/token/getserial API query not returning any serial number

All,

When I attempt to use the privacyidea API /token/getserial/XXXXXX to check
an totp OTP key I never receive the serial number. I always receive None as
the serial.

Is there something I am missing here, should I be putting a different value
other than the 6 digit OTP key?

Thanks in advance!

Apologies for the confusion, The token in question is a 6 digit TOTP that
changes every 30 seconds. The query I am trying to run is that 6 digit code.

Say, for example, the OTP value I have showing in FreeOTP on my phone is
045432 (with approximately 25 seconds remaining until the next value is
generated). I put that value in the URL as follows:

https://2fa.example.tld/token/getserial/045432?type=totp&assigned=1

Is this correct or am I misinterpreting the purpose of /token/getserial ?On Tuesday, May 3, 2016 at 1:07:50 PM UTC-5, Cornelius Kölbel wrote:

There is no additional need.
I might not be that robust. E.g. if there is any token, that would fail
(due to error in decryption), the whole query will break.
Sometimes it is good to provide as many information as possible (token
type, assigned token or not!!, parts of the serial number)
This can be used to identify tokens that were found in the hall way and
where the administrator can not read the printed serial anymore.

What is your use case?

Below you said:

Replacing XXX with a valid, working OTP key.
If you already USED this otp value (not key), it will not work anymore,
since the otp is used!

Kind regards
Cornelius

Am Dienstag, den 03.05.2016, 10:51 -0700 schrieb Josh Patten:

I’m now also noticing that this isn’t working from the web interface
either.

On Tuesday, May 3, 2016 at 12:45:06 PM UTC-5, Josh Patten wrote:
Just updated to 2.11.2, still no serial number. Is there a
setting in PrivacyIDEA that I need to enable in order to
query?

    On Tuesday, May 3, 2016 at 12:33:11 PM UTC-5, Josh Patten  wrote: 
            Tried passing URL 

https://2fa.example.tld/token/getserial/XXXXXX?type=totp&assigned=1 (I
obviously obfuscated the hostname)

            Replacing XXXXXX with a valid, working OTP key 
            
            
            Same result, no serial number returned. 
            
            
            Were there any known issues with this function in 
            2.10.2? If so I can schedule an update to the latest 
            version (I need to do that anyway...) 
            
            On Tuesday, May 3, 2016 at 12:11:08 PM UTC-5,  Cornelius Kölbel wrote: 
                    Please try to pass additional information 

http://privacyidea.readthedocs.io/en/latest/modules/api/token.html#get--token-getserial-(otp)

                    assigned=1 or 
                    assigned=0 
                    
                    and type=totp 
                    
                    Kind regards 
                    Cornelius 
                    
                    Am Dienstag, den 03.05.2016, 08:03 -0700 
                    schrieb Josh Patten: 
                    > Here's a snippet of the python script I was 
                    working on to test this: 
                    > 
                    > 
                    > import requests 
                    > import json 
                    > import sys 
                    > import base64 
                    > from pprint import pprint 
                    > from requests.packages.urllib3.exceptions 
                    import 
                    > InsecureRequestWarning 
                    > 

requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

                    > 
                    > 
                    > payload2 = { 
                    >         'username' : 'admin', 
                    >         'password' : 'LALALALALALALA' 
                    >         } 
                    > 
                    > 
                    > authurl = 'https://2fa.example.tld/auth' 
                    > tokenurl = 
                    'https://2fa.example.tld/token/getserial' 
                    > headers = {'content-type' : 
                    'application/json'} 
                    > 
                    > response = requests.post(authurl, 
                    verify=False, 
                    > data=json.dumps(payload2), 
                    headers=headers).json() 
                    > 
                    > if not response['result']['status']: 
                    >         print "You're dumb, bad 
                    credentials..." 
                    >         sys.exit(1) 
                    > token = 
                     response['result']['value']['token'] 
                    > authheader = {'Authorization' : token} 
                    > OTPKey = raw_input("Enter OTP value: ") 
                    > newURL = tokenurl + '/' + str(OTPKey) 
                    > response = requests.get(newURL, 
                    verify=False, 
                    > headers=authheader).json() 
                    > pprint(response) 
                    > 
                    > 
                    > 
                    > 
                    > 
                    > On Tuesday, May 3, 2016 at 9:10:25 AM UTC-5,  Josh Patten wrote: 
                    >         All, 
                    >         
                    >         
                    >         When I attempt to use the 
                    privacyidea 
                    >         API /token/getserial/XXXXXX to check 
                    an totp OTP key I never 
                    >         receive the serial number. I always 
                    receive None as the 
                    >         serial. 
                    >         
                    >         
                    >         Is there something I am missing 
                    here, should I be putting a 
                    >         different value other than the 6 
                    digit OTP key? 
                    >         
                    >         
                    >         Thanks in advance! 
                    > -- 
                    > Please read the blog post about getting 
                    help 
                    > https://www.privacyidea.org/getting-help/. 
                    >   
                    > For professional services and consultancy 
                    regarding two factor 
                    > authentication please visit 
                    > 

https://netknights.it/en/leistungen/one-time-services/

                    >   
                    > In an enterprise environment you should get 
                    a SERVICE LEVEL AGREEMENT 
                    > which suites your needs for SECURITY, 
                    AVAILABILITY and LIABILITY: 
                    > 

https://netknights.it/en/leistungen/service-level-agreements/

                    > --- 
                    > You received this message because you are 
                    subscribed to the Google 
                    > Groups "privacyidea" group. 
                    > To unsubscribe from this group and stop 
                    receiving emails from it, send 
                    > an email to 
                    privacyidea...@googlegroups.com. 
                    > To post to this group, send email to 
                    priva...@googlegroups.com. 
                    > Visit this group at 
                    https://groups.google.com/group/privacyidea. 
                    > To view this discussion on the web visit 
                    > 

https://groups.google.com/d/msgid/privacyidea/6ff99093-68f5-4a45-a8f8-149a7136079b%40googlegroups.com.

                    > For more options, visit 
                    https://groups.google.com/d/optout. 
                    
                    -- 
                    Cornelius Kölbel 
                    corneliu...@netknights.it 
                    +49 151 2960 1417 
                    
                    NetKnights GmbH 
                    http://www.netknights.it 
                    Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
                    Tel: +49 561 3166797, Fax: +49 561 3166798 
                    
                    Amtsgericht Kassel, HRB 16405 
                    Geschäftsführer: Cornelius Kölbel 


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit

https://groups.google.com/d/msgid/privacyidea/6e01841c-e9f7-44b4-afc0-9a33456ef719%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
corneliu...@netknights.it <javascript:>
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

There is no additional need.
I might not be that robust. E.g. if there is any token, that would fail
(due to error in decryption), the whole query will break.
Sometimes it is good to provide as many information as possible (token
type, assigned token or not!!, parts of the serial number)
This can be used to identify tokens that were found in the hall way and
where the administrator can not read the printed serial anymore.

What is your use case?

Below you said:

Replacing XXX with a valid, working OTP key.
If you already USED this otp value (not key), it will not work anymore,
since the otp is used!

Kind regards
CorneliusAm Dienstag, den 03.05.2016, 10:51 -0700 schrieb Josh Patten:

I’m now also noticing that this isn’t working from the web interface
either.

On Tuesday, May 3, 2016 at 12:45:06 PM UTC-5, Josh Patten wrote:
Just updated to 2.11.2, still no serial number. Is there a
setting in PrivacyIDEA that I need to enable in order to
query?

    On Tuesday, May 3, 2016 at 12:33:11 PM UTC-5, Josh Patten wrote:
            Tried passing URL
            https://2fa.example.tld/token/getserial/XXXXXX?type=totp&assigned=1 (I obviously obfuscated the hostname) 
            
            
            Replacing XXXXXX with a valid, working OTP key
            
            
            Same result, no serial number returned.
            
            
            Were there any known issues with this function in
            2.10.2? If so I can schedule an update to the latest
            version (I need to do that anyway...)
            
