Skip to main content

Trouble Provisioning Windows OTP Client v1.0

Introduction

When provisioning the SecureAuth OTP Windows Desktop Client Application (version 1), an error may appear after the user has completed the Multi-Factor Authentication process.

This is a known issue that first appeared in SecureAuth IdP Version 8.1.

Applies to

SecureAuth OTP Windows Desktop Client Application (version 1) running on

SecureAuth IdP Version

OS Version

8.1+

  • Windows Server 2008

  • Windows Server 2008 R2

  • Windows Server 2012

  • Windows Server 2012 R2

Recommendation

SecureAuth recommends upgrading to SecureAuth Passcode for Windows App (version 2)

Notice

The app is available from the SecureAuth Client Applications downloads page

If end-users are unable to update the app, apply the workaround steps

Workaround for Windows OTP Client Application (version 1)

To work around the issue with Windows OTP Client provisioning, a change must be made to the OATH Provisioning Realm (e.g. SecureAuth998) web.config file

Warning

The instructions below require the admin to change settings in the web.config file for the OATH Provisioning Realm. SecureAuth strongly encourages making a minimum backup of the SecureAuth IdP environment with the SecureAuth Backup Tool. This option archives all of the web.config files, providing the ability to restore the previous settings should a problem occur with the changes.

System Info

43976048.png

1. Log into the SecureAuth IdP Web Admin, and on the OATH Provisioning Realm (e.g. SecureAuth998), select the System Info tab

2. In the Links section, select Click to edit Web Config file

Web Config Editor

3. Search for (CTRL + F / CMD + F) <httpCookies httpOnlyCookies="true" requireSSL="true" />

4. Update the line to <httpCookies httpOnlyCookies="false" requireSSL="true" />

Warning

Click Save once the configuration is complete and before leaving the Web Config Editor page to avoid losing changes

Additional Steps

Under certain conditions, the provisioning process may still encounter an error even after the above changes have been made to the OATH Provisioning Realm's web.config file. To correct the issue, delete the profile information associated with the application.

Notice

Administrator rights on the workstation are required to complete the following steps

43976047.png

1. Ensure the Windows SecureAuth OTP Client Application is not running

2. Locate the user's AppData folder (C:\Users\<username>\AppData\Local)

3. Delete the SecureAuthOTP directory

4. Restart the Windows SecureAuth OTP Client Application and attempt the provisioning process once more