Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 27 subscribers
  • Views 1735 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OTP enabled - user can no longer login to userportal

LHerzog

at a remote location I tested with OTP today on a XG106 SFOS 18.0.6 MR-6-Build655

first tested with domain user which was not working as described below.

then tested with local user on XG which did not work either.

1. confirmed, I can login to userportal. OK

2. enabled OTP and enforced it only for the user:

3. tested if user can login to userportal to create otp password with his token generator

login fails

4. if I remove the user from "OTP required for these users and groups", login to userportal works again

The test user has a complex password with 18 characters. Also doesn't work with short passwords.



This thread was automatically locked due to age.
Parents
  • 0

    Seems like the OTP is not correct. 

    Check the access_server Log on the CLI or check the time date of OTP. Also check the time of the device. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    from my understanding before OTP is configured for the user, the user needs to log into userportal and scan the QR code there.

    problem here: he cannot get to the portal to do that

    time is correct


    MESSAGE   Dec 20 15:42:52.109171 [OTP_AUTH]: (otp_handle_complete_password_success_request): REJECT4 for user testuserotp (user didn't use OTP, auto-creation of tokens is not enabled)
    ERROR     Dec 20 15:42:52.109253 [access_server]: check_auth_result: VPN/SSLVPN/MYACC Authentication Failed

  • +1 in reply to LHerzog

    If you disable auto-creation, they cannot create the OTP token. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LHerzog

    MESSAGE   Dec 20 16:22:15.234791 [OTP_AUTH]: (otp_handle_complete_password_success_request): Will present QR-Code in User Portal UI1 to user testuserotp for scanning

    it's working with the sophos authenticator app. we're testing also the yellow REINER SCT TOTP G1 token generators. when scanning the QR code with it, it's not generating a new entry just skips over to an existing account. do you know something about that?

Reply
  • 0 in reply to LHerzog

    MESSAGE   Dec 20 16:22:15.234791 [OTP_AUTH]: (otp_handle_complete_password_success_request): Will present QR-Code in User Portal UI1 to user testuserotp for scanning

    it's working with the sophos authenticator app. we're testing also the yellow REINER SCT TOTP G1 token generators. when scanning the QR code with it, it's not generating a new entry just skips over to an existing account. do you know something about that?

Children
Cookie Information Banner