            On Tuesday, May 3, 2016 at 12:11:08 PM UTC-5, Cornelius Kölbel wrote:
                    Please try to pass additional information 
                    http://privacyidea.readthedocs.io/en/latest/modules/api/token.html#get--token-getserial-(otp) 
                    
                    assigned=1 or 
                    assigned=0 
                    
                    and type=totp 
                    
                    Kind regards 
                    Cornelius 
                    
                    Am Dienstag, den 03.05.2016, 08:03 -0700
                    schrieb Josh Patten: 
                    > Here's a snippet of the python script I was
                    working on to test this: 
                    > 
                    > 
                    > import requests 
                    > import json 
                    > import sys 
                    > import base64 
                    > from pprint import pprint 
                    > from requests.packages.urllib3.exceptions
                    import 
                    > InsecureRequestWarning 
                    >
                    requests.packages.urllib3.disable_warnings(InsecureRequestWarning) 
                    > 
                    > 
                    > payload2 = { 
                    >         'username' : 'admin', 
                    >         'password' : 'LALALALALALALA' 
                    >         } 
                    > 
                    > 
                    > authurl = 'https://2fa.example.tld/auth' 
                    > tokenurl =
                    'https://2fa.example.tld/token/getserial' 
                    > headers = {'content-type' :
                    'application/json'} 
                    > 
                    > response = requests.post(authurl,
                    verify=False, 
                    > data=json.dumps(payload2),
                    headers=headers).json() 
                    > 
                    > if not response['result']['status']: 
                    >         print "You're dumb, bad
                    credentials..." 
                    >         sys.exit(1) 
                    > token =
                     response['result']['value']['token'] 
                    > authheader = {'Authorization' : token} 
                    > OTPKey = raw_input("Enter OTP value: ") 
                    > newURL = tokenurl + '/' + str(OTPKey) 
                    > response = requests.get(newURL,
                    verify=False, 
                    > headers=authheader).json() 
                    > pprint(response) 
                    > 
                    > 
                    > 
                    > 
                    > 
                    > On Tuesday, May 3, 2016 at 9:10:25 AM UTC-5, Josh Patten wrote: 
                    >         All, 
                    >         
                    >         
                    >         When I attempt to use the
                    privacyidea 
                    >         API /token/getserial/XXXXXX to check
                    an totp OTP key I never 
                    >         receive the serial number. I always
                    receive None as the 
                    >         serial. 
                    >         
                    >         
                    >         Is there something I am missing
                    here, should I be putting a 
                    >         different value other than the 6
                    digit OTP key? 
                    >         
                    >         
                    >         Thanks in advance! 
                    > -- 
                    > Please read the blog post about getting
                    help 
                    > https://www.privacyidea.org/getting-help/. 
                    >   
                    > For professional services and consultancy
                    regarding two factor 
                    > authentication please visit 
                    >
                    https://netknights.it/en/leistungen/one-time-services/ 
                    >   
                    > In an enterprise environment you should get
                    a SERVICE LEVEL AGREEMENT 
                    > which suites your needs for SECURITY,
                    AVAILABILITY and LIABILITY: 
                    >
                    https://netknights.it/en/leistungen/service-level-agreements/ 
                    > --- 
                    > You received this message because you are
                    subscribed to the Google 
                    > Groups "privacyidea" group. 
                    > To unsubscribe from this group and stop
                    receiving emails from it, send 
                    > an email to
                    privacyidea...@googlegroups.com. 
                    > To post to this group, send email to
                    priva...@googlegroups.com. 
                    > Visit this group at
                    https://groups.google.com/group/privacyidea. 
                    > To view this discussion on the web visit 
                    >
                    https://groups.google.com/d/msgid/privacyidea/6ff99093-68f5-4a45-a8f8-149a7136079b%40googlegroups.com. 
                    > For more options, visit
                    https://groups.google.com/d/optout. 
                    
                    -- 
                    Cornelius Kölbel 
                    corneliu...@netknights.it 
                    +49 151 2960 1417 
                    
                    NetKnights GmbH 
                    http://www.netknights.it 
                    Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
                    Tel: +49 561 3166797, Fax: +49 561 3166798 
                    
                    Amtsgericht Kassel, HRB 16405 
                    Geschäftsführer: Cornelius Kölbel 


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/6e01841c-e9f7-44b4-afc0-9a33456ef719%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)

Tried passing URL
https://2fa.example.tld/token/getserial/XXXXXX?type=totp&assigned=1 (I
obviously obfuscated the hostname)

Replacing XXXXXX with a valid, working OTP key

Same result, no serial number returned.

Were there any known issues with this function in 2.10.2? If so I can
schedule an update to the latest version (I need to do that anyway…)On Tuesday, May 3, 2016 at 12:11:08 PM UTC-5, Cornelius Kölbel wrote:

Please try to pass additional information

http://privacyidea.readthedocs.io/en/latest/modules/api/token.html#get--token-getserial-(otp)

assigned=1 or
assigned=0

and type=totp

Kind regards
Cornelius

Am Dienstag, den 03.05.2016, 08:03 -0700 schrieb Josh Patten:

Here’s a snippet of the python script I was working on to test this:

import requests
import json
import sys
import base64
from pprint import pprint
from requests.packages.urllib3.exceptions import
InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

payload2 = {
‘username’ : ‘admin’,
‘password’ : ‘LALALALALALALA’
}

authurl = 'https://2fa.example.tld/auth
tokenurl = 'https://2fa.example.tld/token/getserial
headers = {‘content-type’ : ‘application/json’}

response = requests.post(authurl, verify=False,
data=json.dumps(payload2), headers=headers).json()

if not response[‘result’][‘status’]:
print "You’re dumb, bad credentials…"
sys.exit(1)
token = response[‘result’][‘value’][‘token’]
authheader = {‘Authorization’ : token}
OTPKey = raw_input("Enter OTP value: ")
newURL = tokenurl + ‘/’ + str(OTPKey)
response = requests.get(newURL, verify=False,
headers=authheader).json()
pprint(response)

On Tuesday, May 3, 2016 at 9:10:25 AM UTC-5, Josh Patten wrote:
All,

    When I attempt to use the privacyidea 
    API /token/getserial/XXXXXX to check an totp OTP key I never 
    receive the serial number. I always receive None as the 
    serial. 
    
    
    Is there something I am missing here, should I be putting a 
    different value other than the 6 digit OTP key? 
    
    
    Thanks in advance! 


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit

https://groups.google.com/d/msgid/privacyidea/6ff99093-68f5-4a45-a8f8-149a7136079b%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
corneliu...@netknights.it <javascript:>
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

OK, here’s a query I did, narrowing it to a single token:

https://2fa.example.tld/token/getserial/412308?type=totp&assigned=1&serial=TOTP003364F42

I’ve obfuscated the values, but I forced it to narrow to a single serial
(the serial for which I’m testing) and I still get a None returned for
serial.On Tuesday, May 3, 2016 at 2:22:26 PM UTC-5, Cornelius Kölbel wrote:

Hi Josh,

this is the intended purpose.
assigned=1 means you are only searching within TOTP tokens, that are
assigned to users. Is your token assigned to a user?

Searching tokens takes looooots of time. Since privacyIDEA needs to
calculate all OTP values (I think the default is 10) per token.

This is why you can reduce the group of searched tokens like
assined tokens (assigned=1) or unassigned tokens (assigned=0) …

Try adding some portion of your serial number, just to assure that in
basically works.

Kind regards
Cornelius

Am Dienstag, den 03.05.2016, 11:21 -0700 schrieb Josh Patten:

Apologies for the confusion, The token in question is a 6 digit TOTP
that changes every 30 seconds. The query I am trying to run is that 6
digit code.

Say, for example, the OTP value I have showing in FreeOTP on my phone
is 045432 (with approximately 25 seconds remaining until the next
value is generated). I put that value in the URL as follows:

https://2fa.example.tld/token/getserial/045432?type=totp&assigned=1

Is this correct or am I misinterpreting the purpose
of /token/getserial ?

On Tuesday, May 3, 2016 at 1:07:50 PM UTC-5, Cornelius Kölbel wrote:
There is no additional need.
I might not be that robust. E.g. if there is any token, that
would fail
(due to error in decryption), the whole query will break.
Sometimes it is good to provide as many information as
possible (token
type, assigned token or not!!, parts of the serial number)
This can be used to identify tokens that were found in the
hall way and
where the administrator can not read the printed serial
anymore.

    What is your use case? 
    
    Below you said: 
    
    Replacing XXX with a valid, working OTP key. 
    If you already USED this otp value (not key), it will not work 
    anymore, 
    since the otp is used! 
    
