Tagged: HOTP token expiration
This topic has 3 replies, 1 voice, and was last updated 2 years, 8 months ago by Andy Cory.
-
AuthorPosts
-
January 3, 2019 at 12:23 am #24356
ssripathy1
ParticipantHi,
I have MFA configured with a chain (in OpenAM 13.5) that has LDAP module and HOTP module.The HOTP module has a Token Validity length of 30 mins, and the token is sent out via email to a user. We are noticing an issue where if the email server takes a few mins to send out this OTP token with a delay of a min or two to a user, and the user tries to enter the token in OpenAM, OpenAM responds by stating that the token has already expired. It is clearly not honoring the validity length in the HOTP module.
Is this a known bug in 13.5 and does someone know of a workaround without having to resort to an upgrade at this point?
Appreciate any assistance on this issue. Thank you!
January 11, 2019 at 7:16 pm #24405William Hepler
ParticipantCan you confirm the error though. It could be that the HOTP.xml page it self is timing out. A similiar thing can happen if your login page times out.
I would double check:
https://backstage.forgerock.com/knowledge/kb/article/a23597700December 3, 2019 at 10:05 am #27208vmerdis
ParticipantHi,
I face the same problem. I have changed the value of the HOTP validity to 15 minutes instead of 5 but it doesn’t seem to work! I checked everything and after testing the link is valid for 3 minutes and after it expires.
I would appreciate any help on the issue. Thank you!
December 15, 2019 at 11:54 am #27280Andy Cory
ParticipantDid you read @william-hepler’s reply? There could be more timeouts at play here than just the validity value for the token itself.
-Andy
-
AuthorPosts
You must be logged in to reply to this topic.