IBM Security Verify

 View Only
Expand all | Collapse all

Configured MFA but at the registration not able to see the qrcode.

  • 1.  Configured MFA but at the registration not able to see the qrcode.

    Posted Tue April 19, 2022 05:01 AM
    QR code is not avilable


    ------------------------------
    shivsantosh patil
    ------------------------------


  • 2.  RE: Configured MFA but at the registration not able to see the qrcode.

    Posted Tue April 19, 2022 06:57 AM
    Shivsantosh,

    You haven't provided much to go on.  How did you configure MMFA? All manually or using wizards?

    My best guess for this issue is that the ACLs have not been set up correctly and so the request from the browser to load the QRcode is being rejected.
    I think these ACLs are set up when you run the MMFA wizard under Reverse Proxy.  Did you do that?

    Maybe use developer tools in the browser to see if you can see request for QRCode being rejected?

    Jon.


    ------------------------------
    Jon Harry
    Senior Technical Sales Enablement Specialist
    Identity and Access Management
    IBM Technology, Worldwide
    ------------------------------



  • 3.  RE: Configured MFA but at the registration not able to see the qrcode.

    Posted Wed April 20, 2022 02:12 AM
    thank you Jon for reply,

    MMFA configured through wizards. 
    yes i will check from the developer tools side and the ACL part also.
    for the configuration i have followed the steps of MMFA guide V10.0.0

    ------------------------------
    shivsantosh patil
    ------------------------------



  • 4.  RE: Configured MFA but at the registration not able to see the qrcode.

    Posted Wed April 20, 2022 04:00 AM
    hello jon,
    I am getting now this oauth error 
    oauth


    ------------------------------
    shivsantosh patil
    ------------------------------



  • 5.  RE: Configured MFA but at the registration not able to see the qrcode.

    Posted Wed April 20, 2022 05:04 AM
    Hi Shivsantosh,

    Again, a bit more information would be helpful - this screenshot doesn't tell us much.

    Is the QRCode issue is resolved?  If so, what fixed that issue?
    When do you see this error?  After scanning QRCode?  What URL is being accessed when this error is returned?

    My best guess is that you've got a typo in the redirect URI associated with your MMFA OAuth client.  The redirect URI includes the client ID and if this is missing or incorrect it could generate the error you're seeing.  This is page 85 in the cookbook:

    https://www.mmfa.ibm.com/mga/sps/mmfa/user/mgmt/html/mmfa/qr_code.html?client_id=AuthenticatorClient 

    Jon.



    ------------------------------
    Jon Harry
    Senior Technical Sales Enablement Specialist
    Identity and Access Management
    IBM Technology, Worldwide
    ------------------------------



  • 6.  RE: Configured MFA but at the registration not able to see the qrcode.

    Posted Wed April 20, 2022 05:26 AM
    hello jon,
    Not able to scan the qr code hence its not coming as described at the starting.
    Please see below the qr code is not displayed.
    error
    Hence i am following the same cookbook.
    But still not getting an QR code.

    After going through the below link the qrcode is being displayed.
    https://hostname/mga/sps/mga/user/mgmt/otp/qr/totp

    But by going with this url got getting an qr code to register device/MFA.
    https://192.168.0.83/mga/sps/mmfa/user/mgmt/html/mmfa/usc/manage.html" title="https://192.168.0.83/mga/sps/mmfa/user/mgmt/html/mmfa/usc/manage.html" href="https://192.168.0.83/mga/sps/mmfa/user/mgmt/html/mmfa/usc/manage.html" rel="noopener noreferrer" target="_blank" style="box-sizing: border-box; background-color: #FFFFFF; outline-style: none; color: #5B5FC7; text-decoration: none; font-family: "Segoe UI", system-ui, "Apple Color Emoji", "Segoe UI Emoji", sans-serif; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-indent: 0; text-transform: none; white-space: normal; widows: 2; word-spacing: 0" tabindex="-1">https://hostname/mga/sps/mmfa/user/mgmt/html/mmfa/usc/manage.html

    Have verified the Authenticator client as per you have suggested and the redirect URI is exactly mentioned in the document.
     
    Accessing below site -
    Gives an error after selecting get started with your mobile device option in the internet explorer.

    The network response on the same issue where qr code is not displayed in firefox shows see below -



    Please help me with this.

    ------------------------------
    shivsantosh patil
    ------------------------------



  • 7.  RE: Configured MFA but at the registration not able to see the qrcode.