    Kind regards 
    Cornelius 
    
    Am Dienstag, den 03.05.2016, 10:51 -0700 schrieb Josh Patten: 
    > I'm now also noticing that this isn't working from the web 
    interface 
    > either. 
    > 
    > On Tuesday, May 3, 2016 at 12:45:06 PM UTC-5, Josh Patten  wrote: 
    >         Just updated to 2.11.2, still no serial number. Is 
    there a 
    >         setting in PrivacyIDEA that I need to enable in 
    order to 
    >         query? 
    >         
    >         On Tuesday, May 3, 2016 at 12:33:11 PM UTC-5, Josh  Patten  wrote: 
    >                 Tried passing URL 
    > 

https://2fa.example.tld/token/getserial/XXXXXX?type=totp&assigned=1 (I
obviously obfuscated the hostname)

    >                 
    >                 
    >                 Replacing XXXXXX with a valid, working OTP 
    key 
    >                 
    >                 
    >                 Same result, no serial number returned. 
    >                 
    >                 
    >                 Were there any known issues with this 
    function in 
    >                 2.10.2? If so I can schedule an update to 
    the latest 
    >                 version (I need to do that anyway...) 
    >                 
    >                 On Tuesday, May 3, 2016 at 12:11:08 PM  UTC-5,  Cornelius Kölbel wrote: 
    >                         Please try to pass additional 
    information 
    > 

http://privacyidea.readthedocs.io/en/latest/modules/api/token.html#get--token-getserial-(otp)

    >                         
    >                         assigned=1 or 
    >                         assigned=0 
    >                         
    >                         and type=totp 
    >                         
    >                         Kind regards 
    >                         Cornelius 
    >                         
    >                         Am Dienstag, den 03.05.2016, 08:03 
    -0700 
    >                         schrieb Josh Patten: 
    >                         > Here's a snippet of the python 
    script I was 
    >                         working on to test this: 
    >                         > 
    >                         > 
    >                         > import requests 
    >                         > import json 
    >                         > import sys 
    >                         > import base64 
    >                         > from pprint import pprint 
    >                         > from 
    requests.packages.urllib3.exceptions 
    >                         import 
    >                         > InsecureRequestWarning 
    >                         > 
    > 

requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

    >                         > 
    >                         > 
    >                         > payload2 = { 
    >                         >         'username' : 'admin', 
    >                         >         'password' : 
    'LALALALALALALA' 
    >                         >         } 
    >                         > 
    >                         > 
    >                         > authurl = 
    'https://2fa.example.tld/auth' 
    >                         > tokenurl = 
    > 
    'https://2fa.example.tld/token/getserial' 
    >                         > headers = {'content-type' : 
    >                         'application/json'} 
    >                         > 
    >                         > response = requests.post(authurl, 
    >                         verify=False, 
    >                         > data=json.dumps(payload2), 
    >                         headers=headers).json() 
    >                         > 
    >                         > if not 
    response['result']['status']: 
    >                         >         print "You're dumb, bad 
    >                         credentials..." 
    >                         >         sys.exit(1) 
    >                         > token = 
    > 
     response['result']['value']['token'] 
    >                         > authheader = {'Authorization' : 
    token} 
    >                         > OTPKey = raw_input("Enter OTP 
    value: ") 
    >                         > newURL = tokenurl + '/' + 
    str(OTPKey) 
    >                         > response = requests.get(newURL, 
    >                         verify=False, 
    >                         > headers=authheader).json() 
    >                         > pprint(response) 
    >                         > 
    >                         > 
    >                         > 
    >                         > 
    >                         > 
    >                         > On Tuesday, May 3, 2016 at 9:10:25  AM UTC-5,  Josh Patten wrote: 
    >                         >         All, 
    >                         >         
    >                         >         
    >                         >         When I attempt to use the 
    >                         privacyidea 
    >                         > 
    API /token/getserial/XXXXXX to check 
    >                         an totp OTP key I never 
    >                         >         receive the serial number. 
    I always 
    >                         receive None as the 
    >                         >         serial. 
    >                         >         
    >                         >         
    >                         >         Is there something I am 
    missing 
    >                         here, should I be putting a 
    >                         >         different value other than 
    the 6 
    >                         digit OTP key? 
    >                         >         
    >                         >         
    >                         >         Thanks in advance! 
    >                         > -- 
    >                         > Please read the blog post about 
    getting 
    >                         help 
    >                         > 
    https://www.privacyidea.org/getting-help/. 
    >                         >   
    >                         > For professional services and 
    consultancy 
    >                         regarding two factor 
    >                         > authentication please visit 
    >                         > 
    > 
    https://netknights.it/en/leistungen/one-time-services/ 
    >                         >   
    >                         > In an enterprise environment you 
    should get 
    >                         a SERVICE LEVEL AGREEMENT 
    >                         > which suites your needs for 
    SECURITY, 
    >                         AVAILABILITY and LIABILITY: 
    >                         > 
    > 
    https://netknights.it/en/leistungen/service-level-agreements/ 
    >                         > --- 
    >                         > You received this message because 
    you are 
    >                         subscribed to the Google 
    >                         > Groups "privacyidea" group. 
    >                         > To unsubscribe from this group and 
    stop 
    >                         receiving emails from it, send 
    >                         > an email to 
    >                         privacyidea...@googlegroups.com. 
    >                         > To post to this group, send email 
    to 
    >                         priva...@googlegroups.com. 
    >                         > Visit this group at 
    > 
    https://groups.google.com/group/privacyidea. 
    >                         > To view this discussion on the web 
    visit 
    >                         > 
    > 

https://groups.google.com/d/msgid/privacyidea/6ff99093-68f5-4a45-a8f8-149a7136079b%40googlegroups.com.

    >                         > For more options, visit 
    >                         https://groups.google.com/d/optout. 
    >                         
    >                         -- 
    >                         Cornelius Kölbel 
    >                         corneliu...@netknights.it 
    >                         +49 151 2960 1417 
    >                         
    >                         NetKnights GmbH 
    >                         http://www.netknights.it 
    >                         Landgraf-Karl-Str. 19, 34131 Kassel, 
    Germany 
    >                         Tel: +49 561 3166797, Fax: +49 561 
    3166798 
    >                         
    >                         Amtsgericht Kassel, HRB 16405 
    >                         Geschäftsführer: Cornelius Kölbel 
    >                         
    >                         
    > -- 
    > Please read the blog post about getting help 
    > https://www.privacyidea.org/getting-help/. 
    >   
    > For professional services and consultancy regarding two 
    factor 
    > authentication please visit 
    > https://netknights.it/en/leistungen/one-time-services/ 
    >   
    > In an enterprise environment you should get a SERVICE LEVEL 
    AGREEMENT 
    > which suites your needs for SECURITY, AVAILABILITY and 
    LIABILITY: 
    > 
    https://netknights.it/en/leistungen/service-level-agreements/ 
    > --- 
    > You received this message because you are subscribed to the 
    Google 
    > Groups "privacyidea" group. 
    > To unsubscribe from this group and stop receiving emails 
    from it, send 
    > an email to privacyidea...@googlegroups.com. 
    > To post to this group, send email to 
    priva...@googlegroups.com. 
    > Visit this group at 
    https://groups.google.com/group/privacyidea. 
    > To view this discussion on the web visit 
    > 

https://groups.google.com/d/msgid/privacyidea/6e01841c-e9f7-44b4-afc0-9a33456ef719%40googlegroups.com.

    > For more options, visit https://groups.google.com/d/optout. 
    
    -- 
    Cornelius Kölbel 
    corneliu...@netknights.it 
    +49 151 2960 1417 
    
    NetKnights GmbH 
    http://www.netknights.it 
    Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
    Tel: +49 561 3166797, Fax: +49 561 3166798 
    
    Amtsgericht Kassel, HRB 16405 
    Geschäftsführer: Cornelius Kölbel 


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit

https://groups.google.com/d/msgid/privacyidea/ed1d3236-1553-4975-89af-f4a05b0df296%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
corneliu...@netknights.it <javascript:>
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

I’m now also noticing that this isn’t working from the web interface either.On Tuesday, May 3, 2016 at 12:45:06 PM UTC-5, Josh Patten wrote:

Just updated to 2.11.2, still no serial number. Is there a setting in
PrivacyIDEA that I need to enable in order to query?

On Tuesday, May 3, 2016 at 12:33:11 PM UTC-5, Josh Patten wrote:

Tried passing URL
https://2fa.example.tld/token/getserial/XXXXXX?type=totp&assigned=1 (I
obviously obfuscated the hostname)

Replacing XXXXXX with a valid, working OTP key

Same result, no serial number returned.

Were there any known issues with this function in 2.10.2? If so I can
schedule an update to the latest version (I need to do that anyway…)

On Tuesday, May 3, 2016 at 12:11:08 PM UTC-5, Cornelius Kölbel wrote:

Please try to pass additional information

http://privacyidea.readthedocs.io/en/latest/modules/api/token.html#get--token-getserial-(otp)

assigned=1 or
assigned=0

and type=totp

Kind regards
Cornelius

Am Dienstag, den 03.05.2016, 08:03 -0700 schrieb Josh Patten:

Here’s a snippet of the python script I was working on to test this:

import requests
import json
import sys
import base64
from pprint import pprint
from requests.packages.urllib3.exceptions import
InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

payload2 = {
‘username’ : ‘admin’,
‘password’ : ‘LALALALALALALA’
}

authurl = 'https://2fa.example.tld/auth
tokenurl = 'https://2fa.example.tld/token/getserial
headers = {‘content-type’ : ‘application/json’}

response = requests.post(authurl, verify=False,
data=json.dumps(payload2), headers=headers).json()

if not response[‘result’][‘status’]:
print "You’re dumb, bad credentials…"
sys.exit(1)
token = response[‘result’][‘value’][‘token’]
authheader = {‘Authorization’ : token}
OTPKey = raw_input("Enter OTP value: ")
newURL = tokenurl + ‘/’ + str(OTPKey)
response = requests.get(newURL, verify=False,
headers=authheader).json()
pprint(response)

On Tuesday, May 3, 2016 at 9:10:25 AM UTC-5, Josh Patten wrote:
All,

    When I attempt to use the privacyidea 
    API /token/getserial/XXXXXX to check an totp OTP key I never 
    receive the serial number. I always receive None as the 
    serial. 
    
