[Keycloak] Enroll TOTP from Keycloak does not work
KeycloakBoys opened this issue · 1 comments
Hi,
We configured PrivacyIdea Server for Push, but we wanted to try TOTP too.
We are experiencing 'Authentication failed. wrong otp pin' errors if we enroll from keycloak.
Instead if we configure TOTP from PrivacyIdea everything goes correctly.
TOTP enrolled from keycloak:
2022-11-30 11:17:03,553 INFO [org.privacyidea.authenticator.PrivacyIDEAAuthenticator] (OkHttp https:///...) PrivacyIDEA Client: /validate/check:
{
"detail": {
"message": "wrong otp pin",
"threadid": 140615254603584
},
"id": 2,
"jsonrpc": "2.0",
"result": {
"authentication": "REJECT",
"status": true,
"value": false
},
"time": 1669803423.5127044,
"version": "privacyIDEA 3.7.4",
"versionnumber": "3.7.4",
TOTP enrolled from PrivacyIDEA:
{
"detail": {
"message": "Found matching challenge",
"serial": "TOTP00004B34",
"threadid": 140615254603584
},
"id": 2,
"jsonrpc": "2.0",
"result": {
"authentication": "ACCEPT",
"status": true,
"value": true
},
"time": 1669803507.1315897,
"version": "privacyIDEA 3.7.4",
"versionnumber": "3.7.4",
Keycloak Plugin Configuration:
Enroll by Keycloak:
Error:
Could anyone help us? Thank You!
For help with settings or policies, please visit the community site:
https://community.privacyidea.org/
By the way, we are working on a new method to enroll a token on the client side. The next version of the keycloak provider will add the possibility to enroll a token without any settings in your keycloak installation: #125