    Posted Wed April 20, 2022 10:31 AM
    Hi Shivsantosh,

    Based on the 400 response from the /authorize endpoint, I would guess that although you're sending "AuthenticatorClient" as the client_id, the actual clientID is not set to that value.  Can you check this under the OIDC Client settings? Maybe a screenshot of that LMI page?

    Jon.


    ------------------------------
    Jon Harry
    Senior Technical Sales Enablement Specialist
    Identity and Access Management
    IBM Technology, Worldwide
    ------------------------------



  • 8.  RE: Configured MFA but at the registration not able to see the qrcode.

    Posted Mon April 25, 2022 03:46 AM
    ClientID


    ------------------------------
    shivsantosh patil
    ------------------------------



  • 9.  RE: Configured MFA but at the registration not able to see the qrcode.

    Posted Mon April 25, 2022 06:28 AM
    Shivsantosh,

    From the screenshot I can see that your ClientId isn't "AuthenticatorClient".  It is "q2L8.....".  You need to put this ClientId into the redirect URL instead of AuthenticatorClient.

    Jon.


    ------------------------------
    Jon Harry
    Senior Technical Sales Enablement Specialist
    Identity and Access Management
    IBM Technology, Worldwide
    ------------------------------



  • 10.  RE: Configured MFA but at the registration not able to see the qrcode.

    Posted Mon April 25, 2022 08:04 AM
    thanks jon,
    for helping again
    It worked but now in my IBM verfy app it showing the IO error it shows Oops! something went wrong here. failed to connect to webseal port 443
    please guide.

    Shivsantosh

    ------------------------------
    shivsantosh patil
    ------------------------------



  • 11.  RE: Configured MFA but at the registration not able to see the qrcode.

    Posted Mon April 25, 2022 09:48 AM
    Shivsantosh,

    Where is your WebSEAL running?  Is your mobile device able to connect to it?  This is often a problem if you are running the WebSEAL on a local VM or on an internal network that is not visible from the mobile device.

    You can test connectivity by attempting to connect to the WebSEAL using browser on mobile device.

    Jon.

    ------------------------------
    Jon Harry
    Senior Technical Sales Enablement Specialist
    Identity and Access Management
    IBM Technology, Worldwide
    ------------------------------



  • 12.  RE: Configured MFA but at the registration not able to see the qrcode.

    Posted Tue April 26, 2022 06:07 AM
    MFA

    thanks jon,
    my device is registered but Getting this error


    ------------------------------
    shivsantosh patil
    ------------------------------



  • 13.  RE: Configured MFA but at the registration not able to see the qrcode.

    Posted Tue April 26, 2022 09:51 AM
    Shivsantosh,

    Looks like you're using the default MMFA authentication policy.  This policy is configured to require the username to be passed as a query string when the policy is invoked.  Try adding &username=xxxxx to the trigger call to authsvc.

    If you want to be able to invoke MMFA as the currently logged in user, create a new policy which matches the default but leave the mapping for the username blank (and unchecked).

    Sounds like you're almost there...

    Jon.


    ------------------------------
    Jon Harry
    Senior Technical Sales Enablement Specialist
    Identity and Access Management
    IBM Technology, Worldwide
    ------------------------------



  • 14.  RE: Configured MFA but at the registration not able to see the qrcode.

    Posted Wed April 27, 2022 01:54 AM
    Edited by shivsantosh patil Wed April 27, 2022 05:26 AM
    hi Jon,

    Now after removing the username in the MMFA initiate policy it showing me the mfa page but from my app i am not able to have pending notification. where should i make changes can i re scan the qr code again.

    please guide.


    ------------------------------
    shivsantosh patil
    ------------------------------



  • 15.  RE: Configured MFA but at the registration not able to see the qrcode.

    Posted Wed April 27, 2022 09:55 AM
    Hi Shivsantosh,

    I would guess that the transaction is now pending but you don't have PUSH notifications enabled (that requires integration with a PUSH gateway that you would only do for a production system).

    When you see the MMFA screen in browser, open the Verify mobile app, go into the account page (so you can see the TOTP code) and then press the refresh icon.  That will manually trigger check of pending transactions in the app.

    Jon.

    ------------------------------
    Jon Harry
    Senior Technical Sales Enablement Specialist
    Identity and Access Management
    IBM Technology, Worldwide
    ------------------------------



  • 16.  RE: Configured MFA but at the registration not able to see the qrcode.

    Posted Thu May 05, 2022 06:13 AM
    hi Jon,
    thanks for your help yesterday achieved Push notification successfully.

    Shivsantosh


    ------------------------------
    shivsantosh patil
    ------------------------------