    
    Is there something I am missing here, should I be putting a 
    different value other than the 6 digit OTP key? 
    
    
    Thanks in advance! 


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit

https://groups.google.com/d/msgid/privacyidea/6ff99093-68f5-4a45-a8f8-149a7136079b%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

That was it! Setting window=300 found the OTP serial.

Thanks!On Tuesday, May 3, 2016 at 3:15:21 PM UTC-5, Cornelius Kölbel wrote:

Hi Josh,

I can confirm this is a kind of bug.
The TOTPTokenCLass.check_otp_exist takes the window value and uses it as
seconds. I think it should use it as the multiplier for the timestep in
case of TOTP.

Anyways. If you choose the “window” to be lets say 180 or 300 it will
work out for TOTP.

Kind regards
Cornelius

Am Dienstag, den 03.05.2016, 12:50 -0700 schrieb Josh Patten:

OK, here’s a query I did, narrowing it to a single token:

https://2fa.example.tld/token/getserial/412308?type=totp&assigned=1&serial=TOTP003364F42

I’ve obfuscated the values, but I forced it to narrow to a single
serial (the serial for which I’m testing) and I still get a None
returned for serial.

On Tuesday, May 3, 2016 at 2:22:26 PM UTC-5, Cornelius Kölbel wrote:
Hi Josh,

    this is the intended purpose. 
    assigned=1 means you are only searching within TOTP tokens, 
    that are 
    assigned to users. Is your token assigned to a user? 
    
    Searching tokens takes looooots of time. Since privacyIDEA 
    needs to 
    calculate _all_ OTP values (I think the default is 10) per 
    token. 
    
    This is why you can reduce the group of searched tokens like 
    assined tokens (assigned=1) or unassigned tokens 
    (assigned=0) ... 
    
    Try adding some portion of your serial number, just to assure 
    that in 
    basically works. 
    
    Kind regards 
    Cornelius 
    
    Am Dienstag, den 03.05.2016, 11:21 -0700 schrieb Josh Patten: 
    > Apologies for the confusion, The token in question is a 6 
    digit TOTP 
    > that changes every 30 seconds. The query I am trying to run 
    is that 6 
    > digit code. 
    > 
    > 
    > Say, for example, the OTP value I have showing in FreeOTP on 
    my phone 
    > is 045432 (with approximately 25 seconds remaining until the 
    next 
    > value is generated). I put that value in the URL as 
    follows: 
    > 
    > 
    > 

https://2fa.example.tld/token/getserial/045432?type=totp&assigned=1

    > 
    > 
    > Is this correct or am I misinterpreting the purpose 
    > of /token/getserial ? 
    > 
    > On Tuesday, May 3, 2016 at 1:07:50 PM UTC-5, Cornelius  Kölbel wrote: 
    >         There is no additional need. 
    >         I might not be that robust. E.g. if there is any 
    token, that 
    >         would fail 
    >         (due to error in decryption), the whole query will 
    break. 
    >         Sometimes it is good to provide as many information 
    as 
    >         possible (token 
    >         type, assigned token or not!!, parts of the serial 
    number) 
    >         This can be used to identify tokens that were found 
    in the 
    >         hall way and 
    >         where the administrator can not read the printed 
    serial 
    >         anymore. 
    >         
    >         What is your use case? 
    >         
    >         Below you said: 
    >         
    >         Replacing XXX with a valid, working OTP key. 
    >         If you already USED this otp value (not key), it 
    will not work 
    >         anymore, 
    >         since the otp is used! 
    >         
    >         Kind regards 
    >         Cornelius 
    >         
    >         Am Dienstag, den 03.05.2016, 10:51 -0700 schrieb 
    Josh Patten: 
    >         > I'm now also noticing that this isn't working from 
    the web 
    >         interface 
    >         > either. 
    >         > 
    >         > On Tuesday, May 3, 2016 at 12:45:06 PM UTC-5, Josh  Patten  wrote: 
    >         >         Just updated to 2.11.2, still no serial 
    number. Is 
    >         there a 
    >         >         setting in PrivacyIDEA that I need to 
    enable in 
    >         order to 
    >         >         query? 
    >         >         
    >         >         On Tuesday, May 3, 2016 at 12:33:11 PM  UTC-5, Josh  Patten  wrote: 
    >         >                 Tried passing URL 
    >         > 
    > 

https://2fa.example.tld/token/getserial/XXXXXX?type=totp&assigned=1 (I
obviously obfuscated the hostname)

    >         >                 
    >         >                 
    >         >                 Replacing XXXXXX with a valid, 
    working OTP 
    >         key 
    >         >                 
    >         >                 
    >         >                 Same result, no serial number 
    returned. 
    >         >                 
    >         >                 
    >         >                 Were there any known issues with 
    this 
    >         function in 
    >         >                 2.10.2? If so I can schedule an 
    update to 
    >         the latest 
    >         >                 version (I need to do that 
    anyway...) 
    >         >                 
    >         >                 On Tuesday, May 3, 2016 at  12:11:08 PM  UTC-5,  Cornelius Kölbel wrote: 
    >         >                         Please try to pass 
    additional 
    >         information 
    >         > 
    > 

http://privacyidea.readthedocs.io/en/latest/modules/api/token.html#get--token-getserial-(otp)

    >         >                         
    >         >                         assigned=1 or 
    >         >                         assigned=0 
    >         >                         
    >         >                         and type=totp 
    >         >                         
    >         >                         Kind regards 
    >         >                         Cornelius 
    >         >                         
    >         >                         Am Dienstag, den 
    03.05.2016, 08:03 
    >         -0700 
    >         >                         schrieb Josh Patten: 
    >         >                         > Here's a snippet of the 
    python 
    >         script I was 
    >         >                         working on to test this: 
    >         >                         > 
    >         >                         > 
    >         >                         > import requests 
    >         >                         > import json 
    >         >                         > import sys 
    >         >                         > import base64 
    >         >                         > from pprint import 
    pprint 
    >         >                         > from 
    >         requests.packages.urllib3.exceptions 
    >         >                         import 
    >         >                         > InsecureRequestWarning 
    >         >                         > 
    >         > 
    > 

requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

    >         >                         > 
    >         >                         > 
    >         >                         > payload2 = { 
    >         >                         >         'username' : 
    'admin', 
    >         >                         >         'password' : 
    >         'LALALALALALALA' 
    >         >                         >         } 
    >         >                         > 
    >         >                         > 
    >         >                         > authurl = 
    >         'https://2fa.example.tld/auth' 
    >         >                         > tokenurl = 
    >         > 
    >         'https://2fa.example.tld/token/getserial' 
    >         >                         > headers = 
    {'content-type' : 
    >         >                         'application/json'} 
    >         >                         > 
    >         >                         > response = 
    requests.post(authurl, 
    >         >                         verify=False, 
    >         >                         > 
    data=json.dumps(payload2), 
    >         >                         headers=headers).json() 
    >         >                         > 
    >         >                         > if not 
    >         response['result']['status']: 
    >         >                         >         print "You're 
    dumb, bad 
    >         >                         credentials..." 
    >         >                         >         sys.exit(1) 
    >         >                         > token = 
    >         > 
    >          response['result']['value']['token'] 
    >         >                         > authheader = 
    {'Authorization' : 
    >         token} 
    >         >                         > OTPKey = 
    raw_input("Enter OTP 
    >         value: ") 
    >         >                         > newURL = tokenurl + '/' 
    + 
    >         str(OTPKey) 
    >         >                         > response = 
    requests.get(newURL, 
    >         >                         verify=False, 
    >         >                         > 
    headers=authheader).json() 
    >         >                         > pprint(response) 
    >         >                         > 
    >         >                         > 
    >         >                         > 
    >         >                         > 
    >         >                         > 
    >         >                         > On Tuesday, May 3, 2016  at 9:10:25  AM UTC-5,  Josh Patten wrote: 
    >         >                         >         All, 
    >         >                         >         
    >         >                         >         
    >         >                         >         When I attempt 
    to use the 
    >         >                         privacyidea 
    >         >                         > 
    >         API /token/getserial/XXXXXX to check 
    >         >                         an totp OTP key I never 
    >         >                         >         receive the 
    serial number. 
    >         I always 
    >         >                         receive None as the 
    >         >                         >         serial. 
    >         >                         >         
    >         >                         >         
    >         >                         >         Is there 
    something I am 
    >         missing 
    >         >                         here, should I be putting 
    a 
    >         >                         >         different value 
    other than 
    >         the 6 
    >         >                         digit OTP key? 
    >         >                         >         
    >         >                         >         
    >         >                         >         Thanks in 
    advance! 
    >         >                         > -- 
    >         >                         > Please read the blog 
    post about 
    >         getting 
    >         >                         help 
    >         >                         > 
    >         https://www.privacyidea.org/getting-help/. 
    >         >                         >   
    >         >                         > For professional 
    services and 
    >         consultancy 
    >         >                         regarding two factor 
    >         >                         > authentication please 
    visit 
    >         >                         > 
    >         > 
    > 
    https://netknights.it/en/leistungen/one-time-services/ 
    >         >                         >   
    >         >                         > In an enterprise 
    environment you 
    >         should get 
    >         >                         a SERVICE LEVEL AGREEMENT 
    >         >                         > which suites your needs 
    for 
    >         SECURITY, 
    >         >                         AVAILABILITY and 
    LIABILITY: 
    >         >                         > 
    >         > 
    > 
    https://netknights.it/en/leistungen/service-level-agreements/ 
    >         >                         > --- 
    >         >                         > You received this 
    message because 
    >         you are 
    >         >                         subscribed to the Google 
    >         >                         > Groups "privacyidea" 
    group. 
    >         >                         > To unsubscribe from this 
    group and 
    >         stop 
    >         >                         receiving emails from it, 
    send 
    >         >                         > an email to 
    >         > 
    privacyidea...@googlegroups.com. 
    >         >                         > To post to this group, 
    send email 
    >         to 
    >         > 
    priva...@googlegroups.com. 
    >         >                         > Visit this group at 
    >         > 
    >         https://groups.google.com/group/privacyidea. 
    >         >                         > To view this discussion 
    on the web 
    >         visit 
    >         >                         > 
    >         > 
    > 

