Wrong mapped token while using multiple realms/resolver

Hi Cornelius,
I’m a little bit confused. I read your manual and implemented your hints.

I’m not sure if the following phenomenon is a bug or a issue by user.

User resolver:

name type

1 otrsdb mysql/otrsdb
2 ldapdomain ldap

realm:

name resolver

1 otrs otrsdb <- default
2 musterkunde.de ldapdomain

User:
Both resolver contain the user “M.Mustermann”.

I configured a policy for the user self service to enroll the TOTP.

When I login with M.Mustermann@musterkunde.de (user@realm) and the LDAP
password I can enroll the token successfully.

But when I login into PI with my admin-account, I can see that the token is
mapped to the otrs-realm and not the the musterkunde.de.

Ok - so I’ll set up a new enviroment for further test. Maybe I can
reproduce this on an other VM with an other installation.

The post-data are all okay - there is the right realm.

  1. {timestep: 30, otplen: 6, genkey: true, type: “totp”, hashlib:
    “sha1”, pin: “1234”, user: “m.mustermann”,…}
  2. genkey: true
    2. hashlib: "sha1"
    3. otplen: 6
    4. pin: "1234"
    5. realm: "musterkunde.de"
    6. timestep: 30
    7. type: "totp"
    8. user: “m.mustermann”

But the response when I add the policy that the realm should be displayed
in the label I’ll see the realm of the OTRSSQL

Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9wZ3Atc2lnbmF0dXJlOyBuYW1lPSJzaWduYXR1cmUu
YXNjIg0KQ29udGVudC1EZXNjcmlwdGlvbjogT3BlblBHUCBkaWdpdGFsIHNpZ25hdHVyZQ0KQ29u
dGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9InNpZ25hdHVyZS5hc2MiDQoN
Ci0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tDQpWZXJzaW9uOiBHbnVQRyB2MQ0KDQppUUlj
QkFFQkFnQUdCUUpWU0xzRUFBb0pFQkJoWkZVdWpZRko3Wk1RQUlWTi9SMHVGRGFZSS9LeDI5K0RM
VVdnDQoyNnlVaHlMRHU2YVczWkpyQ3E5bmlMVm85MmdvVzJMOWFMRldSaCtiT1lGWlQ3TUVldUxC
a0o5VC9DdzFhN000DQpicmtuQXFwdm1SMVBZZS8wbjNITDU3a3ZDOEpBTGJSVHBaMjczZGxFQzA2
MmpEZ1FIeDN1NS9SSit3WDVlcitYDQo1T2NkM2g5UndvdTF6TEV6TnBxUHBCY0Q3b2l6bzhIVjk1
L0RPWTFZZ09MTTRXZWtSQlhQaFAySStkSlNxTjBIDQpmc1p1dnZReWxXSVRNTlk2U2MxeG15Nmhh
dXBiWTJIMHZyVjI1MUs0M3ZEMHNIOThrZzhvWnpKZ2pjbjUrVUdxDQoxdUpsR1MyTHNHMUI0Z25Z
c0JmQzZHeWdDSElhUFhVL0I0Q3pqcncycThUa3U0MW5LbnRuUUwyL25EYzIyWnE5DQpiaW5kRDJI
Qnp3YXRoakV0eFhqcDR5YXhsazVVUS9mdlhJSW9NNHMrVURROE02UC8zTTJhc21wUUhGMjNjTmND
DQpVQWQ5UGwvK05wdFhmM0FCMU5FYXpqaGhCYzM2UkUxeFNiNWpDdlJObkFXQjlvSmZKOG9kUXFw
akpkN2VsbUhLDQplSmZJc0ladGZtcWRqM1lmeDhUb1oyTFFzYys2dGc5VzBNMHFQOFErU25ZaHBw
TkFWUXBSdHdOU005dWxZaXVWDQpmQ2NxQnFVK1lvSnNjSDNtWFd4UFNtNElCWXhVYnYvdG9BYzBP
d1hHTnZOb1NhUkVhMzAvMHhoU3hOTDV5S0cxDQp1SFJLVUVRWFFRSUl2SnNjL21DeVNEd0pnYUpV
UWI1dXV1QWdpV1VhTUlPRnMyLzVVQll0UlN4dGNJMlBpR0dSDQo4RTkrV0NHS2tKaHVScE9sN3pu
VA0KPUwrTkQNCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K

Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9wZ3Atc2lnbmF0dXJlOyBuYW1lPSJzaWduYXR1cmUu
YXNjIg0KQ29udGVudC1EZXNjcmlwdGlvbjogT3BlblBHUCBkaWdpdGFsIHNpZ25hdHVyZQ0KQ29u
dGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9InNpZ25hdHVyZS5hc2MiDQoN
Ci0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tDQpWZXJzaW9uOiBHbnVQRyB2MQ0KDQppUUlj
QkFFQkFnQUdCUUpWU0x2dkFBb0pFQkJoWkZVdWpZRkp2OThQL0EvSGdVY3p5RWhKY2g3eGhJKzFW
NWRMDQpuSFpIeXdEWnhvamNselNWQ0U5WTRpVm0yUUQ0azRsSGNGT3RDZFNvV2E1Z3dpTlZGTklo
YUVaMzFGMG1WbWp1DQpNWnc2Ti83MzR3U3dpVTFoU01PWDMzblRyVHp2bWFOSWFWeHRqQnBMMXVD
RXVJUXRGZXF1Y1NjekI3YlBZazNUDQpObjMzWHh3Wk92S0dhR2o0dWpwUlVBeTFWVkxielp6WExn
Q2xnT1FFWUI4WlE5VmdmMTNKT1lIYXZCYk90dGJzDQpDbTNXNGNlNlhaeUxyVDh1NzVpR090NEQz
VEN0ZXVQV2UzZHlQNEFITjg3MFpMUU1iczM5K1pzb1VLYzdJZW9YDQpQNStYVEQxL1VhMmhUdDV2
am9VQ2ZScnVqRkgzM2lRazVTZ0pydlJuZVZIZm90Q0dJNjFCM1ZwYUJ6Q0VKb29tDQpXRzh4UWtm
YXh5b0VFajQ5Mnh5eW1HRWxIODlkdUNndFBYVXR4Q0hjN3hFODFsb256ck81V0lNcVlpWFpJdkNB
DQpVVXh4QkxhTUdiVUFhMEJmTDVzcXVMbTA2cHR6MVFzWUhYcXBsSnZkajhqQjdKTExZNmRwOUxB
VE9KdEhoSWdGDQpOMDMzeHNlaWU2RlA0ZTZ6M3U2bUFrZ0UzNy9FVzJDRnBPdzR6WjhNWVhZeGVY
RkJXK0dENjVSMkd3eVRuVmNFDQpNNzZybTFXdUJuaXR0aXY0Tk9qZlBnMlBYWXJNdE8za2JqRzRX
aDAvRFhFc2Z3TjlzSjR3Smh1eVZBNmxoa1hLDQpoMWdac3dpbmNxb1JETGVDejRnd09WS0VkZ1Rt
QXVMbVFvOFEvSmQwQW9vSmNka1hWc1R1ZnVxcTBNTnBVaHc2DQo4MVEvdGliV09jSzk0RjFnRWZv
Qw0KPTJHeC8NCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K

btw - when I’m logged in with my LDAP-User I can the tokens of the
otrssql-realm :frowning:

Hi Cornelius,
the box shows the correct realm.

Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9wZ3Atc2lnbmF0dXJlOyBuYW1lPSJzaWduYXR1cmUu
YXNjIg0KQ29udGVudC1EZXNjcmlwdGlvbjogT3BlblBHUCBkaWdpdGFsIHNpZ25hdHVyZQ0KQ29u
dGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9InNpZ25hdHVyZS5hc2MiDQoN
Ci0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tDQpWZXJzaW9uOiBHbnVQRyB2MQ0KDQppUUlj
QkFFQkFnQUdCUUpWU05QVkFBb0pFQkJoWkZVdWpZRkpNM0FQL2paQU5zNklZZVo2eFh5Nm9qWWVo
UjkxDQpNNkVlRFJnK3NPL3hRMVVJWDdWZSt6RHg3eUJmcWt2UW5rQlBoVk1uWGNoSmJ0a2dQc1o3
cEV6UExkY3BNdkpYDQpGYjA2SjQvcVVmUGRyT090R29PTGxVa1VqcmdNSU1vTmVGdUE1ZG9obnJP
TlpyeGNCVEgwa0t3enVLcUw2ZS9qDQpoQTNEc3VDZ2FTRGR1WTNDbjdEMWlXZ2JqeC96Z1g0czNE
K0hlZnpjVHhFUW9IWFBpVldwWEFFOHJ3TzdpRmgrDQpSYTlsdWxIV3QxaTViZjRaeDcra3NCMjY4
bHdLaXpybGFXaXUwc0FobTNGcXhpMmJmNkNkaW5RUWJ4RFp6ZXlPDQpFNnZEM2dBdGFjUlpMekRE
Sm9SRCthNHNSLzRkcStacGp4cVJUTHdiUFhHZE9WeXZjUGJmWFljQjZkdklUazZ6DQp4cnJxQXI1
WkxzRXc3WFZKaGQ3Rm80Zzd3cUowblZnZURCd0E1S3NNVDJOWVdReUJQelNNTEhUVnNLbzNMY2Yr
DQozeXV6cUZoZENqc2VVaWRyYzVlWXA3cTdUQ28yelhqeWp4Mnp2bGRWa3VXZW5vVWI5bTRJQXdG
cjFyZXIwdkc2DQpkNHZIN3ZKRk1Pb3FGR2tSN1J4ZHJHclBkSW9reEdubXIyanJ0Mm12UitJaTI3
dHEwODQzSzllMzFzQ1NEbm9SDQp2b05RQzRQbUlSTWpDMHN0dkxicUNFYVlrTjFPbFRERmFvdGQz
NDJuL01PQjYxak5naUJYcFRyMHdSampoZ252DQpFVTFqTi9JaWhNS2F2SHA1MEFTdGhqQzlBUjFB
VEVrT25GQXRLK1dhYlFqeXZpM25QSnhqOXVhVU5JY01hZkRGDQp1b216bE4yZ2RwTjJ6a3I1S1VS
MQ0KPW5rQWINCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K