Push service not working

[3ab...@gmail.com]

Hi All;

I made all requests to enable the push notifications, I already registered in the RCDev and had my user name and password for the trial and then past them in the servers.xml.

I made the policy to use the simple push notification, but am still have to enter the token number instead of the push.

what is missing and what should i do to resolve this matter.

[Yoann Traut (RCDevs)]

Hello, 

Could you show me the webadm logs for this authentication ? 

/opt/webadm/logs/webadm.log

Regards 

[Bilal AlAli]

Hi Yoann;

sure, it is clear in the log that the push = yes:

[2017-11-02 18:28:09] [192.168.0.99] [OpenOTP:FDPR9VZ6] New openotpSimpleLogin SOAP request
[2017-11-02 18:28:09] [192.168.0.99] [OpenOTP:FDPR9VZ6] > Username: the admin account
[2017-11-02 18:28:09] [192.168.0.99] [OpenOTP:FDPR9VZ6] > Domain: my domain.com
[2017-11-02 18:28:09] [192.168.0.99] [OpenOTP:FDPR9VZ6] > Password: xxxxxxxxxxxxxxxxxxxxxxxx
[2017-11-02 18:28:09] [192.168.0.99] [OpenOTP:FDPR9VZ6] > Client ID: push
[2017-11-02 18:28:09] [192.168.0.99] [OpenOTP:FDPR9VZ6] > Source IP: the client IP
[2017-11-02 18:28:09] [192.168.0.99] [OpenOTP:FDPR9VZ6] Enforcing client policy: push (matched client ID)
[2017-11-02 18:28:09] [192.168.0.99] [OpenOTP:FDPR9VZ6] Registered openotpSimpleLogin request
[2017-11-02 18:28:09] [192.168.0.99] [OpenOTP:FDPR9VZ6] Resolved LDAP user: CN=Administrator,CN=Users,DC=MushExch,DC=local (cached)
[2017-11-02 18:28:09] [192.168.0.99] [OpenOTP:FDPR9VZ6] Resolved LDAP groups: group policy creator owners,domain admins,enterprise admins,schema admins,denied rodc password replication group
[2017-11-02 18:28:09] [192.168.0.99] [OpenOTP:FDPR9VZ6] Started transaction lock for user
[2017-11-02 18:28:09] [192.168.0.99] [OpenOTP:FDPR9VZ6] Found user language: EN
[2017-11-02 18:28:09] [192.168.0.99] [OpenOTP:FDPR9VZ6] Found 2 user mobiles: 
[2017-11-02 18:28:09] [192.168.0.99] [OpenOTP:FDPR9VZ6] Found 1 user emails: the admin account @ mydomain.com
