Enrollment of MAILOTP or SMSOTP no longer works after VIP Authentication Hub upgrade
search cancel

Enrollment of MAILOTP or SMSOTP no longer works after VIP Authentication Hub upgrade

book

Article ID: 380979

calendar_today

Updated On:

Products

VIP Authentication Hub

Issue/Introduction


Running VIP Authentication Hub, the enrollment using MAILOTP or SMSOTP doesn't work.

Enrollment is done by calling the Self Service APIs (inline enrollment is disabled).

Enrollment is done by the VIP Authentication Hub WebService through an application.

This happens after upgrading VIP Authentication Hub to the version 3.2.2.

 

Environment


VIP Authentication Hub 3.2.2;
  

Cause


This is a configuration issue.

From the logs, as part of /factor/v1/OTPVerifier call:

-0;-0;Oct 25, 2024 @ 14:13:40.323 ;POST;Temporary Credential ServerOTP Authentication successful for user id <id>, name <name>

This is why the credential is not being saved.

Even with inline enrollment disabled, the setting isInlineOTPEnrollmentToBePersisted needs to be true.

It should be enabled at the "tenant" level, not at the "system global":

{
    "name": "isInlineOTPEnrollmentToBePersisted",
    "value": "true",
    "origin": "tenant"
},

 

Resolution


Set isInlineOTPEnrollmentToBePersisted to true, even with inline enrollment disabled, to solve this issue.

 

Additional Information