QR Codes for 2FA(Google Auth, Microsoft Auth) on IOs Error

[progressiver]

Hi!

QR codes generated by requests doesn't recognize on IOs on Iphones (7,8,10,10S max etc).
Apps say that barcodes is Invalid (Google, Microsoft and so on)

It's ok on Android.

adfsmfa 2.2.0.41
Windows Server 2012R2

[redhook62]

Hi,

No, it's not a bug.
With Apple you must open the camera to scan the QR Code

https://www.macworld.com/article/3286193/ios/how-to-scan-qr-codes-with-your-iphone-or-ipad.html

[progressiver]

But we have another QR code generator and it's worked with Google Auth App on Iphones. libpam-google-authenticator for example. Ok, by the way your method works on IOS12 but on old IOS (like 9) it does not work.

[redhook62]

Have you read the link ?

it's the same problem with IOS 12 ! (seen with our customers)
This QR Code is more secure than those of Apple, Google or Facebook (depending of the configuration you have made).

Try with Authy

Regards

[progressiver]

Yes, I've read.
Ok,I understand. Thank you.

Also could you change some French sentences in text when sending key to email? :)

[redhook62]

Yes, it's possible to override the default emails. You must provide html files with some placholders inside.

Changing this is not easy at this time, in the future release, we are going to implement some powershell specific commands for that.

There's a way to register your custom mails.

• changing the config file

On your main ADFS Server, open a PowerShell console as administrator
Export-MFASystemConfiguration -ExportFilePath x:\somepath\exportconfig.xml

Edit the SendMail section as below, in your sample modify MailSecureKey node

<SendMail Enabled="true" PinRequired="false" EnrollWizard="true" EnrollWizardStrict="true" from="email@domain.com" username="upn@domain.com" password="password" anonymous="false" host="smtp.server.com" port="587" useSSL="true" Company="your company">
    <MailOTP>
	<Template LCID="1036" FileName="path to your html template" Enabled="true" />
          // 1036 = French,  must be a valid filename deployed on each of your ADFS Servers
    </MailOTP>
    <MailInscription />
    <MailSecureKey />
    <Parameters><![CDATA[]]></Parameters>
  </SendMail>

Filename attribute must be a valid file on your ADFS Servers. Otherwise default template will be used.
Save your modifications

On your main ADFS Server, open a PowerShell console as administrator
Import-MFASystemConfiguration -ImportFilePath x:\somepath\exportconfig.xml

Restart your ADFS services.

To build a template, you can watch the default mails (stored as resources)
https://github.com/neos-sdi/adfsmfa/blob/master/Neos.IdentityServer%202.2/Neos.IdentityServer.Common/Resources/cmail_strings.fr.resx

Note the placeholders {0}, {1}, {2}, ...

Regards

[progressiver]

Thank you!
Will try to do a new template. But anyway you can change https://github.com/neos-sdi/adfsmfa/blob/master/Neos.IdentityServer%202.2/Neos.IdentityServer.Common/Resources/cmail_strings.resx and fix English template in the next release. There are some french words :)

Thank you!

Regards