[2017-11-02 18:28:09] [192.168.0.99] [OpenOTP:FDPR9VZ6] Found 37 user settings: LoginMode=LDAPOTP,OTPType=TOKEN,OTPFallback=TOKEN,OTPLength=6,ChallengeMode=Yes,ChallengeTimeout=60,ChallengeLock=No,ChallengeFake=No,PushLogin=Yes,EnableLogin=Yes,AppKeyLength=20,HOTPLookAheadWindow=25,TOTPTimeStep=30,TOTPTimeOffsetWindow=120,MOTPTimeOffsetWindow=120,OCRASuite=OCRA-1:HOTP-SHA1-6:QN06-T1M,SMSType=Normal,SMSMode=Ondemand,MailMode=Ondemand,LastOTPTime=300,ListChallengeMode=ShowID
[2017-11-02 18:28:09] [192.168.0.99] [OpenOTP:FDPR9VZ6] Found 5 user data: LoginCount,RejectCount,TokenType,TokenKey,TokenState
[2017-11-02 18:28:09] [192.168.0.99] [OpenOTP:FDPR9VZ6] Found 1 registered OTP token (TOTP)
[2017-11-02 18:28:09] [192.168.0.99] [OpenOTP:FDPR9VZ6] Requested login factors: LDAP & OTP
[2017-11-02 18:28:09] [192.168.0.99] [OpenOTP:FDPR9VZ6] LDAP password Ok
[2017-11-02 18:28:09] [192.168.0.99] [OpenOTP:FDPR9VZ6] Challenge required
[2017-11-02 18:28:09] [192.168.0.99] [OpenOTP:FDPR9VZ6] Started OTP challenge session of ID YyNclx1w5zKjJNLy valid for 60 seconds
[2017-11-02 18:28:09] [192.168.0.99] [OpenOTP:FDPR9VZ6] Sent challenge response
[2017-11-02 18:28:16] [192.168.0.99] [OpenOTP:Z9OZYPQN] Enforcing client policy: push (matched client ID)
[2017-11-02 18:28:16] [192.168.0.99] [OpenOTP:FDPR9VZ6] New openotpChallenge SOAP request
[2017-11-02 18:28:16] [192.168.0.99] [OpenOTP:FDPR9VZ6] > Username: theadmin account
[2017-11-02 18:28:16] [192.168.0.99] [OpenOTP:FDPR9VZ6] > Domain: mydomain.com
[2017-11-02 18:28:16] [192.168.0.99] [OpenOTP:FDPR9VZ6] > Session: YyNclx1w5zKjJNLy
[2017-11-02 18:28:16] [192.168.0.99] [OpenOTP:FDPR9VZ6] > OTP Password: xxxxxx
[2017-11-02 18:28:16] [192.168.0.99] [OpenOTP:FDPR9VZ6] Registered openotpChallenge request
[2017-11-02 18:28:16] [192.168.0.99] [OpenOTP:FDPR9VZ6] Found challenge session started 2017-11-02 18:28:09
[2017-11-02 18:28:16] [192.168.0.99] [OpenOTP:FDPR9VZ6] Started transaction lock for user
[2017-11-02 18:28:16] [192.168.0.99] [OpenOTP:FDPR9VZ6] TOTP password Ok (token #1)
[2017-11-02 18:28:16] [192.168.0.99] [OpenOTP:FDPR9VZ6] Updated user data
[2017-11-02 18:28:16] [192.168.0.99] [OpenOTP:FDPR9VZ6] Sent success response

