7:47 a.m.
Dear all,
We are running into a weird problem i.e., updates to OTP policy does not reflect at google
authenticator app. We wonder is there any special instructions needed to get this
working.
A sequence of steps :
1) create realm, create user
2) enable OTP
3) login with the newly created user
4) system asks you to configure OTP
5) update OTP policy such as number of digits from 6 to 8
6) try login again
7) system asks you to enter OTP but authentication fails
We expect the system should route the user to configure OTP page rather than prompting to
enter OTP which anyways fails.
Your response is highly appreciated !!!
Thanks in advance
Regards
Krishna Kumar Akurathi
1:22 a.m.
I am not sure if we check the current OTP policy of user and take it
into account instead of the default realm OTP policy. For password, we
are doing it (password hashing algorithm is saved together with user's
password. When realm password hashing policy is changed, then user's
password is still verified against the old algorithm during first
authentication of that user after the realm policy is changed. And then
password is updated in DB with the new algorithm).
Feel free to create JIRA with steps to reproduce. I think we can improve
for OTP and ask user to configure new OTP after the change. Not sure if
this should be configurable or not, I can see some potential security
implications of it.
Marek
On 30/09/17 14:47, forums.akurathi(a)gmail.com wrote:
Dear all,
We are running into a weird problem i.e., updates to OTP policy does not reflect at
google authenticator app. We wonder is there any special instructions needed to get this
working.
A sequence of steps :
1) create realm, create user
2) enable OTP
3) login with the newly created user
4) system asks you to configure OTP
5) update OTP policy such as number of digits from 6 to 8
6) try login again
7) system asks you to enter OTP but authentication fails
We expect the system should route the user to configure OTP page rather than prompting to
enter OTP which anyways fails.
Your response is highly appreciated !!!
Thanks in advance
Regards
Krishna Kumar Akurathi
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3:36 a.m.
New subject: Fwd: OTP Policy updates not reflects in Google Authenticator
Hi Sitan,
I am not sure the rationale behind that my question didn’t receive any response though
it’s posted more than a month ago.
I am hoping you could be of some help with a problem that we are having with key cloak
OTP changes not reflects in Google Authenticator.
Please review aforementioned issue description and do the needful.
Appreciate your quick response on this.
Thanks & Regards
Krishna Kumar Akurathi
On Saturday, September 30, 2017, forums.akurathi forums.akurathi(a)gmail.com wrote:
Dear all,
We are running into a weird problem i.e., updates to OTP policy does not reflect at google
authenticator app. We wonder is there any special instructions needed to get this
working.
A sequence of steps :
1) create realm, create user
2) enable OTP
3) login with the newly created user
4) system asks you to configure OTP
5) update OTP policy such as number of digits from 6 to 8
6) try login again
7) system asks you to enter OTP but authentication fails
We expect the system should route the user to configure OTP page rather than prompting to
enter OTP which anyways fails.
Your response is highly appreciated !!!
Thanks in advance
Regards
Krishna Kumar Akurathi
2617
days inactive
2662
days old
2 comments
2 participants
participants (2)
-
forums.akurathi@gmail.com -
Marek Posolda