Version Affected: All
Description:
When a user tries to enroll via the OATH URL Enrollment method for our Authenticate App, they are able to successfully validate the TOTP. However, when trying to use the TOTP or Push, they notice that nothing was actually written to the datastore or the mobilesvc. Mobilesvc does not have logging to indicate successful enrollment even though the realm's debug logging does indicate an enrollment attempt.
In contrast, QR Code Enrollment works.
Cause:
URL Enrollment requires that the app does an HTTP POST back to the realm on the SecureAuth IdP server. Due to the nature of an HTTP POST back, the IdP Server does not know that this has failed, and it will just be not be able to complete the enrollment process.
QR Code Enrollment does not have this requirement.
Resolution:
Check to see if there is an HTTP POST back in the IIS logs after the URL Enrollment attempts to complete.
If there is none, it is safe to assume that there is something blocking the app from sending an HTTP POST back to the SecureAuth server. There could be something like a Firewall rule at the Load Balancer level that is stopping the POST back.
If there is an HTTP POST back, then the issue should show up in the Debug logs and then eventually in the mobilesvc logs.
SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.
Comments
Please sign in to leave a comment.