SecureAuth IdP Version affected: All
SecureAuth RADIUS Server Version Affected: Early 2.x.x
Description:
Some devices are having issues with the Radius Server realm where they are unable to be used for two factor authentication. Whether the OATH Seed is registered through the OATH enrollment realm, the Mobile QR enrollment realm, or any realm that writes an OATH Seed, the RADIUS Server realm 2FA will not properly populate. This seems to be resolved if a mobile number has been written on the profile as well. Even though the OATH enrollment is successful, some devices are unable to properly have the OATH Seed read after enrollment without a value written.
Devices that can enroll but cannot authenticate include:
-Google Authenticator
-SecureAuth Passcode App
-SecureAuth OTP Chrome Extension
Devices that can enroll and can authenticate include:
-SecureAuth Authenticate App
If a user first uses the working SecureAuth Authenticate App, the other devices will work properly. However, this is not a viable workaround for this issue.
Resolution:
Upgrade RADIUS Server to the latest version.
This issue has been fixed in the later versions, as the coding in some earlier 2.x.x versions had a bug where it would not properly read that there was an OATH Seed without a mobile number in the system. There did not need to be a valid mobile number, but any value there would have allowed the OATH Seed to be read.
Comments
Please sign in to leave a comment.