Qr code invalid

[Bastien-RB]

hello
When I try to scan the qrcode i have the message Qr code invalide

Do you have an idea ?
thx

[redhook62]

Try to reduce the max key lenght to 512 bytes in security options.
perhaps your phone APN is not able to scan it (too huge size)

Nothing different between ADFS 2012r2 and 2016

Regards

[Bastien-RB]

thanks for you help but I have try all key size , and I have this probleme with all authenticator app (google, authy, Microsoft). "The QR code is invalid" , if i tape manually the key in the app it 's ok but the QR code doesn't work #

[Bastien-RB]

A screenshot of the error

[Bastien-RB]

I have try with an iphone, its ko, its ok with a windows phone

[redhook62]

Hi Bastien

Can you be more precise, we cannot reproduce the problem.
Are you adding a key that is compatible with rfc specified (compatible as Google, Facebook, etc). do not choose "personal account" or "enterprise or school" account".

Can you send us mor informations.
Algorythm : SHA1, SHA256 in general paramaters
And parameters used in "Security Tab".

On Windows 2012R2, it seems to work, can you confirm ? is the MFA version is the same on both plaforms.

Thanks

[Bastien-RB]

I have understand, I had a blank in the company name, without it with my iphone its working fine
thanks for your help

[redhook62]

Ho, yes !

the company name is part of the QRCode.
In future version, we are going to check this situation

Lest me know if it's OK for you now.

Thanks

[Bastien-RB]

It's ok thanks

[redhook62]

Yes, the Issuer must be Htmlencoded (as said by Google).
So, it's a bug !
We are going to resolve these issues, and futher testing with different Apps on different OS.

• This issue only occurs when you have special characters or spaces in the Company Name (Issuer), this issue is not effective with Microsoft Authenticator on Windows Phone.

Thanks to @Bastien-RB

[redhook62]

We have just tested with a ASUS Zen phone 3 on latest Android version and Google Authenticator version 5.00.

• No problem, it works with an Issuer with spaces Inside.
• So, not everybody can experience this issue.

But we are going to work to resolve it according (rfc 3986) specified by IETF (you know, those who specified oauth 2.0...)

[kalsure]

Hi,

Is it any validity of QR Code. Like QR code expire in 1 day (24 hours)?
Thank you in advance.

[redhook62]

Hi @kalsure

I don't know if we had the same idea.
The TOTP code changes every 30 seconds.
However, we are in the process of implementing a feature allowing not to request the MFA (device trust with cookie) again for x days.
If this is what you want, then set the value to 1 Day (midnight)

regards

[kalsure]

Hi,
Thank you for your comment.
But, what I am trying to say is, When we are sending initial emails to Users to activate an account with help QR Code and security key.
How many days validity of this QR code? Like QR code expire in 7 Days.

Can we define the validity of QR? Does QR code work for 2 Days only?
Thank you again.

[redhook62]

Hi, @kalsure

No, there is no limitation on the TOTP key. Unless it is RSA, and in this case it is the validity period of the Certificate used.
You can choose RNG, AES, and RSA.

The totp code is the most reliable solution, it is impossible to trace the origin of the key (descructive hashing), the storage is secured by rng, aes and rsa. nothing is transmitted over the network.

Sending the key by email is a security issue for us. now it all depends on your organization ...

The user can change their key when it suits them, that's what we recommend. now force them every 7 days. So, do not abuse ...
Otherwise turn to a SecureID solution.

regards