[Freeipa-users] OTP - Google Authenticator - iPhone - Invalid barcode

Nathaniel McCallum npmccallum at redhat.com
Wed Jun 17 17:16:37 UTC 2015 

The change that you made might break other things.

On Wed, 2015-06-17 at 22:45 +0530, Prashant Bapat wrote:
> Hi Nathaniel, 
> 
> I think your patch should work. Please give me a day to test and 
> confirm. 
> 
> However, I changed this section in otptoken.py:
> 
>         StrEnum('ipatokenotpalgorithm?',
>             cli_name='algo',
>             label=_('Algorithm'),
>             doc=_('Token hash algorithm'),
>             default=u'sha1',
>             autofill=True,
>             flags=('no_update'),
>             values=(u'sha1', u'sha256', u'sha384', u'sha512'),
>         )
> 
> to 
> 
>         StrEnum('ipatokenotpalgorithm?',
>             cli_name='algo',
>             label=_('Algorithm'),
>             doc=_('Token hash algorithm'),
>             default=u'SHA1',
>             autofill=True,
>             flags=('no_update'),
>             values=(u'SHA1', u'SHA256', u'SHA384', u'SHA512'),
>         )
> 
> And the Google Authenticator installed on a iPhone was able to scan 
> the QR code and work as expected. 
> 
> Thanks for looking into this. 
> 
> Regards. 
> --Prashant
> 
> On 17 June 2015 at 20:00, Nathaniel McCallum <npmccallum at redhat.com> 
> wrote:
> > Prashant,
> > 
> > I have proposed a patch for the issue:
> > https://www.redhat.com/archives/freeipa-devel/2015
> > -June/msg00505.html
> > 
> > Please test it and let me know if it works for you.
> > 
> > Nathaniel
> > 
> > On Wed, 2015-06-17 at 12:35 +0530, Prashant Bapat wrote:
> > > Simo is right! This issue is same as
> > > https://fedorahosted.org/freeipa/ticket/5047
> > >
> > > If I change the algorithm in the otp url to uppercase it scans in
> > > Google authenticator/iPhone.
> > >
> > > Further more I manually edited the /usr/lib/python2.7/site
> > > -packages/ipalib/plugins/otptoken.py and uppercases the 'sha' to
> > > 'SHA' in a test VM and it works as expected. I hate to do this in 
> > the
> > > production server though.
> > >
> > >
> > > On 12 June 2015 at 23:32, Prashant Bapat <prashant at apigee.com> 
> > wrote:
> > > > Hi,
> > > >
> > > > Has anyone seen this ? When a user tries to scan the QR code he
> > > > gets a message saying "invalid barcode". This happens only with
> > > > iPhone + Google Authenticator.
> > > >
> > > > Thanks for your help.
> > > >
> > > > --Prashant
> > > >
> > > --
> > > Manage your subscription for the Freeipa-users mailing list:
> > > https://www.redhat.com/mailman/listinfo/freeipa-users
> > > Go to http://freeipa.org for more info on the project
> >

More information about the Freeipa-users mailing list