Knowledge Base

Support Policies

RADIUS Server Realm's 2FA not reading OATH Seed

SecureAuth IdP Version affected: All

SecureAuth RADIUS Server Version Affected: Early 2.x.x

 

Description:

Some devices are having issues with the Radius Server realm where they are unable to be used for two factor authentication. Whether the OATH Seed is registered through the OATH enrollment realm, the Mobile QR enrollment realm, or any realm that writes an OATH Seed, the RADIUS Server realm 2FA will not properly populate. This seems to be resolved if a mobile number has been written on the profile as well. Even though the OATH enrollment is successful, some devices are unable to properly have the OATH Seed read after enrollment without a value written.

Devices that can enroll but cannot authenticate include:

-Google Authenticator

-SecureAuth Passcode App

-SecureAuth OTP Chrome Extension

Devices that can enroll and can authenticate include:

-SecureAuth Authenticate App

If a user first uses the working SecureAuth Authenticate App, the other devices will work properly. However, this is not a viable workaround for this issue.

 

Resolution:

Upgrade RADIUS Server to the latest version.

This issue has been fixed in the later versions, as the coding in some earlier 2.x.x versions had a bug where it would not properly read that there was an OATH Seed without a mobile number in the system. There did not need to be a valid mobile number, but any value there would have allowed the OATH Seed to be read.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.