SMS Token - Proxy / websms.de support
111 views
Skip to first unread message
sh...@shade.sh
Oct 19, 2015, 9:55:53 AM10/19/15
to privacyidea
Hey Guys,
me again.. SMS Token configuration works now. But it seems that with this config:
{ "URL" : "https://api.websms.com/rest/smsmessaging/simple",
"PARAMETER" : {
"access_token":"1234567890",
"test":"false"
},
"SMS_PHONENUMBER_KEY":"recipientAddressList",
"SMS_TEXT_KEY":"messageContent",
"HTTP_Method":"GET",
"PROXY":"http://192.168.1.11:3128",
"RETURN_SUCCESS":"OK"
}
the proxy isn't working at all. Because there is no connection made to the proxy from our PrivacyIDEA host.
I test it with a radius client and i get "Reply-Message = "wrong otp pin"", which is correct because i only sent the OTP Pin but no OTP itself.
The user has a valid sms token assiged. I also testet the websms.de syntax it via a simple GET request with curl directly and the sms arrived on my mobile.
This URL works on the shell via curl: https://api.websms.com/rest/smsmessaging/simple?access_token=1234567890&recipientAddressList=49160123467&messageContent=hello%20world!&test=false
Thanks for your help!
Wolfgang
Joost Vaarhorst
Oct 19, 2015, 9:59:46 AM10/19/15
to privacyidea
I have exactly the same problem with my own SMS gateway and on Centos 7.
I've followed the instructions on:
https://www.privacyidea.org/two-factor-authentication-with-otp-on-centos-7/
And I've created several different policies like:
"otppin": "userstore"
"smsautosend": true
"smsautosend": true
Etc.
Op maandag 19 oktober 2015 15:55:53 UTC+2 schreef sh...@shade.sh:
Cornelius Kölbel
Oct 19, 2015, 12:24:32 PM10/19/15
to priva...@googlegroups.com
Hi,
you can also use privacyIDEA API to test this.
Call
https://yourserver/validate/check?user=youruser&pass=otppin
The you get "wrong otp pin", you probably have entered the wrong otp
pin.
In the response of the API call you will see a detail->message, which
will tell you, if the SMS was send (in fact if the http-url could be
called).
The correct OTP PIN triggers the sending of the SMS. If - for what
reason ever - the otppin is wrong, the SMS will not be triggered.
I suspect it is a similar problem like with the email token.
The SMS token is always a challenge response token, but it is inherited
from the hotptoken, which can act as challenge response.
Please try creating a policy
scope:authentication
action:challenge_response=sms
Drop me a note, if this triggers the SMS.
THanks a lot and kind regards
Cornelius
> --
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/10fb578e-9686-4ecc-8c84-fcbb3677f574%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
you can also use privacyIDEA API to test this.
Call
https://yourserver/validate/check?user=youruser&pass=otppin
The you get "wrong otp pin", you probably have entered the wrong otp
pin.
In the response of the API call you will see a detail->message, which
will tell you, if the SMS was send (in fact if the http-url could be
called).
The correct OTP PIN triggers the sending of the SMS. If - for what
reason ever - the otppin is wrong, the SMS will not be triggered.
I suspect it is a similar problem like with the email token.
The SMS token is always a challenge response token, but it is inherited
from the hotptoken, which can act as challenge response.
Please try creating a policy
scope:authentication
action:challenge_response=sms
Drop me a note, if this triggers the SMS.
THanks a lot and kind regards
Cornelius
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/10fb578e-9686-4ecc-8c84-fcbb3677f574%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
Joost Vaarhorst
Oct 20, 2015, 2:49:51 AM10/20/15
to privacyidea
I can succesfully authentice with the following policy:
"challenge_response": "sms"
"otppin": "tokenpin"
Now the pincode activates sending a sms and de pincode with the sms response will succesfully authentice me.
Thanks
Op maandag 19 oktober 2015 18:24:32 UTC+2 schreef Cornelinux K:
Cornelius Kölbel
Oct 20, 2015, 5:29:09 AM10/20/15
to priva...@googlegroups.com
Thanks for the feedback.
I will create an issue - since the sms token should do chalresp without
this policy.
Kind regards
Cornelius
> https://groups.google.com/d/msgid/privacyidea/5d3c2c15-d09d-4a2b-90a5-86dbbe6f76a7%40googlegroups.com.
I will create an issue - since the sms token should do chalresp without
this policy.
Kind regards
Cornelius
Reply all
Reply to author
Forward
0 new messages