https://groups.google.com/d/msgid/privacyidea/6ff99093-68f5-4a45-a8f8-149a7136079b%40googlegroups.com.

    >         >                         > For more options, visit 
    >         > 
    https://groups.google.com/d/optout. 
    >         >                         
    >         >                         -- 
    >         >                         Cornelius Kölbel 
    >         >                         corneliu...@netknights.it 
    >         >                         +49 151 2960 1417 
    >         >                         
    >         >                         NetKnights GmbH 
    >         >                         http://www.netknights.it 
    >         >                         Landgraf-Karl-Str. 19, 
    34131 Kassel, 
    >         Germany 
    >         >                         Tel: +49 561 3166797, Fax: 
    +49 561 
    >         3166798 
    >         >                         
    >         >                         Amtsgericht Kassel, HRB 
    16405 
    >         >                         Geschäftsführer: Cornelius 
    Kölbel 
    >         >                         
    >         >                         
    >         > -- 
    >         > Please read the blog post about getting help 
    >         > https://www.privacyidea.org/getting-help/. 
    >         >   
    >         > For professional services and consultancy 
    regarding two 
    >         factor 
    >         > authentication please visit 
    >         > 
    https://netknights.it/en/leistungen/one-time-services/ 
    >         >   
    >         > In an enterprise environment you should get a 
    SERVICE LEVEL 
    >         AGREEMENT 
    >         > which suites your needs for SECURITY, AVAILABILITY 
    and 
    >         LIABILITY: 
    >         > 
    > 
    https://netknights.it/en/leistungen/service-level-agreements/ 
    >         > --- 
    >         > You received this message because you are 
    subscribed to the 
    >         Google 
    >         > Groups "privacyidea" group. 
    >         > To unsubscribe from this group and stop receiving 
    emails 
    >         from it, send 
    >         > an email to privacyidea...@googlegroups.com. 
    >         > To post to this group, send email to 
    >         priva...@googlegroups.com. 
    >         > Visit this group at 
    >         https://groups.google.com/group/privacyidea. 
    >         > To view this discussion on the web visit 
    >         > 
    > 

https://groups.google.com/d/msgid/privacyidea/6e01841c-e9f7-44b4-afc0-9a33456ef719%40googlegroups.com.

    >         > For more options, visit 
    https://groups.google.com/d/optout. 
    >         
    >         -- 
    >         Cornelius Kölbel 
    >         corneliu...@netknights.it 
    >         +49 151 2960 1417 
    >         
    >         NetKnights GmbH 
    >         http://www.netknights.it 
    >         Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
    >         Tel: +49 561 3166797, Fax: +49 561 3166798 
    >         
    >         Amtsgericht Kassel, HRB 16405 
    >         Geschäftsführer: Cornelius Kölbel 
    >         
    >         
    > -- 
    > Please read the blog post about getting help 
    > https://www.privacyidea.org/getting-help/. 
    >   
    > For professional services and consultancy regarding two 
    factor 
    > authentication please visit 
    > https://netknights.it/en/leistungen/one-time-services/ 
    >   
    > In an enterprise environment you should get a SERVICE LEVEL 
    AGREEMENT 
    > which suites your needs for SECURITY, AVAILABILITY and 
    LIABILITY: 
    > 
    https://netknights.it/en/leistungen/service-level-agreements/ 
    > --- 
    > You received this message because you are subscribed to the 
    Google 
    > Groups "privacyidea" group. 
    > To unsubscribe from this group and stop receiving emails 
    from it, send 
    > an email to privacyidea...@googlegroups.com. 
    > To post to this group, send email to 
    priva...@googlegroups.com. 
    > Visit this group at 
    https://groups.google.com/group/privacyidea. 
    > To view this discussion on the web visit 
    > 

https://groups.google.com/d/msgid/privacyidea/ed1d3236-1553-4975-89af-f4a05b0df296%40googlegroups.com.

    > For more options, visit https://groups.google.com/d/optout. 
    
    -- 
    Cornelius Kölbel 
    corneliu...@netknights.it 
    +49 151 2960 1417 
    
    NetKnights GmbH 
    http://www.netknights.it 
    Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
    Tel: +49 561 3166797, Fax: +49 561 3166798 
    
    Amtsgericht Kassel, HRB 16405 
    Geschäftsführer: Cornelius Kölbel 


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit

https://groups.google.com/d/msgid/privacyidea/daf23a4a-f310-44bf-8b8a-2212b6f2e7a7%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
corneliu...@netknights.it <javascript:>
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

Hi Josh,

this is the intended purpose.
assigned=1 means you are only searching within TOTP tokens, that are
assigned to users. Is your token assigned to a user?

Searching tokens takes looooots of time. Since privacyIDEA needs to
calculate all OTP values (I think the default is 10) per token.

This is why you can reduce the group of searched tokens like
assined tokens (assigned=1) or unassigned tokens (assigned=0) …

Try adding some portion of your serial number, just to assure that in
basically works.

Kind regards
CorneliusAm Dienstag, den 03.05.2016, 11:21 -0700 schrieb Josh Patten:

Apologies for the confusion, The token in question is a 6 digit TOTP
that changes every 30 seconds. The query I am trying to run is that 6
digit code.

Say, for example, the OTP value I have showing in FreeOTP on my phone
is 045432 (with approximately 25 seconds remaining until the next
value is generated). I put that value in the URL as follows:

https://2fa.example.tld/token/getserial/045432?type=totp&assigned=1

Is this correct or am I misinterpreting the purpose
of /token/getserial ?

On Tuesday, May 3, 2016 at 1:07:50 PM UTC-5, Cornelius Kölbel wrote:
There is no additional need.
I might not be that robust. E.g. if there is any token, that
would fail
(due to error in decryption), the whole query will break.
Sometimes it is good to provide as many information as
possible (token
type, assigned token or not!!, parts of the serial number)
This can be used to identify tokens that were found in the
hall way and
where the administrator can not read the printed serial
anymore.

    What is your use case? 
    
    Below you said: 
    
    Replacing XXX with a valid, working OTP key. 
    If you already USED this otp value (not key), it will not work
    anymore, 
    since the otp is used! 
    
