[Freeipa-users] OTP - Google Authenticator - iPhone - Invalid barcode

Prashant Bapat prashant at apigee.com
Wed Jun 17 17:15:11 UTC 2015 

Hi Nathaniel,

I think your patch should work. Please give me a day to test and confirm.

However, I changed this section in otptoken.py:

        StrEnum('ipatokenotpalgorithm?',
            cli_name='algo',
            label=_('Algorithm'),
            doc=_('Token hash algorithm'),
            default=u'sha1',
            autofill=True,
            flags=('no_update'),
            values=(u'sha1', u'sha256', u'sha384', u'sha512'),
        )

to

        StrEnum('ipatokenotpalgorithm?',
            cli_name='algo',
            label=_('Algorithm'),
            doc=_('Token hash algorithm'),
            default=*u'SHA1',*
            autofill=True,
            flags=('no_update'),
            values=*(u'SHA1', u'SHA256', u'SHA384', u'SHA512')*,
        )

And the Google Authenticator installed on a iPhone was able to scan the QR
code and work as expected.

Thanks for looking into this.

Regards.
--Prashant

On 17 June 2015 at 20:00, Nathaniel McCallum <npmccallum at redhat.com> wrote:

> Prashant,
>
> I have proposed a patch for the issue:
> https://www.redhat.com/archives/freeipa-devel/2015-June/msg00505.html
>
> Please test it and let me know if it works for you.
>
> Nathaniel
>
> On Wed, 2015-06-17 at 12:35 +0530, Prashant Bapat wrote:
> > Simo is right! This issue is same as
> > https://fedorahosted.org/freeipa/ticket/5047
> >
> > If I change the algorithm in the otp url to uppercase it scans in
> > Google authenticator/iPhone.
> >
> > Further more I manually edited the /usr/lib/python2.7/site
> > -packages/ipalib/plugins/otptoken.py and uppercases the 'sha' to
> > 'SHA' in a test VM and it works as expected. I hate to do this in the
> > production server though.
> >
> >
> > On 12 June 2015 at 23:32, Prashant Bapat <prashant at apigee.com> wrote:
> > > Hi,
> > >
> > > Has anyone seen this ? When a user tries to scan the QR code he
> > > gets a message saying "invalid barcode". This happens only with
> > > iPhone + Google Authenticator.
> > >
> > > Thanks for your help.
> > >
> > > --Prashant
> > >
> > --
> > Manage your subscription for the Freeipa-users mailing list:
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150617/50d1b5f0/attachment.htm>

More information about the Freeipa-users mailing list