By: Sergio Raneli user 12 Apr 2019 at 6:35 a.m. CDT

5 Responses
Sergio Raneli gravatar
I use OTP fot authentication. One of my user qr code is not generated at first login (normal page but without qr). I try to delete user and sync it again from AD but got same result.

By Sahil Arora staff 16 Apr 2019 at 9:40 p.m. CDT

Sahil Arora gravatar
Hi Sergio, Can you please confirm if this happening for one of the users or all? Also, Please share the oxauth.log and oxauth_script logs for the failing user. Thanks Sahil

By Sergio Raneli user 18 Apr 2019 at 3:10 a.m. CDT

Sergio Raneli gravatar
Hi Sahil, I confirm this is happening just for one user. This is oxauth.log extract when user login: "2019-04-18 08:03:13,380 ERROR [qtp804611486-16] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:314) - Failed to authenticate dn: inum=@!CCA2.5C64.BBC8.BEB6!0001!069D.2040!0000!18C1.BDDF,ou=people,o=@!CCA2.5C64.BBC8.BEB6!0001!069D.2040,o=gluu" This is oxauth_script.log "2019-04-18 08:06:48,277 INFO [qtp804611486-15] [org.xdi.service.PythonService$P ythonLoggerOutputStream] (PythonService.java:239) - OTP. Authenticate for step 1 2019-04-18 08:06:48,304 INFO [qtp804611486-15] [org.xdi.service.PythonService$P ythonLoggerOutputStream] (PythonService.java:239) - OTP. Authenticate for step 1 . There is no OTP enrollment for user 'emanuele.dangelo@oss.srl'. Changing otp_a uth_method to 'enroll' 2019-04-18 08:06:48,304 INFO [qtp804611486-15] [org.xdi.service.PythonService$P ythonLoggerOutputStream] (PythonService.java:239) - OTP. Authenticate for step 1 . Setting count steps: '3' 2019-04-18 08:06:48,305 INFO [qtp804611486-15] [org.xdi.service.PythonService$P ythonLoggerOutputStream] (PythonService.java:239) - OTP. Authenticate for step 1 . otp_auth_method: 'enroll' 2019-04-18 08:06:48,306 INFO [qtp804611486-15] [org.xdi.service.PythonService$P ythonLoggerOutputStream] (PythonService.java:239) - OTP. Gep page for step 2. ot p_auth_method: 'enroll' 2019-04-18 08:06:48,369 INFO [qtp804611486-10] [org.xdi.service.PythonService$P ythonLoggerOutputStream] (PythonService.java:239) - OTP. Prepare for step 2 2019-04-18 08:06:48,370 INFO [qtp804611486-10] [org.xdi.service.PythonService$P ythonLoggerOutputStream] (PythonService.java:239) - OTP. Prepare for step 2. otp _auth_method: 'enroll' 2019-04-18 08:06:48,371 INFO [qtp804611486-10] [org.xdi.service.PythonService$P ythonLoggerOutputStream] (PythonService.java:239) - OTP. Prepare for step 2. Pre pared enrollment request for user: 'emanuele.dangelo@oss.srl' " In the attachment you can see the page displayed to the user after login

By Yuriy Movchan staff 06 May 2019 at 4:56 a.m. CDT

Yuriy Movchan gravatar
Hi Sergio, Can you export this user entry without userPassowrd attribute and share it? In QR generation method there is line `label = issuer + " %s" % userDisplayName` Probably User displayName contains characters which OTPAuthURIBuilder class not supports. Regards, Yuriy

By Sergio Raneli user 06 May 2019 at 5:46 a.m. CDT

Sergio Raneli gravatar
Hi, i will export the user and share it ASAP, We use First name> Last Name> as display name. I confirm to you this user is the only that has a ' in Last Name. (last name = D'Angelo) I will try to remove it and try if he can enroll otp. If this is the problem there is a way to escape special chars. Here in italy is not uncommon to have ' in last name. Da: GY4TINI=@support.gluu.org GY4TINI=@support.gluu.org> Inviato: lunedì 6 maggio 2019 11:56 A: Sergio Raneli Sergio.Raneli@oss.srl> Oggetto: New response on Gluu ticket #6945: "QR Code" from Gluu [Gluu] Hello, A new response has been added to ticket #6945, QR Codehttps://support.gluu.org/authentication/6945/qr-code/#at48081>, by Yuriy Movchan from Gluu, a Gluu community support user. Hi Sergio, Can you export this user entry without userPassowrd attribute and share it? In QR generation method there is line label = issuer + " %s" % userDisplayName Probably User displayName contains characters which OTPAuthURIBuilder class not supports.

By Sergio Raneli user 07 May 2019 at 3:05 a.m. CDT

Sergio Raneli gravatar
Hello, I confirm you that after removing ' from user display name qr code are generated. Do you think it's possible to escape this kind of char? Da: GY4TINI=@support.gluu.org GY4TINI=@support.gluu.org> Inviato: lunedì 6 maggio 2019 11:56 A: Sergio Raneli Sergio.Raneli@oss.srl> Oggetto: New response on Gluu ticket #6945: "QR Code" from Gluu [Gluu] Hello, A new response has been added to ticket #6945, QR Codehttps://support.gluu.org/authentication/6945/qr-code/#at48081>, by Yuriy Movchan from Gluu, a Gluu community support user. Hi Sergio, Can you export this user entry without userPassowrd attribute and share it? In QR generation method there is line label = issuer + " %s" % userDisplayName Probably User displayName contains characters which OTPAuthURIBuilder class not supports.