TOTP Problem

[Adrian Wilson]

I've just discovered PrivacyIdea and am impressed as far as I have seen however I am stuck. I carried out a clean install on an Ubuntu 14.04.3 LTS VM as follows:

apt-get install nginx-full

add-apt-repository ppa:privacyidea/privacyidea

apt-get update

apt-get install python-privacyidea privacyideaadm

apt-get install privacyidea-nginx

If I then run this command I get an error:

pi-manage admin add admin admin@localhost

So instead I run this command which works:

pi-manage admin add admin@localhost

I am then able to login to the PrivacyIdea web interface.

I have been able to add users from AD using LDAP and these users can login using their AD accounts. I am able to enrol a HOTP token (Google Authenticator on a phone) and this test correctly. I am also able to enrol a TOTP token but this fails with the error "wrong OTP". I've checked that I am using SHA1, length 6 and 60 seconds. I've also checked time is correct (with NTP).

I've noticed that I can make changes to the HOTP Token settings (save button is blue and functional). However TOTP Token settings has a grey save button and is not functional. (In fact all options apart from HOTP Token settings have a grey save button which is not functional.)

I'm sure I've missed something obvious. But it is not obvious to me. A pointer in the right direction would be much appreciated!

[Cornelius Kölbel]

Hi Adrian,

I am glad to hear you like it.

Am Mittwoch, den 09.12.2015, 14:44 -0800 schrieb Adrian Wilson:
> I've just discovered PrivacyIdea and am impressed as far as I have
> seen however I am stuck. I carried out a clean install on an Ubuntu
> 14.04.3 LTS VM as follows:
>
>
> apt-get install nginx-full
> add-apt-repository ppa:privacyidea/privacyidea
> apt-get update
> apt-get install python-privacyidea privacyideaadm
> apt-get install privacyidea-nginx
>
>
> If I then run this command I get an error:
>
>
> pi-manage admin add admin admin@localhost
>
>
> So instead I run this command which works:
>
>
> pi-manage admin add admin@localhost
>
>
> I am then able to login to the PrivacyIdea web interface.
>
>
> I have been able to add users from AD using LDAP and these users can
> login using their AD accounts. I am able to enrol a HOTP token (Google
> Authenticator on a phone) and this test correctly. I am also able to
> enrol a TOTP token but this fails with the error "wrong OTP". I've
> checked that I am using SHA1, length 6 and 60 seconds. I've also
> checked time is correct (with NTP).

Afaik the Google Authenticator usually does 30 seconds.
I think there are some GA implementations, which ignore (or ignored) the
timestep setting during enrollment. Thus, choosing 30 seconds is safer.

>
> I've noticed that I can make changes to the HOTP Token settings (save
> button is blue and functional). However TOTP Token settings has a grey
> save button and is not functional. (In fact all options apart from
> HOTP Token settings have a grey save button which is not functional.)

You can only save the TOTP token settings, when you filled out all
fields.

Kind regards
Cornelius

>
>
> I'm sure I've missed something obvious. But it is not obvious to me. A
> pointer in the right direction would be much appreciated!

> --
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/8c356bbe-6a11-4aa3-8604-65f007660872%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel