ADFS VAM Error PIN does not match OTP

    Applies to:
  • Legacy SecureAuth IdP
Deployment model:
  • On Premises
  • SecureAuth Idp Version affected: All
    When using the ADFS VAM, if using SMS or Voice the User does receive the OTP but the authentication is not successful. 

    The VAM logs shows "PIN does not match OTP" 


    05-21-2019- SecureAuthAdapter.ValidateProofData - Method start
    05-21-2019- SecureAuthAdapter.ValidateProofData - Pin does not match sent OTP, returning false
    05-21-2019- SecureAuthAdapter.ValidateProofData - Method end
    05-21-2019- SecureAuthAdapter.TryEndAuthentication.sms2 - some_user: Pin is invalid, returning pin entry error
    05-21-2019- SecureAuthAdapter.TryEndAuthentication - Method end


    Cause: Using the API realm for multiple purposes causes this issue. You cannot use a realm that is setup for Login for Endpoints. Nor can you use a realm that is setup with the "Validate OTP" Endpoint.


    In order to fix this issue, please perform the following

    1. Pick or create a realm that only the ADFS VAM will connect to.

    2. In this realm, open the Web.config editor and search for OTPFieldMapping. If it exists, remove it.

    3. On the API tab, make sure Login for Endpoints is not enabled. 


    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    0 out of 0 found this helpful



    Please sign in to leave a comment.