I configured TOTP to run with LDAP proxy authentication.Everything was working wel until two days ago. One of the users was unable to authenticate and got this error (see below):
[2020-03-10 08:30:39,961][31771][139844622030592][ERROR][privacyidea.lib.auditmodules.sqlaudit:241] DATA: {‘info’: ‘wrong otp value’, ‘realm’: u’com1’, ‘tokentype’: None, ‘success’: False, ‘privacyidea_server’: ‘127.0.0.1’, ‘client_user_agent’: None, ‘client’: ‘127.0.0.1’, ‘user’: u’ellen’, ‘resolver’: u’COM1’, ‘action_detail’: ‘’, ‘action’: ‘POST /validate/check’, ‘serial’: None}
Those are the TOTP token settings:
Default Time Step: 30
Time Window: 180
Default time shift: 0
Hash: sha1
The only thing i noticed was that the timeshift was 300. I solved this issue with removing the token and enrolling a new one
[2020-03-10 08:50:58,308][31771][139844571674368][ERROR][privacyidea.lib.auditmodules.sqlaudit:241] DATA: {‘info’: ‘matching 1 tokens’, ‘realm’: u’com1’, ‘tokentype’: u’totp’, ‘success’: True, ‘privacyidea_server’: ‘127.0.0.1’, ‘client_user_agent’: None, ‘client’: ‘127.0.0.1’, ‘user’: u’ellen’, ‘resolver’: u’COM1’, ‘action_detail’: ‘’, ‘action’: ‘POST /validate/check’, ‘serial’: u’TOTP004116E1’}