SecureAuth Idp Version affected: All
When using the ADFS VAM, if using SMS or Voice the User does receive the OTP but the authentication is not successful.
The VAM logs shows "PIN does not match OTP"
05-21-2019-13.54.04.287 SecureAuthAdapter.ValidateProofData - Method start
05-21-2019-13.54.04.287 SecureAuthAdapter.ValidateProofData - Pin does not match sent OTP, returning false
05-21-2019-13.54.04.287 SecureAuthAdapter.ValidateProofData - Method end
05-21-2019-13.54.04.303 SecureAuthAdapter.TryEndAuthentication.sms2 - some_user: Pin is invalid, returning pin entry error
05-21-2019-13.54.04.303 SecureAuthAdapter.TryEndAuthentication - Method end
Cause: Using the API realm for multiple purposes causes this issue. You cannot use a realm that is setup for Login for Endpoints. Nor can you use a realm that is setup with the "Validate OTP" Endpoint.
In order to fix this issue, please perform the following
1. Pick or create a realm that only the ADFS VAM will connect to.
2. In this realm, open the Web.config editor and search for OTPFieldMapping. If it exists, remove it.
3. On the API tab, make sure Login for Endpoints is not enabled.
SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.