Qr code invalid about adfsmfa HOT 14 CLOSED

Try to reduce the max key lenght to 512 bytes in security options.
perhaps your phone APN is not able to scan it (too huge size)

Nothing different between ADFS 2012r2 and 2016

Regards

from adfsmfa.

thanks for you help but I have try all key size , and I have this probleme with all authenticator app (google, authy, Microsoft). "The QR code is invalid" , if i tape manually the key in the app it 's ok but the QR code doesn't work #

from adfsmfa.

A screenshot of the error

from adfsmfa.

I have try with an iphone, its ko, its ok with a windows phone

from adfsmfa.

Hi Bastien

Can you be more precise, we cannot reproduce the problem.
Are you adding a key that is compatible with rfc specified (compatible as Google, Facebook, etc). do not choose "personal account" or "enterprise or school" account".

Can you send us mor informations.
Algorythm : SHA1, SHA256 in general paramaters
And parameters used in "Security Tab".

On Windows 2012R2, it seems to work, can you confirm ? is the MFA version is the same on both plaforms.

Thanks

from adfsmfa.

I have understand, I had a blank in the company name, without it with my iphone its working fine
thanks for your help

from adfsmfa.

Ho, yes !

the company name is part of the QRCode.
In future version, we are going to check this situation

Lest me know if it's OK for you now.

Thanks

from adfsmfa.

It's ok thanks

from adfsmfa.

Yes, the Issuer must be Htmlencoded (as said by Google).
So, it's a bug !
We are going to resolve these issues, and futher testing with different Apps on different OS.

• This issue only occurs when you have special characters or spaces in the Company Name (Issuer), this issue is not effective with Microsoft Authenticator on Windows Phone.

Thanks to @Bastien-RB

from adfsmfa.

We have just tested with a ASUS Zen phone 3 on latest Android version and Google Authenticator version 5.00.

• No problem, it works with an Issuer with spaces Inside.
• So, not everybody can experience this issue.

But we are going to work to resolve it according (rfc 3986) specified by IETF (you know, those who specified oauth 2.0...)

from adfsmfa.

Hi,

Is it any validity of QR Code. Like QR code expire in 1 day (24 hours)?
Thank you in advance.

from adfsmfa.

Hi @kalsure

I don't know if we had the same idea.
The TOTP code changes every 30 seconds.
However, we are in the process of implementing a feature allowing not to request the MFA (device trust with cookie) again for x days.
If this is what you want, then set the value to 1 Day (midnight)

regards

from adfsmfa.

Hi,
Thank you for your comment.
But, what I am trying to say is, When we are sending initial emails to Users to activate an account with help QR Code and security key.
How many days validity of this QR code? Like QR code expire in 7 Days.

Can we define the validity of QR? Does QR code work for 2 Days only?
Thank you again.

from adfsmfa.

Hi, @kalsure

No, there is no limitation on the TOTP key. Unless it is RSA, and in this case it is the validity period of the Certificate used.
You can choose RNG, AES, and RSA.

The totp code is the most reliable solution, it is impossible to trace the origin of the key (descructive hashing), the storage is secured by rng, aes and rsa. nothing is transmitted over the network.

Sending the key by email is a security issue for us. now it all depends on your organization ...

The user can change their key when it suits them, that's what we recommend. now force them every 7 days. So, do not abuse ...
Otherwise turn to a SecureID solution.

regards

from adfsmfa.