SecureAuth L4W Version Affected: 1.0.0 - 1.0.3
Description: Login for Windows in conjunction with hard tokens appears to be calculating the TOTP for hard tokens approximately 35 seconds behind (TOTP interval + 5 seconds), i.e. the TOTP calculated by the hard token is only accepted by L4W 5 seconds after the given TOTP disappears to be replaced by the next TOTP.
Soft tokens such as the Authenticate app are unaffected and work as expected.
Realms using TOTP as an MFA method are unaffected and work as expected regardless of token type used being hard or soft token. Only Login for Windows is affected.
Cause: Product defect CP-490. Passcode Offset is calculated in seconds instead of minutes for hard tokens.
Resolution: Fixed in L4W 1.0.4
This error may also occur if the 'Passcode Change Interval' is different between the QR / URL Enrollment and Login for Endpoints realms. For more information, please see the following article:
SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.