Comments (10)
Hi,
I will test today, but no changes with the previous version.
Verify, that the thumprint is OK in the security options.
If you change the security mode RNG-RSA or CUSTOM, All the existing users keys became invalid. each user must rescan the QR-Code with a new Key.
You can revert to RNG and see if your users are loging as well.
Regards
from adfsmfa.
I didn't change the mode, it was on RSA before the upgrade, but will test with RNG to see what happens.
Just a note. The thumbprint looks good, but when I go to security options the "side-bat" is not green. I didn't run Install-MFACertificate after the upgrade, because that will generate a new certificate and make all current keys invalid, right?
from adfsmfa.
Hi,
Have you test before with a "Maximum Key lenght" with 2048 bytes ?
Many of devices cannot scan this huge QR-Code.
In my configuration i am using 1024.
This do change the security level, because all the whole key is checked on validation. but limiting the display size, allow the majority of devices to scan the QR without problems.
So, stay connected, i will test this afternoon.
Thanks very much !
Regards
from adfsmfa.
Yes, we used 2048 before, so didn't change that.
But that is good information. Would you say it is better to go for 1024 for compatibility reasons?
from adfsmfa.
Hi,
Yes, it should be better to use 2048 bytes, but many phones (not the last at 1000$) could not scan the code.
So, if you have'nt recent phones in organization, 1024 should be the best.
But i can ensure you, when verification is made after entering the TOTPCode, we are checking the effective user with the whole Key (2048 sha256).
I check you problem this PM
Regards
from adfsmfa.
Encryption, is always done with all the whole length of key ! aka : 2048 Bytes
Regards
from adfsmfa.
Tested a little bit more with re-register the MFA adapter and generate a new RSA certificate.
It seems like that does not work either when I set Hash Algorithm to SH2A56. Set to SHA1 works fine, but when I set it to SAH256 the verification after scanning the QR code does not pass (I always remove and re-add user after changing Hash Algorithm). Maybe that is related to this issue to?
from adfsmfa.
Hi,
SHA256 hash algo is not supported by the majority of OTP apps. Only Auty app is supporting it.
See discussion : #7
Cdt
from adfsmfa.
Hi, @anorstrom
Yes, It's a bug ! Thank you !
We made a mistake, we have removed iteration in hash mode when validating the QRCode.
So, we have made tests with RNG, RSA and custom with key len of 1024 and 2048 bytes. We also checked with hash mode SHA1 and SHA256.
We push a new install tonight, and source code with other evolutions tomorrow.
Best regards
redhook
from adfsmfa.
Super, thank you!
from adfsmfa.
Related Issues (20)
- Error: The referenced component 'Microsoft.IdentityServer.Aad.Sas' could not be found HOT 3
- Error: the type or namespace 'Public' does not exist in Microsoft.IdentityServer HOT 2
- MFA fails to retrieve security descriptors - causes error "must be executed with ADFS administration rights granted" HOT 10
- Missing servers in GUI HOT 3
- Temporary error upon first time TOTP registration HOT 6
- Error decrypting - Crytographic error for user HOT 6
- MFA Registration Error HOT 9
- MFA registration error HOT 4
- MFA Self registration error HOT 1
- Login error HOT 7
- Self-registration for MFA was denied. HOT 2
- Adfs wap issue HOT 34
- MFA Login is denied - Password expired HOT 2
- Disable automatic User Import HOT 11
- Fresh install breaks ADFS completely (adfssrv fails to start: error code 1067) HOT 9
- Prevent forrest wide User Lookup? (MMC and cmdlet long loading time) HOT 2
- MFA Not working on clustered ADFS with MDA HOT 5
- Unable to update e-mail Templates HOT 2
- Issue sending email - requires tls 1.2 HOT 4
- Timeouts if primary ADFS member is not online (Event ID 2011/1011) HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from adfsmfa.