    Kind regards 
    Cornelius 
    
    Am Dienstag, den 03.05.2016, 10:51 -0700 schrieb Josh Patten: 
    > I'm now also noticing that this isn't working from the web
    interface 
    > either. 
    > 
    > On Tuesday, May 3, 2016 at 12:45:06 PM UTC-5, Josh Patten wrote: 
    >         Just updated to 2.11.2, still no serial number. Is
    there a 
    >         setting in PrivacyIDEA that I need to enable in
    order to 
    >         query? 
    >         
    >         On Tuesday, May 3, 2016 at 12:33:11 PM UTC-5, Josh Patten  wrote: 
    >                 Tried passing URL 
    >
    https://2fa.example.tld/token/getserial/XXXXXX?type=totp&assigned=1 (I obviously obfuscated the hostname) 
    >                 
    >                 
    >                 Replacing XXXXXX with a valid, working OTP
    key 
    >                 
    >                 
    >                 Same result, no serial number returned. 
    >                 
    >                 
    >                 Were there any known issues with this
    function in 
    >                 2.10.2? If so I can schedule an update to
    the latest 
    >                 version (I need to do that anyway...) 
    >                 
    >                 On Tuesday, May 3, 2016 at 12:11:08 PM UTC-5,  Cornelius Kölbel wrote: 
    >                         Please try to pass additional
    information 
    >
    http://privacyidea.readthedocs.io/en/latest/modules/api/token.html#get--token-getserial-(otp) 
    >                         
    >                         assigned=1 or 
    >                         assigned=0 
    >                         
    >                         and type=totp 
    >                         
    >                         Kind regards 
    >                         Cornelius 
    >                         
    >                         Am Dienstag, den 03.05.2016, 08:03
    -0700 
    >                         schrieb Josh Patten: 
    >                         > Here's a snippet of the python
    script I was 
    >                         working on to test this: 
    >                         > 
    >                         > 
    >                         > import requests 
    >                         > import json 
    >                         > import sys 
    >                         > import base64 
    >                         > from pprint import pprint 
    >                         > from
    requests.packages.urllib3.exceptions 
    >                         import 
    >                         > InsecureRequestWarning 
    >                         > 
    >
    requests.packages.urllib3.disable_warnings(InsecureRequestWarning) 
    >                         > 
    >                         > 
    >                         > payload2 = { 
    >                         >         'username' : 'admin', 
    >                         >         'password' :
    'LALALALALALALA' 
    >                         >         } 
    >                         > 
    >                         > 
    >                         > authurl =
    'https://2fa.example.tld/auth' 
    >                         > tokenurl = 
    >
    'https://2fa.example.tld/token/getserial' 
    >                         > headers = {'content-type' : 
    >                         'application/json'} 
    >                         > 
    >                         > response = requests.post(authurl, 
    >                         verify=False, 
    >                         > data=json.dumps(payload2), 
    >                         headers=headers).json() 
    >                         > 
    >                         > if not
    response['result']['status']: 
    >                         >         print "You're dumb, bad 
    >                         credentials..." 
    >                         >         sys.exit(1) 
    >                         > token = 
    >
     response['result']['value']['token'] 
    >                         > authheader = {'Authorization' :
    token} 
    >                         > OTPKey = raw_input("Enter OTP
    value: ") 
    >                         > newURL = tokenurl + '/' +
    str(OTPKey) 
    >                         > response = requests.get(newURL, 
    >                         verify=False, 
    >                         > headers=authheader).json() 
    >                         > pprint(response) 
    >                         > 
    >                         > 
    >                         > 
    >                         > 
    >                         > 
    >                         > On Tuesday, May 3, 2016 at 9:10:25 AM UTC-5,  Josh Patten wrote: 
    >                         >         All, 
    >                         >         
    >                         >         
    >                         >         When I attempt to use the 
    >                         privacyidea 
    >                         >
    API /token/getserial/XXXXXX to check 
    >                         an totp OTP key I never 
    >                         >         receive the serial number.
    I always 
    >                         receive None as the 
    >                         >         serial. 
    >                         >         
    >                         >         
    >                         >         Is there something I am
    missing 
    >                         here, should I be putting a 
    >                         >         different value other than
    the 6 
    >                         digit OTP key? 
    >                         >         
    >                         >         
    >                         >         Thanks in advance! 
    >                         > -- 
    >                         > Please read the blog post about
    getting 
    >                         help 
    >                         >
    https://www.privacyidea.org/getting-help/. 
    >                         >   
    >                         > For professional services and
    consultancy 
    >                         regarding two factor 
    >                         > authentication please visit 
    >                         > 
    >
    https://netknights.it/en/leistungen/one-time-services/ 
    >                         >   
    >                         > In an enterprise environment you
    should get 
    >                         a SERVICE LEVEL AGREEMENT 
    >                         > which suites your needs for
    SECURITY, 
    >                         AVAILABILITY and LIABILITY: 
    >                         > 
    >
    https://netknights.it/en/leistungen/service-level-agreements/ 
    >                         > --- 
    >                         > You received this message because
    you are 
    >                         subscribed to the Google 
    >                         > Groups "privacyidea" group. 
    >                         > To unsubscribe from this group and
    stop 
    >                         receiving emails from it, send 
    >                         > an email to 
    >                         privacyidea...@googlegroups.com. 
    >                         > To post to this group, send email
    to 
    >                         priva...@googlegroups.com. 
    >                         > Visit this group at 
    >
    https://groups.google.com/group/privacyidea. 
    >                         > To view this discussion on the web
    visit 
    >                         > 
    >
    https://groups.google.com/d/msgid/privacyidea/6ff99093-68f5-4a45-a8f8-149a7136079b%40googlegroups.com. 
    >                         > For more options, visit 
    >                         https://groups.google.com/d/optout. 
    >                         
    >                         -- 
    >                         Cornelius Kölbel 
    >                         corneliu...@netknights.it 
    >                         +49 151 2960 1417 
    >                         
    >                         NetKnights GmbH 
    >                         http://www.netknights.it 
    >                         Landgraf-Karl-Str. 19, 34131 Kassel,
    Germany 
    >                         Tel: +49 561 3166797, Fax: +49 561
    3166798 
    >                         
    >                         Amtsgericht Kassel, HRB 16405 
    >                         Geschäftsführer: Cornelius Kölbel 
    >                         
    >                         
    > -- 
    > Please read the blog post about getting help 
    > https://www.privacyidea.org/getting-help/. 
    >   
    > For professional services and consultancy regarding two
    factor 
    > authentication please visit 
    > https://netknights.it/en/leistungen/one-time-services/ 
    >   
    > In an enterprise environment you should get a SERVICE LEVEL
    AGREEMENT 
    > which suites your needs for SECURITY, AVAILABILITY and
    LIABILITY: 
    >
    https://netknights.it/en/leistungen/service-level-agreements/ 
    > --- 
    > You received this message because you are subscribed to the
    Google 
    > Groups "privacyidea" group. 
    > To unsubscribe from this group and stop receiving emails
    from it, send 
    > an email to privacyidea...@googlegroups.com. 
    > To post to this group, send email to
    priva...@googlegroups.com. 
    > Visit this group at
    https://groups.google.com/group/privacyidea. 
    > To view this discussion on the web visit 
    >
    https://groups.google.com/d/msgid/privacyidea/6e01841c-e9f7-44b4-afc0-9a33456ef719%40googlegroups.com. 
    > For more options, visit https://groups.google.com/d/optout. 
    
    -- 
    Cornelius Kölbel 
    corneliu...@netknights.it 
    +49 151 2960 1417 
    
    NetKnights GmbH 
    http://www.netknights.it 
    Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
    Tel: +49 561 3166797, Fax: +49 561 3166798 
    
    Amtsgericht Kassel, HRB 16405 
    Geschäftsführer: Cornelius Kölbel 


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/ed1d3236-1553-4975-89af-f4a05b0df296%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)

Hi Josh,

I can confirm this is a kind of bug.
The TOTPTokenCLass.check_otp_exist takes the window value and uses it as
seconds. I think it should use it as the multiplier for the timestep in
case of TOTP.

Anyways. If you choose the “window” to be lets say 180 or 300 it will
work out for TOTP.

Kind regards
CorneliusAm Dienstag, den 03.05.2016, 12:50 -0700 schrieb Josh Patten:

OK, here’s a query I did, narrowing it to a single token:

https://2fa.example.tld/token/getserial/412308?type=totp&assigned=1&serial=TOTP003364F42

I’ve obfuscated the values, but I forced it to narrow to a single
serial (the serial for which I’m testing) and I still get a None
returned for serial.

On Tuesday, May 3, 2016 at 2:22:26 PM UTC-5, Cornelius Kölbel wrote:
Hi Josh,

    this is the intended purpose. 
    assigned=1 means you are only searching within TOTP tokens,
    that are 
    assigned to users. Is your token assigned to a user? 
    
    Searching tokens takes looooots of time. Since privacyIDEA
    needs to 
    calculate _all_ OTP values (I think the default is 10) per
    token. 
    
    This is why you can reduce the group of searched tokens like 
    assined tokens (assigned=1) or unassigned tokens
    (assigned=0) ... 
    
    Try adding some portion of your serial number, just to assure
    that in 
    basically works. 
    
