Sophos Connect 2.0 and SSL Provisioning File

Question

Identified a bug of somekind here but could use some support/confirmation. 
 
 When using the VPN portal with the OTP enabled, the SSL VPN connection needs an OTP even when the provisioning file is set to false for this setting. The first login fails but subsequent logins without the OTP works added to the password. This is really confusing as it doesn't indicate to the users that the OTP is required on first login and the error message is just that of the credentials being invalid.

FormerMember · Accepted Answer

Hi jt86 , 
 I tried to replicate this in my test environment and it appears that I do not see the same behavior as you described. 
 When you enable OTP for User Portal but did not enable OTP in Connect Client, user authentication will fail with the following logline on XG: 
 MESSAGE Nov 10 02:55:57 [OTP_AUTH]: (otp_handle_complete_password_success_request): REJECT6 for user h_patel ( user should have used OTP but didn't do it, didn't use User Portal, had unused tokens) INFO Nov 10 03:05:23 [access_server]: (check_auth_result): OTP authentication with short password failed for user h_patel, will retry with complete password DEBUG Nov 10 03:05:23 [POSTGRES_DB]: (pg_db_process_prepq_async): param_value[4]: 'h_patel' 
 Note: You can see these logs when you put the access_server service in debug. 
 The subsequent logins do not work as you described. I was not able to download the provisioning file without first setting up OTP for the user. 
 
 Thanks,

Sophos Connect 2.0 and SSL Provisioning File

Top Replies