--
You received this message because you are subscribed to the Google Groups "RCDevs Security Solutions - Technical" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rcdevs-technical+unsubscribe@googlegroups.com.
To post to this group, send email to rcdevs-technical@googlegroups.com.
Visit this group at https://groups.google.com/group/rcdevs-technical.
For more options, visit https://groups.google.com/d/optout.

[Bilal AlAli]

please find servers.xml :

<!--

<PushServer name="Push Server"

        host="push.rcdevs.com"

        port="7000"

        user="TRIAL3472255475"

        password="3b86176afb46a8adec71"  />

       >

-->

what else i should do?

[Bilal AlAli]

in the test there is no push server status please see

Checking server connections. Please wait...

Connected LDAP server: Active Directory (192.168.0.14)

Connected SQL server: SQL Server (127.0.0.1)

Connected PKI server: PKI Server (localhost)

Connected Session server: Session Server (localhost)

[Yoann Traut (RCDevs)]

Hello Bilal

You should have something like that in your logs : 

[2017-10-31 17:26:52] [192.168.3.50] [OpenOTP:M2QDFMZU] New openotpSimpleLogin SOAP request
[2017-10-31 17:26:52] [192.168.3.50] [OpenOTP:M2QDFMZU] > Username: administrateur
[2017-10-31 17:26:52] [192.168.3.50] [OpenOTP:M2QDFMZU] > Domain: yorcdevs.com
[2017-10-31 17:26:52] [192.168.3.50] [OpenOTP:M2QDFMZU] > Password: xxxxxxxx
[2017-10-31 17:26:52] [192.168.3.50] [OpenOTP:M2QDFMZU] > Source IP: 192.168.3.50
[2017-10-31 17:26:52] [192.168.3.50] [OpenOTP:M2QDFMZU] Registered openotpSimpleLogin request
[2017-10-31 17:26:52] [192.168.3.50] [OpenOTP:M2QDFMZU] Resolved LDAP user: CN=Administrateur,CN=Users,DC=yorcdevs,DC=com (cached)
[2017-10-31 17:26:52] [192.168.3.50] [OpenOTP:M2QDFMZU] Resolved LDAP groups: propri\xc3\xa9taires cr\xc3\xa9ateurs de la strat\xc3\xa9gie de groupe,admins du domaine,administrateurs de l\xe2\x80\x99entreprise,administrateurs du sch\xc3\xa9ma,administrateurs,utilisateurs du bureau \xc3\xa0 distance,groupe de r\xc3\xa9plication dont le mot de passe rodc est refus\xc3\xa9
[2017-10-31 17:26:52] [192.168.3.50] [OpenOTP:M2QDFMZU] Using SQL server 'YO_SQL2'
[2017-10-31 17:26:52] [192.168.3.50] [OpenOTP:M2QDFMZU] Started transaction lock for user
[2017-10-31 17:26:52] [192.168.3.50] [OpenOTP:M2QDFMZU] Found user language: EN
[2017-10-31 17:26:52] [192.168.3.50] [OpenOTP:M2QDFMZU] Found 1 user mobiles: +xxxxxxxxx
[2017-10-31 17:26:52] [192.168.3.50] [OpenOTP:M2QDFMZU] Found 1 user emails: xxxxx...@xxxxx.com
[2017-10-31 17:26:52] [192.168.3.50] [OpenOTP:M2QDFMZU] Found 3 user certificates
[2017-10-31 17:26:52] [192.168.3.50] [OpenOTP:M2QDFMZU] Found 37 user settings: LoginMode=LDAPOTP,OTPType=TOKEN,OTPLength=6,ChallengeMode=Yes,ChallengeTimeout=90,PushLogin=Yes,EnableLogin=Yes,AppKeyLength=10,HOTPLookAheadWindow=25,TOTPTimeStep=30,TOTPTimeOffsetWindow=120,MOTPTimeOffsetWindow=120,OCRASuite=OCRA-1:HOTP-SHA1-6:QN06-T1M,SMSType=Normal,SMSMode=Ondemand,MailMode=Ondemand,LastOTPTime=300,ListChallengeMode=ShowID
[2017-10-31 17:26:52] [192.168.3.50] [OpenOTP:M2QDFMZU] Found 14 user data: LoginCount,RejectCount,OTPPrefix,TokenType,TokenKey,TokenState,TokenID,Token2Type,Token2Key,Token2State,Token2ID,Device1Name,Device1Data,Device1State
[2017-10-31 17:26:52] [192.168.3.50] [OpenOTP:M2QDFMZU] Found 2 registered OTP tokens (TOTP,YUBIKEY)
[2017-10-31 17:26:52] [192.168.3.50] [OpenOTP:M2QDFMZU] Requested login factors: LDAP & OTP
[2017-10-31 17:26:52] [192.168.3.50] [OpenOTP:M2QDFMZU] LDAP password Ok
[2017-10-31 17:26:52] [192.168.3.50] [OpenOTP:M2QDFMZU] Challenge required
[2017-10-31 17:26:52] [192.168.3.50] [OpenOTP:M2QDFMZU] Sent push notification for token #1
[2017-10-31 17:26:52] [192.168.3.50] [OpenOTP:M2QDFMZU] Waiting 27 seconds for mobile push response
[2017-10-31 17:26:54] [192.168.3.56] [OpenOTP:GZ4Y97O3] Received mobile request (authentication)
[2017-10-31 17:26:54] [192.168.3.56] [OpenOTP:GZ4Y97O3] > Session: HX6NFtfVDCyWvzSD
[2017-10-31 17:26:54] [192.168.3.56] [OpenOTP:GZ4Y97O3] > Encoded OTP Password: xxxxxx
[2017-10-31 17:26:54] [192.168.3.56] [OpenOTP:M2QDFMZU] Found challenge session started 2017-10-31 17:26:52
[2017-10-31 17:26:55] [192.168.3.50] [OpenOTP:M2QDFMZU] PUSH password Ok (token #1)
[2017-10-31 17:26:55] [192.168.3.50] [OpenOTP:M2QDFMZU] Updated user data