    Kind regards 
    Cornelius 
    
    Am Dienstag, den 03.05.2016, 11:21 -0700 schrieb Josh Patten: 
    > Apologies for the confusion, The token in question is a 6
    digit TOTP 
    > that changes every 30 seconds. The query I am trying to run
    is that 6 
    > digit code. 
    > 
    > 
    > Say, for example, the OTP value I have showing in FreeOTP on
    my phone 
    > is 045432 (with approximately 25 seconds remaining until the
    next 
    > value is generated). I put that value in the URL as
    follows: 
    > 
    > 
    >
    https://2fa.example.tld/token/getserial/045432?type=totp&assigned=1 
    > 
    > 
    > Is this correct or am I misinterpreting the purpose 
    > of /token/getserial ? 
    > 
    > On Tuesday, May 3, 2016 at 1:07:50 PM UTC-5, Cornelius Kölbel wrote: 
    >         There is no additional need. 
    >         I might not be that robust. E.g. if there is any
    token, that 
    >         would fail 
    >         (due to error in decryption), the whole query will
    break. 
    >         Sometimes it is good to provide as many information
    as 
    >         possible (token 
    >         type, assigned token or not!!, parts of the serial
    number) 
    >         This can be used to identify tokens that were found
    in the 
    >         hall way and 
    >         where the administrator can not read the printed
    serial 
    >         anymore. 
    >         
    >         What is your use case? 
    >         
    >         Below you said: 
    >         
    >         Replacing XXX with a valid, working OTP key. 
    >         If you already USED this otp value (not key), it
    will not work 
    >         anymore, 
    >         since the otp is used! 
    >         
    >         Kind regards 
    >         Cornelius 
    >         
    >         Am Dienstag, den 03.05.2016, 10:51 -0700 schrieb
    Josh Patten: 
    >         > I'm now also noticing that this isn't working from
    the web 
    >         interface 
    >         > either. 
    >         > 
    >         > On Tuesday, May 3, 2016 at 12:45:06 PM UTC-5, Josh Patten  wrote: 
    >         >         Just updated to 2.11.2, still no serial
    number. Is 
    >         there a 
    >         >         setting in PrivacyIDEA that I need to
    enable in 
    >         order to 
    >         >         query? 
    >         >         
    >         >         On Tuesday, May 3, 2016 at 12:33:11 PM UTC-5, Josh  Patten  wrote: 
    >         >                 Tried passing URL 
    >         > 
    >
    https://2fa.example.tld/token/getserial/XXXXXX?type=totp&assigned=1 (I obviously obfuscated the hostname) 
    >         >                 
    >         >                 
    >         >                 Replacing XXXXXX with a valid,
    working OTP 
    >         key 
    >         >                 
    >         >                 
    >         >                 Same result, no serial number
    returned. 
    >         >                 
    >         >                 
    >         >                 Were there any known issues with
    this 
    >         function in 
    >         >                 2.10.2? If so I can schedule an
    update to 
    >         the latest 
    >         >                 version (I need to do that
    anyway...) 
    >         >                 
    >         >                 On Tuesday, May 3, 2016 at 12:11:08 PM  UTC-5,  Cornelius Kölbel wrote: 
    >         >                         Please try to pass
    additional 
    >         information 
    >         > 
    >
    http://privacyidea.readthedocs.io/en/latest/modules/api/token.html#get--token-getserial-(otp) 
    >         >                         
    >         >                         assigned=1 or 
    >         >                         assigned=0 
    >         >                         
    >         >                         and type=totp 
    >         >                         
    >         >                         Kind regards 
    >         >                         Cornelius 
    >         >                         
    >         >                         Am Dienstag, den
    03.05.2016, 08:03 
    >         -0700 
    >         >                         schrieb Josh Patten: 
    >         >                         > Here's a snippet of the
    python 
    >         script I was 
    >         >                         working on to test this: 
    >         >                         > 
    >         >                         > 
    >         >                         > import requests 
    >         >                         > import json 
    >         >                         > import sys 
    >         >                         > import base64 
    >         >                         > from pprint import
    pprint 
    >         >                         > from 
    >         requests.packages.urllib3.exceptions 
    >         >                         import 
    >         >                         > InsecureRequestWarning 
    >         >                         > 
    >         > 
    >
    requests.packages.urllib3.disable_warnings(InsecureRequestWarning) 
    >         >                         > 
    >         >                         > 
    >         >                         > payload2 = { 
    >         >                         >         'username' :
    'admin', 
    >         >                         >         'password' : 
    >         'LALALALALALALA' 
    >         >                         >         } 
    >         >                         > 
    >         >                         > 
    >         >                         > authurl = 
    >         'https://2fa.example.tld/auth' 
    >         >                         > tokenurl = 
    >         > 
    >         'https://2fa.example.tld/token/getserial' 
    >         >                         > headers =
    {'content-type' : 
    >         >                         'application/json'} 
    >         >                         > 
    >         >                         > response =
    requests.post(authurl, 
    >         >                         verify=False, 
    >         >                         >
    data=json.dumps(payload2), 
    >         >                         headers=headers).json() 
    >         >                         > 
    >         >                         > if not 
    >         response['result']['status']: 
    >         >                         >         print "You're
    dumb, bad 
    >         >                         credentials..." 
    >         >                         >         sys.exit(1) 
    >         >                         > token = 
    >         > 
    >          response['result']['value']['token'] 
    >         >                         > authheader =
    {'Authorization' : 
    >         token} 
    >         >                         > OTPKey =
    raw_input("Enter OTP 
    >         value: ") 
    >         >                         > newURL = tokenurl + '/'
    + 
    >         str(OTPKey) 
    >         >                         > response =
    requests.get(newURL, 
    >         >                         verify=False, 
    >         >                         >
    headers=authheader).json() 
    >         >                         > pprint(response) 
    >         >                         > 
    >         >                         > 
    >         >                         > 
    >         >                         > 
    >         >                         > 
    >         >                         > On Tuesday, May 3, 2016 at 9:10:25  AM UTC-5,  Josh Patten wrote: 
    >         >                         >         All, 
    >         >                         >         
    >         >                         >         
    >         >                         >         When I attempt
    to use the 
    >         >                         privacyidea 
    >         >                         > 
    >         API /token/getserial/XXXXXX to check 
    >         >                         an totp OTP key I never 
    >         >                         >         receive the
    serial number. 
    >         I always 
    >         >                         receive None as the 
    >         >                         >         serial. 
    >         >                         >         
    >         >                         >         
    >         >                         >         Is there
    something I am 
    >         missing 
    >         >                         here, should I be putting
    a 
    >         >                         >         different value
    other than 
    >         the 6 
    >         >                         digit OTP key? 
    >         >                         >         
    >         >                         >         
    >         >                         >         Thanks in
    advance! 
    >         >                         > -- 
    >         >                         > Please read the blog
    post about 
    >         getting 
    >         >                         help 
    >         >                         > 
    >         https://www.privacyidea.org/getting-help/. 
    >         >                         >   
    >         >                         > For professional
    services and 
    >         consultancy 
    >         >                         regarding two factor 
    >         >                         > authentication please
    visit 
    >         >                         > 
    >         > 
    >
    https://netknights.it/en/leistungen/one-time-services/ 
    >         >                         >   
    >         >                         > In an enterprise
    environment you 
    >         should get 
    >         >                         a SERVICE LEVEL AGREEMENT 
    >         >                         > which suites your needs
    for 
    >         SECURITY, 
    >         >                         AVAILABILITY and
    LIABILITY: 
    >         >                         > 
    >         > 
    >
    https://netknights.it/en/leistungen/service-level-agreements/ 
    >         >                         > --- 
    >         >                         > You received this
    message because 
    >         you are 
    >         >                         subscribed to the Google 
    >         >                         > Groups "privacyidea"
    group. 
    >         >                         > To unsubscribe from this
    group and 
    >         stop 
    >         >                         receiving emails from it,
    send 
    >         >                         > an email to 
    >         >
    privacyidea...@googlegroups.com. 
    >         >                         > To post to this group,
    send email 
    >         to 
    >         >
    priva...@googlegroups.com. 
    >         >                         > Visit this group at 
    >         > 
    >         https://groups.google.com/group/privacyidea. 
    >         >                         > To view this discussion
    on the web 
    >         visit 
    >         >                         > 
    >         > 
    >
    https://groups.google.com/d/msgid/privacyidea/6ff99093-68f5-4a45-a8f8-149a7136079b%40googlegroups.com. 
    >         >                         > For more options, visit 
    >         >
    https://groups.google.com/d/optout. 
    >         >                         
    >         >                         -- 
    >         >                         Cornelius Kölbel 
    >         >                         corneliu...@netknights.it 
    >         >                         +49 151 2960 1417 
    >         >                         
    >         >                         NetKnights GmbH 
    >         >                         http://www.netknights.it 
    >         >                         Landgraf-Karl-Str. 19,
    34131 Kassel, 
    >         Germany 
    >         >                         Tel: +49 561 3166797, Fax:
    +49 561 
    >         3166798 
    >         >                         
    >         >                         Amtsgericht Kassel, HRB
    16405 
    >         >                         Geschäftsführer: Cornelius
    Kölbel 
    >         >                         
    >         >                         
    >         > -- 
    >         > Please read the blog post about getting help 
    >         > https://www.privacyidea.org/getting-help/. 
    >         >   
    >         > For professional services and consultancy
    regarding two 
    >         factor 
    >         > authentication please visit 
    >         >
    https://netknights.it/en/leistungen/one-time-services/ 
    >         >   
    >         > In an enterprise environment you should get a
    SERVICE LEVEL 
    >         AGREEMENT 
    >         > which suites your needs for SECURITY, AVAILABILITY
    and 
    >         LIABILITY: 
    >         > 
    >
    https://netknights.it/en/leistungen/service-level-agreements/ 
    >         > --- 
    >         > You received this message because you are
    subscribed to the 
    >         Google 
    >         > Groups "privacyidea" group. 
    >         > To unsubscribe from this group and stop receiving
    emails 
    >         from it, send 
    >         > an email to privacyidea...@googlegroups.com. 
    >         > To post to this group, send email to 
    >         priva...@googlegroups.com. 
    >         > Visit this group at 
    >         https://groups.google.com/group/privacyidea. 
    >         > To view this discussion on the web visit 
    >         > 
    >
    https://groups.google.com/d/msgid/privacyidea/6e01841c-e9f7-44b4-afc0-9a33456ef719%40googlegroups.com. 
    >         > For more options, visit
    https://groups.google.com/d/optout. 
    >         
    >         -- 
    >         Cornelius Kölbel 
    >         corneliu...@netknights.it 
    >         +49 151 2960 1417 
    >         
    >         NetKnights GmbH 
    >         http://www.netknights.it 
    >         Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
    >         Tel: +49 561 3166797, Fax: +49 561 3166798 
    >         
    >         Amtsgericht Kassel, HRB 16405 
    >         Geschäftsführer: Cornelius Kölbel 
    >         
    >         
    > -- 
    > Please read the blog post about getting help 
    > https://www.privacyidea.org/getting-help/. 
    >   
    > For professional services and consultancy regarding two
    factor 
    > authentication please visit 
    > https://netknights.it/en/leistungen/one-time-services/ 
    >   
    > In an enterprise environment you should get a SERVICE LEVEL
    AGREEMENT 
    > which suites your needs for SECURITY, AVAILABILITY and
    LIABILITY: 
    >
    https://netknights.it/en/leistungen/service-level-agreements/ 
    > --- 
    > You received this message because you are subscribed to the
    Google 
    > Groups "privacyidea" group. 
    > To unsubscribe from this group and stop receiving emails
    from it, send 
    > an email to privacyidea...@googlegroups.com. 
    > To post to this group, send email to
    priva...@googlegroups.com. 
    > Visit this group at
    https://groups.google.com/group/privacyidea. 
    > To view this discussion on the web visit 
    >
    https://groups.google.com/d/msgid/privacyidea/ed1d3236-1553-4975-89af-f4a05b0df296%40googlegroups.com. 
    > For more options, visit https://groups.google.com/d/optout. 
    
    -- 
    Cornelius Kölbel 
    corneliu...@netknights.it 
    +49 151 2960 1417 
    
    NetKnights GmbH 
    http://www.netknights.it 
    Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
    Tel: +49 561 3166797, Fax: +49 561 3166798 
    
    Amtsgericht Kassel, HRB 16405 
    Geschäftsführer: Cornelius Kölbel 


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/daf23a4a-f310-44bf-8b8a-2212b6f2e7a7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)

Please try to pass additional information
http://privacyidea.readthedocs.io/en/latest/modules/api/token.html#get--token-getserial-(otp)

assigned=1 or
assigned=0

and type=totp

Kind regards
CorneliusAm Dienstag, den 03.05.2016, 08:03 -0700 schrieb Josh Patten:

Here’s a snippet of the python script I was working on to test this:

import requests
import json
import sys
import base64
from pprint import pprint
from requests.packages.urllib3.exceptions import
InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

payload2 = {
‘username’ : ‘admin’,
‘password’ : ‘LALALALALALALA’
}

authurl = ‘https://2fa.example.tld/auth
tokenurl = ‘https://2fa.example.tld/token/getserial
headers = {‘content-type’ : ‘application/json’}

response = requests.post(authurl, verify=False,
data=json.dumps(payload2), headers=headers).json()

if not response[‘result’][‘status’]:
print “You’re dumb, bad credentials…”
sys.exit(1)
token = response[‘result’][‘value’][‘token’]
authheader = {‘Authorization’ : token}
OTPKey = raw_input("Enter OTP value: ")
newURL = tokenurl + ‘/’ + str(OTPKey)
response = requests.get(newURL, verify=False,
headers=authheader).json()
pprint(response)

On Tuesday, May 3, 2016 at 9:10:25 AM UTC-5, Josh Patten wrote:
All,

    When I attempt to use the privacyidea
    API /token/getserial/XXXXXX to check an totp OTP key I never
    receive the serial number. I always receive None as the
    serial.
    
    
    Is there something I am missing here, should I be putting a
    different value other than the 6 digit OTP key?
    
    
    Thanks in advance!


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/6ff99093-68f5-4a45-a8f8-149a7136079b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)

Here’s a snippet of the python script I was working on to test this:

import requests
import json
import sys
import base64
from pprint import pprint
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

payload2 = {
‘username’ : ‘admin’,
‘password’ : ‘LALALALALALALA’
}

authurl = 'https://2fa.example.tld/auth
tokenurl = 'https://2fa.example.tld/token/getserial
headers = {‘content-type’ : ‘application/json’}

response = requests.post(authurl, verify=False, data=json.dumps(payload2),
headers=headers).json()

if not response[‘result’][‘status’]:
print "You’re dumb, bad credentials…"
sys.exit(1)
token = response[‘result’][‘value’][‘token’]
authheader = {‘Authorization’ : token}
OTPKey = raw_input("Enter OTP value: ")
newURL = tokenurl + ‘/’ + str(OTPKey)
response = requests.get(newURL, verify=False, headers=authheader).json()
pprint(response)On Tuesday, May 3, 2016 at 9:10:25 AM UTC-5, Josh Patten wrote:

All,

When I attempt to use the privacyidea API /token/getserial/XXXXXX to check
an totp OTP key I never receive the serial number. I always receive None as
the serial.

Is there something I am missing here, should I be putting a different
value other than the 6 digit OTP key?

Thanks in advance!

Just updated to 2.11.2, still no serial number. Is there a setting in
PrivacyIDEA that I need to enable in order to query?On Tuesday, May 3, 2016 at 12:33:11 PM UTC-5, Josh Patten wrote:

Tried passing URL
https://2fa.example.tld/token/getserial/XXXXXX?type=totp&assigned=1 (I
obviously obfuscated the hostname)

Replacing XXXXXX with a valid, working OTP key

Same result, no serial number returned.

Were there any known issues with this function in 2.10.2? If so I can
schedule an update to the latest version (I need to do that anyway…)

On Tuesday, May 3, 2016 at 12:11:08 PM UTC-5, Cornelius Kölbel wrote:

Please try to pass additional information

http://privacyidea.readthedocs.io/en/latest/modules/api/token.html#get--token-getserial-(otp)

assigned=1 or
assigned=0

and type=totp

Kind regards
Cornelius

Am Dienstag, den 03.05.2016, 08:03 -0700 schrieb Josh Patten:

Here’s a snippet of the python script I was working on to test this:

import requests
import json
import sys
import base64
from pprint import pprint
from requests.packages.urllib3.exceptions import
InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

payload2 = {
‘username’ : ‘admin’,
‘password’ : ‘LALALALALALALA’
}

authurl = 'https://2fa.example.tld/auth
tokenurl = 'https://2fa.example.tld/token/getserial
headers = {‘content-type’ : ‘application/json’}

response = requests.post(authurl, verify=False,
data=json.dumps(payload2), headers=headers).json()

if not response[‘result’][‘status’]:
print "You’re dumb, bad credentials…"
sys.exit(1)
token = response[‘result’][‘value’][‘token’]
authheader = {‘Authorization’ : token}
OTPKey = raw_input("Enter OTP value: ")
newURL = tokenurl + ‘/’ + str(OTPKey)
response = requests.get(newURL, verify=False,
headers=authheader).json()
pprint(response)

On Tuesday, May 3, 2016 at 9:10:25 AM UTC-5, Josh Patten wrote:
All,

    When I attempt to use the privacyidea 
    API /token/getserial/XXXXXX to check an totp OTP key I never 
    receive the serial number. I always receive None as the 
    serial. 
    
    
    Is there something I am missing here, should I be putting a 
    different value other than the 6 digit OTP key? 
    
    
    Thanks in advance! 


Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor
authentication please visit
https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit

https://groups.google.com/d/msgid/privacyidea/6ff99093-68f5-4a45-a8f8-149a7136079b%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel