’][‘value’][‘token’]
authheader = {‘Authorization’ : token}
OTPKey = raw_input("Enter OTP value: ")
newURL = tokenurl + ‘/’ + str(OTPKey)
response = requests.get(newURL, verify=False,
headers=authheader).json()
pprint(response)On Tuesday, May 3, 2016 at 9:10:25 AM UTC-5, Josh Patten wrote:
All,When I attempt to use the privacyidea API /token/getserial/XXXXXX to check an totp OTP key I never receive the serial number. I always receive None as the serial. Is there something I am missing here, should I be putting a different value other than the 6 digit OTP key? Thanks in advance!–
Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/6ff99093-68f5-4a45-a8f8-149a7136079b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (836 Bytes)
Here’s a snippet of the python script I was working on to test this:
import requests
import json
import sys
import base64
from pprint import pprint
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
payload2 = {
‘username’ : ‘admin’,
‘password’ : ‘LALALALALALALA’
}
authurl = 'https://2fa.example.tld/auth’
tokenurl = 'https://2fa.example.tld/token/getserial’
headers = {‘content-type’ : ‘application/json’}
response = requests.post(authurl, verify=False, data=json.dumps(payload2),
headers=headers).json()
if not response[‘result’][‘status’]:
print "You’re dumb, bad credentials…"
sys.exit(1)
token = response[‘result’][‘value’][‘token’]
authheader = {‘Authorization’ : token}
OTPKey = raw_input("Enter OTP value: ")
newURL = tokenurl + ‘/’ + str(OTPKey)
response = requests.get(newURL, verify=False, headers=authheader).json()
pprint(response)On Tuesday, May 3, 2016 at 9:10:25 AM UTC-5, Josh Patten wrote:
All,
When I attempt to use the privacyidea API /token/getserial/XXXXXX to check
an totp OTP key I never receive the serial number. I always receive None as
the serial.Is there something I am missing here, should I be putting a different
value other than the 6 digit OTP key?Thanks in advance!
Just updated to 2.11.2, still no serial number. Is there a setting in
PrivacyIDEA that I need to enable in order to query?On Tuesday, May 3, 2016 at 12:33:11 PM UTC-5, Josh Patten wrote:
Tried passing URL
https://2fa.example.tld/token/getserial/XXXXXX?type=totp&assigned=1 (I
obviously obfuscated the hostname)Replacing XXXXXX with a valid, working OTP key
Same result, no serial number returned.
Were there any known issues with this function in 2.10.2? If so I can
schedule an update to the latest version (I need to do that anyway…)On Tuesday, May 3, 2016 at 12:11:08 PM UTC-5, Cornelius Kölbel wrote:
Please try to pass additional information
http://privacyidea.readthedocs.io/en/latest/modules/api/token.html#get--token-getserial-(otp)
assigned=1 or
assigned=0and type=totp
Kind regards
CorneliusAm Dienstag, den 03.05.2016, 08:03 -0700 schrieb Josh Patten:
Here’s a snippet of the python script I was working on to test this:
import requests
import json
import sys
import base64
from pprint import pprint
from requests.packages.urllib3.exceptions import
InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)payload2 = {
‘username’ : ‘admin’,
‘password’ : ‘LALALALALALALA’
}authurl = 'https://2fa.example.tld/auth’
tokenurl = 'https://2fa.example.tld/token/getserial’
headers = {‘content-type’ : ‘application/json’}response = requests.post(authurl, verify=False,
data=json.dumps(payload2), headers=headers).json()if not response[‘result’][‘status’]:
print "You’re dumb, bad credentials…"
sys.exit(1)
token = response[‘result’][‘value’][‘token’]
authheader = {‘Authorization’ : token}
OTPKey = raw_input("Enter OTP value: ")
newURL = tokenurl + ‘/’ + str(OTPKey)
response = requests.get(newURL, verify=False,
headers=authheader).json()
pprint(response)On Tuesday, May 3, 2016 at 9:10:25 AM UTC-5, Josh Patten wrote:
All,When I attempt to use the privacyidea API /token/getserial/XXXXXX to check an totp OTP key I never receive the serial number. I always receive None as the serial. Is there something I am missing here, should I be putting a different value other than the 6 digit OTP key? Thanks in advance!–
Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visitFor more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel