Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(jans-casa): failed to authenticate 2FA using OTP #8478

Closed
manojs1978 opened this issue May 9, 2024 · 1 comment · Fixed by #8505
Closed

fix(jans-casa): failed to authenticate 2FA using OTP #8478

manojs1978 opened this issue May 9, 2024 · 1 comment · Fixed by #8505
Assignees
@jgomer2001
Labels
kind-bug Issue or PR is a bug in existing functionality

Comments

@manojs1978
Copy link
Contributor

Describe the bug
failed to authenticate 2FA using OTP/super gluu

To Reproduce
Steps to reproduce the behavior:

  1. install jans 1.1.2.nightly
  2. enable fido,supergluu,otp scripts
  3. login to jans-casa
  4. register supergluu, otp,fido
  5. eanble 2FA and set otp as preferred method
  6. logout and login again
  7. add otp to login when prompted in 2FA screen
  8. See error

Expected behavior
should be able to authenticate using OTP

Screenshots
If applicable, add screenshots to help explain your problem.
image

Desktop (please complete the following information):

  • OS: suse 15
  • Browser [e.g. chrome, safari]
  • Version sp5
    -jans 1.1..2.nightly
    DB pgsql

Smartphone (please complete the following information):

  • Device: [e.g. iPhone6]
  • OS: [e.g. iOS8.1]
  • Browser [e.g. stock browser, safari]
  • Version [e.g. 22]

Additional context
Add any other context about the problem here.
@mo-auto mo-auto added the kind-bug Issue or PR is a bug in existing functionality label May 9, 2024
@manojs1978
Copy link
Contributor Author

manojs1978 commented May 10, 2024
edited
Loading

casa.log

10-05 06:33:52.888 ERROR [qtp1766724936-15] jans.casa.core.PersistenceService PersistenceService.java:107- Failed to find entries with baseDN: ou=fido2_register,inum=dae4a332-fd84-4767-b483-8da4b10f3e89,ou=people,o=jans, filter: (&(&(objectClass=jansFido2RegistrationEntry))(&(jansStatus=registered)(personInum=dae4a332-fd84-4767-b483-8da4b10f3e89)(jansApp=manojs1978-happy-mosquito.gluu.info)))
10-05 06:33:52.888 INFO  [qtp1766724936-15] ui.vm.user.UserPreferenceViewModel UserPreferenceViewModel.java:85- Number of credentials for user admin: 0
10-05 06:33:52.899 ERROR [qtp1766724936-15] jans.casa.core.PersistenceService PersistenceService.java:107- Failed to find entries with baseDN: ou=fido2_register,inum=dae4a332-fd84-4767-b483-8da4b10f3e89,ou=people,o=jans, filter: (&(&(objectClass=jansFido2RegistrationEntry))(&(jansStatus=registered)(personInum=dae4a332-fd84-4767-b483-8da4b10f3e89)(jansApp=manojs1978-happy-mosquito.gluu.info)))
10-05 06:33:52.902 ERROR [qtp1766724936-15] jans.casa.core.PersistenceService PersistenceService.java:107- Failed to find entries with baseDN: ou=fido2_register,inum=dae4a332-fd84-4767-b483-8da4b10f3e89,ou=people,o=jans, filter: (&(&(objectClass=jansFido2RegistrationEntry))(&(jansApp=https://manojs1978-happy-mosquito.gluu.info/jans-casa)(|(!(personInum=*))(personInum=dae4a332-fd84-4767-b483-8da4b10f3e89))))
10-05 06:33:52.909 ERROR [qtp1766724936-15] jans.casa.core.PersistenceService PersistenceService.java:107- Failed to find entries with baseDN: ou=fido2_register,inum=dae4a332-fd84-4767-b483-8da4b10f3e89,ou=people,o=jans, filter: (&(&(objectClass=jansFido2RegistrationEntry))(&(jansStatus=registered)(personInum=dae4a332-fd84-4767-b483-8da4b10f3e89)(jansApp=manojs1978-happy-mosquito.gluu.info)))
10-05 06:33:52.911 ERROR [qtp1766724936-15] jans.casa.core.PersistenceService PersistenceService.java:107- Failed to find entries with baseDN: ou=fido2_register,inum=dae4a332-fd84-4767-b483-8da4b10f3e89,ou=people,o=jans, filter: (&(&(objectClass=jansFido2RegistrationEntry))(&(jansApp=https://manojs1978-happy-mosquito.gluu.info/jans-casa)(|(!(personInum=*))(personInum=dae4a332-fd84-4767-b483-8da4b10f3e89))))
10-05 06:33:57.400 ERROR [qtp1766724936-15] jans.casa.core.PersistenceService PersistenceService.java:107- Failed to find entries with baseDN: ou=fido2_register,inum=dae4a332-fd84-4767-b483-8da4b10f3e89,ou=people,o=jans, filter: (&(&(objectClass=jansFido2RegistrationEntry))(&(jansApp=https://manojs1978-happy-mosquito.gluu.info/jans-casa)(|(!(personInum=*))(personInum=dae4a332-fd84-4767-b483-8da4b10f3e89))))
10-05 06:34:00.593 INFO  [qtp1766724936-17] jans.casa.misc.WebUtils WebUtils.java:159- Found cookie: '5757c8df-12c7-4a04-a586-54b1592d0b96'
10-05 06:34:00.593 INFO  [qtp1766724936-17] plugins.authnmethod.service.SGService SGService.java:107- Beginning registration request with user=admin, ip=103.197.74.198
10-05 06:36:57.636 INFO  [qtp1766724936-17] casa.core.filter.LocaleInterceptor LocaleInterceptor.java:43- Browser locale is 'en_US'
10-05 06:36:57.636 INFO  [qtp1766724936-17] casa.core.filter.LocaleInterceptor LocaleInterceptor.java:54- Locale for this session will be 'en'
10-05 06:37:22.975 INFO  [qtp1766724936-22] ui.vm.user.UserPreferenceViewModel UserPreferenceViewModel.java:85- Number of credentials for user admin: 2
10-05 06:38:10.571 ERROR [qtp1766724936-18] ui.vm.user.SecurityKey2ViewModel SecurityKey2ViewModel.java:253- An error occurred when enrolling fido2 cred for user admin. NotAllowedError: The request is not allowed by the user agent or the platform in the current context, possibly because the user denied permission.
10-05 06:38:45.479 INFO  [qtp1766724936-18] ui.vm.user.UserPreferenceViewModel UserPreferenceViewModel.java:85- Number of credentials for user admin: 2
10-05 06:39:02.815 INFO  [qtp1766724936-17] casa.core.filter.LocaleInterceptor LocaleInterceptor.java:43- Browser locale is 'en_US'
10-05 06:39:02.815 INFO  [qtp1766724936-17] casa.core.filter.LocaleInterceptor LocaleInterceptor.java:54- Locale for this session will be 'en'

