-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade to 2.2.0.18 #21
Comments
Hi, Regards |
I didn't change the mode, it was on RSA before the upgrade, but will test with RNG to see what happens. Just a note. The thumbprint looks good, but when I go to security options the "side-bat" is not green. I didn't run Install-MFACertificate after the upgrade, because that will generate a new certificate and make all current keys invalid, right? |
Hi, Have you test before with a "Maximum Key lenght" with 2048 bytes ? So, stay connected, i will test this afternoon. Thanks very much ! Regards |
Yes, we used 2048 before, so didn't change that. |
Hi, Yes, it should be better to use 2048 bytes, but many phones (not the last at 1000$) could not scan the code. I check you problem this PM Regards |
Encryption, is always done with all the whole length of key ! aka : 2048 Bytes Regards |
Tested a little bit more with re-register the MFA adapter and generate a new RSA certificate. It seems like that does not work either when I set Hash Algorithm to SH2A56. Set to SHA1 works fine, but when I set it to SAH256 the verification after scanning the QR code does not pass (I always remove and re-add user after changing Hash Algorithm). Maybe that is related to this issue to? |
Hi, SHA256 hash algo is not supported by the majority of OTP apps. Only Auty app is supporting it. Cdt |
Hi, @anorstrom Yes, It's a bug ! Thank you ! We made a mistake, we have removed iteration in hash mode when validating the QRCode. We push a new install tonight, and source code with other evolutions tomorrow. Best regards redhook |
Super, thank you! |
Hi,
Have tested the new version with RSA and ADDS mode, and it works fine when we re-register the MFA adapter (Register-MFASystem –Activate –RestartFarm –KeysFormat RSA -RSACertificateDuration 10, which generates a new certificate), and then enable new users for MFA.
Tested also to upgrade a current installation with RSA and ADDS, but that seems to break it:
Maybe this is expected in this beta version?
Or is there a way to get the current certificate working with the new version, instead of generating a new certificate by re-register the MFA adapter?
Thanks,
Andreas
The text was updated successfully, but these errors were encountered: