Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

OTP Issues with several users

Hello,

sice some days we have the problem that with some users (will be more and more) OTP auth is failing:

-> oath_totp_validate() failed for tokenid xxxxxxxxxxxxxxxxxxxxxx with error The OTP is not valid

- OTP was working fine all the time before issues
- the users and the firewall have correct time and date
- when checking time offset the offset is too big to displayed or extreme high
- the problem exist with old Sophos Authenticator app and Microsoft Authenticator on iOS 17.6
- the problem seems not to depend on App or Phone (other OTP codes are working on the same phone/app)

When delete and autocreate new tokens for the users it will work again.

Anybody has an idea what's going on? Bug?
Is there any reason (a working) OTP is not working anymore someday?



Edited TAGs
[edited by: Erick Jan at 10:13 AM (GMT -7) on 5 Aug 2024]
Parents
  • Just curious whether you came to a resolution on this issue? We've recently begun seeing the same issue at a site. Random users starting to see OTP auth failures. Resetting their token and getting user to re-add to MS authenticator solves the issue right away. If you check the time offset for the affected user, it returns an odd and unlikely time offset of some -796 seconds, although their mobile device and the firewall have matching date/time.

    Did this issue ever make it to a published KIL?

Reply
  • Just curious whether you came to a resolution on this issue? We've recently begun seeing the same issue at a site. Random users starting to see OTP auth failures. Resetting their token and getting user to re-add to MS authenticator solves the issue right away. If you check the time offset for the affected user, it returns an odd and unlikely time offset of some -796 seconds, although their mobile device and the firewall have matching date/time.

    Did this issue ever make it to a published KIL?

Children