[2017-10-31 17:26:55] [192.168.3.50] [OpenOTP:M2QDFMZU] Sent success response

Are you sure about your client policy ? Could you show me the detail of your client policy please ? 

Cloud also check the token enrolled on your account ? Go on WebADM GUI, click on your user on the left tree, in application actions click on MFA authentication Server, Register/Unregister OTP Tokens. 

You should see your token enrolled. Can you see on your token "TOTP & PUSH" ? 

Regards 

[Yoann Traut]

In servers.xml : 

replace that : 

<!--

<PushServer name="Push Server"

        host="push.rcdevs.com"

        port="7000"

        user="TRIAL3472255475"

        password="3b86176afb46a8adec71"  />

       >

-->

By : 

<PushServer name="Push Server"

        host="push.rcdevs.com"

        port="7000"

        user="TRIAL3472255475"

        password="3b86176afb46a8adec71"  />

Regards 

To unsubscribe from this group and stop receiving emails from it, send an email to rcdevs-technic...@googlegroups.com.
To post to this group, send email to rcdevs-t...@googlegroups.com.

[Bilal AlAli]

Hi, I replaced it. still!   please look at the attached files

as i told you, the servers test does not show the push server check  !!

[Ibrahim MESLEM (RCDevs)]

    1. Please send us the test screenshot (not found in the previous message) and screen shot of your server.xml (push server part only)

2. Can you please check that you have enabled the push service under Application/Authentication as bellow

 

 

And after this try to register new token.

and let us see what you got.

Regards.

[Bilal AlAli]

please find all, what is missing ?

--

[Ibrahim MESLEM (RCDevs)]

Your push server config is commented you have to remove <!--     --> which is around.

[Bilal AlAli]

please find also the servers.xml

On Thu, Nov 2, 2017 at 8:13 PM, Bilal AlAli <belal...@gmail.com> wrote:

please find all, what is missing ?

[Bilal AlAli]

yessssssss , now what should i do

On Thu, Nov 2, 2017 at 8:16 PM, Ibrahim MESLEM (RCDevs) <ibrahim.me...@gmail.com> wrote:

Your push server config is commented you have to remove <!--     --> which is around.

--

[Bilal AlAli]

the test show rcde server push now, but am still not having the push on my phone, only the token number when i login ??

On Thu, Nov 2, 2017 at 8:21 PM, Bilal AlAli <belal...@gmail.com> wrote:

yessssssss , now what should i do

[Ibrahim MESLEM (RCDevs)]

You have to register a new token.

 

[Bilal AlAli]

you mean the old one will not work  ?

On Thu, Nov 2, 2017 at 8:24 PM, Ibrahim MESLEM (RCDevs) <ibrahim.me...@gmail.com> wrote:

You have to register a new token.

 

--

[Bilal AlAli]

i did it yaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa so many thanks

On Thu, Nov 2, 2017 at 8:24 PM, Bilal AlAli <belal...@gmail.com> wrote:

you mean the old one will not work  ?

[Bilal AlAli]

another question, after installing the windows pluggin, i tried to access another outside the network but i show the rcdev and the welcome message for the other pc. i can't go outside the pc ?

[Bilal AlAli]

am trying to make another RDP from the PC which has the RCDEV plugin installed, but i can't ! it show RCDEV icon and the welcome screen on the remote desktop am trying to access

[Bilal AlAli]

also why i don't have sound notification for the rcdev mobile appp ?