auth_script.log

2024-05-10 06:39:10,987 INFO  [qtp990416209-22] 3bac2425-74a2-4507-8db9-4ad264f0e140 [io.jans.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. isValidAuthenticationMethod called
2024-05-10 06:39:10,988 INFO  [qtp990416209-22] 3bac2425-74a2-4507-8db9-4ad264f0e140 [io.jans.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. prepareForStep 2
2024-05-10 06:39:10,989 INFO  [qtp990416209-22] 3bac2425-74a2-4507-8db9-4ad264f0e140 [io.jans.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. prepareForStep. ACR = otp
2024-05-10 06:39:10,990 INFO  [qtp990416209-22] 3bac2425-74a2-4507-8db9-4ad264f0e140 [io.jans.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - manojs1978-happy-mosquito.gluu.info
2024-05-10 06:39:10,995 INFO  [qtp990416209-22] 3bac2425-74a2-4507-8db9-4ad264f0e140 [io.jans.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. getAvailMethodsUser [super_gluu]
2024-05-10 06:39:10,995 INFO  [qtp990416209-22] 3bac2425-74a2-4507-8db9-4ad264f0e140 [io.jans.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - OTP. Prepare for step 2
2024-05-10 06:39:10,997 INFO  [qtp990416209-22] 3bac2425-74a2-4507-8db9-4ad264f0e140 [io.jans.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - OTP. Prepare for step 2. otp_auth_method: 'authenticate'
2024-05-10 06:39:10,997 INFO  [qtp990416209-22] 3bac2425-74a2-4507-8db9-4ad264f0e140 [io.jans.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. getExtraParametersForStep 2
2024-05-10 06:39:10,997 INFO  [qtp990416209-22] 3bac2425-74a2-4507-8db9-4ad264f0e140 [io.jans.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - extras are [otp_auth_method, otp_count_login_steps, otp_secret_key, otp_enrollment_request, ACR, methods, trustedDevicesInfo, casa_contextPath, casa_prefix, casa_faviconUrl, casa_extraCss, casa_logoUrl]
2024-05-10 06:39:22,191 INFO  [qtp990416209-22] a4b28f52-a5ca-4033-bca9-cf23cf3a258f [io.jans.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. authenticate for step 2
2024-05-10 06:39:22,193 INFO  [qtp990416209-22] a4b28f52-a5ca-4033-bca9-cf23cf3a258f [io.jans.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - manojs1978-happy-mosquito.gluu.info
2024-05-10 06:39:22,197 INFO  [qtp990416209-22] a4b28f52-a5ca-4033-bca9-cf23cf3a258f [io.jans.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. getAvailMethodsUser [super_gluu]
2024-05-10 06:39:22,198 INFO  [qtp990416209-22] a4b28f52-a5ca-4033-bca9-cf23cf3a258f [io.jans.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - OTP. Authenticate for step 2
2024-05-10 06:39:22,202 INFO  [qtp990416209-22] a4b28f52-a5ca-4033-bca9-cf23cf3a258f [io.jans.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - OTP. Process OTP authentication. OTP code is invalid
2024-05-10 06:39:22,202 INFO  [qtp990416209-22] a4b28f52-a5ca-4033-bca9-cf23cf3a258f [io.jans.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - OTP. Authenticate for step 2. OTP authentication result: 'False'
2024-05-10 06:39:22,202 INFO  [qtp990416209-22] a4b28f52-a5ca-4033-bca9-cf23cf3a258f [io.jans.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. authenticate. 2FA authentication failed
2024-05-10 06:39:22,202 INFO  [qtp990416209-22] a4b28f52-a5ca-4033-bca9-cf23cf3a258f [io.jans.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Casa. getNextStep called 2

@moabu moabu assigned jgomer2001 and unassigned moabu May 13, 2024
jgomer2001 added a commit that referenced this issue May 14, 2024
@jgomer2001
fix: update how external uids are retrieved #8478
1c2b147 
Signed-off-by: jgomer2001 <bonustrack310@gmail.com>
@jgomer2001 jgomer2001 mentioned this issue May 14, 2024
Merged
5 tasks
moabu pushed a commit that referenced this issue May 14, 2024
@jgomer2001
fix: update how external uids are retrieved (#8505)
66aa86b 
fix: update how external uids are retrieved #8478

Signed-off-by: jgomer2001 <bonustrack310@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jgomer2001 jgomer2001

Labels
kind-bug Issue or PR is a bug in existing functionality
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: update how external uids are retrieved JanssenProject/jans
4 participants
@jgomer2001 @manojs1978 @moabu @mo-auto