[Freeipa-users] OTP - Google Authenticator - iPhone - Invalid barcode
Nathaniel McCallum
npmccallum at redhat.com
Wed Jun 17 17:16:37 UTC 2015
The change that you made might break other things.
On Wed, 2015-06-17 at 22:45 +0530, Prashant Bapat wrote:
> Hi Nathaniel,
>
> I think your patch should work. Please give me a day to test and
> confirm.
>
> However, I changed this section in otptoken.py:
>
> StrEnum('ipatokenotpalgorithm?',
> cli_name='algo',
> label=_('Algorithm'),
> doc=_('Token hash algorithm'),
> default=u'sha1',
> autofill=True,
> flags=('no_update'),
> values=(u'sha1', u'sha256', u'sha384', u'sha512'),
> )
>
> to
>
> StrEnum('ipatokenotpalgorithm?',
> cli_name='algo',
> label=_('Algorithm'),
> doc=_('Token hash algorithm'),
> default=u'SHA1',
> autofill=True,
> flags=('no_update'),
> values=(u'SHA1', u'SHA256', u'SHA384', u'SHA512'),
> )
>
> And the Google Authenticator installed on a iPhone was able to scan
> the QR code and work as expected.
>
> Thanks for looking into this.
>
> Regards.
> --Prashant
>
> On 17 June 2015 at 20:00, Nathaniel McCallum <npmccallum at redhat.com>
> wrote:
> > Prashant,
> >
> > I have proposed a patch for the issue:
> > https://www.redhat.com/archives/freeipa-devel/2015
> > -June/msg00505.html
> >
> > Please test it and let me know if it works for you.
> >
> > Nathaniel
> >
> > On Wed, 2015-06-17 at 12:35 +0530, Prashant Bapat wrote:
> > > Simo is right! This issue is same as
> > > https://fedorahosted.org/freeipa/ticket/5047
> > >
> > > If I change the algorithm in the otp url to uppercase it scans in
> > > Google authenticator/iPhone.
> > >
> > > Further more I manually edited the /usr/lib/python2.7/site
> > > -packages/ipalib/plugins/otptoken.py and uppercases the 'sha' to
> > > 'SHA' in a test VM and it works as expected. I hate to do this in
> > the
> > > production server though.
> > >
> > >
> > > On 12 June 2015 at 23:32, Prashant Bapat <prashant at apigee.com>
> > wrote:
> > > > Hi,
> > > >
> > > > Has anyone seen this ? When a user tries to scan the QR code he
> > > > gets a message saying "invalid barcode". This happens only with
> > > > iPhone + Google Authenticator.
> > > >
> > > > Thanks for your help.
> > > >
> > > > --Prashant
> > > >
> > > --
> > > Manage your subscription for the Freeipa-users mailing list:
> > > https://www.redhat.com/mailman/listinfo/freeipa-users
> > > Go to http://freeipa.org for more info on the project
> >
More information about the Freeipa-users
mailing list