Two-factor authentication is not working

Moderator: crythias

Post Reply
bojko
Znuny newbie
Posts: 5
Joined: 01 Nov 2017, 16:22
Znuny Version: 5.0.17

Two-factor authentication is not working

Post by bojko »

Hello Everyone,

I have been a silent reader for a long time on this forum, and thanks to you, I have solved several critical issues, and even upgraded OTRS from 3.0.3 to 5.0.17 from Windows to CentOS.

However, the time has come for me to directly ask for help here.

As I have mentioned, we are using OTRS 5.0.17 on CentOS. Due to some internal company changes, two-factor authentication is required for logging into OTRS. At the moment, we are using the internal OTRS DB for storing agent info. The plan is also to move to LDAP/AD (this is for later on).

The issue we are experiencing is that we cannot log in when two-factor authentication is enabled.

This is what we did:

1. Enabled the two-factor authentication in Framework → Frontend::Agent::Auth::TwoFactor. We have set Allow empty secret to be NO.
2. Made Active the GoogleAuthenticatorSecretKey in Framework → Frontend::Agent::Preferences
3. Installed the Google Authenticator application on our Android Phones.
4. All agents manually enter a shared secret in their agent settings.
5. The agents entered their secrets (time-based) in the Google Authenticator application on the phones.

When trying to login with the OTRS credentials and the 6 digit token that is displayed on the app, we receive ther error below in the otrs.log:

[Error][Kernel::System::Auth::TwoFactor::GoogleAuthenticator::Auth][81] Need TwoFactorToken!

If the two-factor authentication is removed, the same credential work.

Could you be so kind and provide some insight/suggestion where we might be wrong?

Thank you in advance.

Kind Regards,

Bojko
root
Administrator
Posts: 3934
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: Two-factor authentication is not working

Post by root »

Hi,

AFAIK the secret should be 16 characters.

- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
bojko
Znuny newbie
Posts: 5
Joined: 01 Nov 2017, 16:22
Znuny Version: 5.0.17

Re: Two-factor authentication is not working

Post by bojko »

Hi Roy,

Thank you for the initial reply.

Please note that I have checked that as well (sorry for not including this in my original post).

There was a topic here in the forum, where this was pointed out. The generic secret was otrsOTRSotrsOTRS in the topic.

We tried with 16 or more chars in the secret, but no avail.

Any other things that you would suggest/point out, so we can use the two-factor authentication?

Kind Regards,

Bojko
root
Administrator
Posts: 3934
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: Two-factor authentication is not working

Post by root »

Hi,

I still set it up on a test system within 5 minutes like you described it. Did you checked the time setup of your server? Especially virtual machine with VMware like to synchronize times as they like ;-)

- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
bojko
Znuny newbie
Posts: 5
Joined: 01 Nov 2017, 16:22
Znuny Version: 5.0.17

Re: Two-factor authentication is not working

Post by bojko »

Hi Roy,

Thanks for the reply.

I will check the time of the server first thing in the morning when I come in the office.

Can you please let me know on which time setting it should be? I think I have it on UTC-1, to match the time in my country.

In case it needs some other setting, please inform me.

Also, in case the time is correct, what other steps should I take for resolving this?

Thanks again for the help.

Kind Regards,

Bojko
root
Administrator
Posts: 3934
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: Two-factor authentication is not working

Post by root »

Hi,

I don't think it's the time zone, from my experience virtualized machines tend to 'fast forward' the time sometimes.
So, the time difference from the server should not differ more than 30/60 secondes from the real time.
Check this by running the command

Code: Select all

ntpdate -q pool.ntp.org
- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
bojko
Znuny newbie
Posts: 5
Joined: 01 Nov 2017, 16:22
Znuny Version: 5.0.17

Re: Two-factor authentication is not working

Post by bojko »

Hi Roy,

Back at the office, and I have great news.

After checking the time, it was 9 minutes off.

Restarting the ntp service, and the time corrected.

After that, the two-factor authentication works.

Thank you very much for your help on this.

This case can be closed as resolved.

Kind Regards,

Bojko
Post Reply