Comments (14)
Try to reduce the max key lenght to 512 bytes in security options.
perhaps your phone APN is not able to scan it (too huge size)
Nothing different between ADFS 2012r2 and 2016
Regards
from adfsmfa.
thanks for you help but I have try all key size , and I have this probleme with all authenticator app (google, authy, Microsoft). "The QR code is invalid" , if i tape manually the key in the app it 's ok but the QR code doesn't work #
from adfsmfa.
A screenshot of the error
from adfsmfa.
I have try with an iphone, its ko, its ok with a windows phone
from adfsmfa.
Hi Bastien
Can you be more precise, we cannot reproduce the problem.
Are you adding a key that is compatible with rfc specified (compatible as Google, Facebook, etc). do not choose "personal account" or "enterprise or school" account".
Can you send us mor informations.
Algorythm : SHA1, SHA256 in general paramaters
And parameters used in "Security Tab".
On Windows 2012R2, it seems to work, can you confirm ? is the MFA version is the same on both plaforms.
Thanks
from adfsmfa.
I have understand, I had a blank in the company name, without it with my iphone its working fine
thanks for your help
from adfsmfa.
Ho, yes !
the company name is part of the QRCode.
In future version, we are going to check this situation
Lest me know if it's OK for you now.
Thanks
from adfsmfa.
It's ok thanks
from adfsmfa.
Yes, the Issuer must be Htmlencoded (as said by Google).
So, it's a bug !
We are going to resolve these issues, and futher testing with different Apps on different OS.
- This issue only occurs when you have special characters or spaces in the Company Name (Issuer), this issue is not effective with Microsoft Authenticator on Windows Phone.
Thanks to @Bastien-RB
from adfsmfa.
We have just tested with a ASUS Zen phone 3 on latest Android version and Google Authenticator version 5.00.
- No problem, it works with an Issuer with spaces Inside.
- So, not everybody can experience this issue.
But we are going to work to resolve it according (rfc 3986) specified by IETF (you know, those who specified oauth 2.0...)
from adfsmfa.
Hi,
Is it any validity of QR Code. Like QR code expire in 1 day (24 hours)?
Thank you in advance.
from adfsmfa.
Hi @kalsure
I don't know if we had the same idea.
The TOTP code changes every 30 seconds.
However, we are in the process of implementing a feature allowing not to request the MFA (device trust with cookie) again for x days.
If this is what you want, then set the value to 1 Day (midnight)
regards
from adfsmfa.
Hi,
Thank you for your comment.
But, what I am trying to say is, When we are sending initial emails to Users to activate an account with help QR Code and security key.
How many days validity of this QR code? Like QR code expire in 7 Days.
Can we define the validity of QR? Does QR code work for 2 Days only?
Thank you again.
from adfsmfa.
Hi, @kalsure
No, there is no limitation on the TOTP key. Unless it is RSA, and in this case it is the validity period of the Certificate used.
You can choose RNG, AES, and RSA.
The totp code is the most reliable solution, it is impossible to trace the origin of the key (descructive hashing), the storage is secured by rng, aes and rsa. nothing is transmitted over the network.
Sending the key by email is a security issue for us. now it all depends on your organization ...
The user can change their key when it suits them, that's what we recommend. now force them every 7 days. So, do not abuse ...
Otherwise turn to a SecureID solution.
regards
from adfsmfa.
Related Issues (20)
- Temporary error upon first time TOTP registration HOT 6
- Error decrypting - Crytographic error for user HOT 6
- MFA Registration Error HOT 9
- MFA registration error HOT 4
- MFA Self registration error HOT 1
- Login error HOT 7
- Self-registration for MFA was denied. HOT 2
- Adfs wap issue HOT 34
- MFA Login is denied - Password expired HOT 2
- Disable automatic User Import HOT 11
- Fresh install breaks ADFS completely (adfssrv fails to start: error code 1067) HOT 9
- Prevent forrest wide User Lookup? (MMC and cmdlet long loading time) HOT 2
- MFA Not working on clustered ADFS with MDA HOT 5
- Unable to update e-mail Templates HOT 2
- Issue sending email - requires tls 1.2 HOT 4
- Timeouts if primary ADFS member is not online (Event ID 2011/1011) HOT 9
- MFA new domain in forest HOT 2
- MMC Crash HOT 5
- Initial MFA page shows with delay HOT 1
- PowerShell Add-MFAUsers - Error adding user not found HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from adfsmfa.