AMP icon indicating copy to clipboard operation
AMP copied to clipboard

Published 20 hours ago verified publisher icon CubeCoders

Two-factor preventing the addition of target to controller (OTP field not working as expected)

Open DreadPirateDuo opened this issue 1 year ago • 2 comments

Bug Report

System Information

  • Operating System: Windows Server 2019
  • AMP version and build date: 2.4.7, 09/01/2024
  • Which AMP release stream you're using: Mainline

I confirm:

  • [x] that I have searched for an existing bug report for this issue.
  • [x] that I am using the latest available version of AMP.
  • [x] that my operating system is up-to-date.

Symptoms

When setting up the connection of a target to a controller using a user account that has Two-Factor configured, the OTP field does not work properly.

When using the correct credentials, and supplying the correct OTP code, authentication fails. The error message received states the controller rejected the authentication attempt because the credentials are invalid. The OTP code is both valid, has not expired and the time on both the controller and the target are within seconds of each other.

I expect the OTP code to work as intended.

The logs on the controller indicate that the authentication request was received and that it is waiting for the two-factor code. I am assuming that the format the target is sending the OTP in is not what the controller expects. When a user logs in, the OTP is provided after the username and password are verified. My assumption is that the target/controller authentication is using the same method for this authentication as it does for users and the format of the target's authentication request dose not match what the controller is expecting.   

Reproduction

Install and configure the controller. Create a user with the "super user" role. Enable two-factor on the new user (test by logging into the controller with the new user and supplying the OTP when asked) Install a new target, go through the ADS setup and attempt to add the target to the controller using the new user with two-factor enabled (be sure to put in the proper OTP and make sure it has at least 15 seconds of validity to avoid issues with the OTP expiring). The authentication will fail.

Workaround

Disable two-factor for the user. Attach the target to the controller without the OTP (it works) Enable two-factor for the user when the target has been properly configured.

DreadPirateDuo avatar Jan 19 '24 15:01 DreadPirateDuo

You are correct. This is a bug that has a work around. Disable OTP while adding the target then you can add the OTP back.

IceOfWraith avatar Jan 19 '24 16:01 IceOfWraith

Additionaly: You must disable the option Security and Privacy -> Two Factor Authentication too (set it to Optional). See: https://discord.com/channels/266012086423912458/1199610373351936071/1199610373351936071

Is a fix planned?

Peronia avatar Jan 24 '24 07:01 Peronia

This is resolved.

IceOfWraith avatar Jul 30 '24 06:07 IceOfWraith