Trouble with MFA - admin login and synchronization time offset

During creating a new local xg user with 2fa/mfa activated we ran into the situation that the ceration of NEW users with mfa didn't work anymore.

Setup: SFOS19.0.2 on a xgs2100 cluster (a/p)


The steps:

  1. I've created a local user adminxyz with administrative rights
  2. logged in with adminxyz into userportal to get mfa code - worked fine, qr-code is displayed
  3. checked the mfa with logging in as adminxyz into userportal - worked fine
  4. tried to login to the admin-portal - "wrong credentials", tried it ~ 10 times.
  5. Rechecked user-portal login - worked fine
  6. Switched HA active node to other node - no change
  7. Tried another administrative account, that was created earlier - worked fine
  8. Did the "mfa-check" with synchronize token time offset button at authentication > mfa > Issued tokens
    1. Answer 1 - red box "OTP token synchonization: timeoffset could not be determined
    2. Answer 2 - time offset of -200650000 (or so - ridiculous big number) 
  9. Did the same check with an existing and still working adminaccount with mfa
    1. login worked
    2. check didn't
  10. Checked time - perfect in sync, ntp synchronized

Checked even the access_server.log - nothing obvious wrong.

In the moment we're stuck with that xgs, because we couldn't create anymore users with mfa.

Anybody with ideas ?

Regards !

Parents Reply Children
No Data