Yubico Forum ...visit our web-store at 2009-06-05T06:43:23+01:00 https://forum.yubico.com/feed.php?f=5&t=331 2009-06-05T06:43:23+01:00 2009-06-05T06:43:23+01:00 https://forum.yubico.com/viewtopic.php?t=331&p=1489#p1489 <![CDATA[Re: Inserting yubikeys into MySQL db used by yubikey-server-j]]>
Basically Tomcat is now working, but there are still some problems. The biggest one is that the Tomcat seems to accept valid OTP input with any (existing) id with it.

I mean that if I first try:

http://localhost:8080/wsapi/verify?id=1 ... jicuketgnt

And the answer is "status=OK". After that I try:

http://localhost:8080/wsapi/verify?id=4 ... jicuketgnt

And will get answer "status=RELAYED_OTP". Notice that id change 1 -> 4. If I get new otp from yubikey and try to use it with id 4 I will get "status=OK"!

Below is output from my yubikeys table:

Code:
mysql> select * from yubikeys;
+----+-----------+--------+---------------------+---------------------+----------+--------+--------------------------+---------+-------+------+----------------+----------+------------+
| id | client_id | active | created             | accessed            | tokenId  | userId | secret                   | counter | low   | high | notes          | serial   | sessionUse |
+----+-----------+--------+---------------------+---------------------+----------+--------+--------------------------+---------+-------+------+----------------+----------+------------+
|  1 |         1 |      1 | 2009-06-04 12:49:02 | 2009-06-04 23:19:29 | Q0ZqMCld | 1      | QyJpOFR7aj9abS87NnBkcg== |       9 | 27302 |  152 | Root admin key | 00001001 |         27 |
|  4 |         4 |      1 | 2007-10-03 16:11:50 | 2009-06-04 22:58:58 | KkQ5Rydv | joo    | KkQ5RydvWkxVOXhwJHM0Jg== |       6 | 12527 |  243 | ghost          | 00001002 |          6 |
+----+-----------+--------+---------------------+---------------------+----------+--------+--------------------------+---------+-------+------+----------------+----------+------------+
2 rows in set (0.00 sec)

Statistics: Posted by masa — Fri Jun 05, 2009 6:43 am

]]> 2009-06-04T12:05:36+01:00 2009-06-04T12:05:36+01:00 https://forum.yubico.com/viewtopic.php?t=331&p=1487#p1487 <![CDATA[Re: Inserting yubikeys into MySQL db used by yubikey-server-j]]> We have performed the following steps:

    1) We downloaded the latest Yubico Java validation server source code from the following link:

    http://code.google.com/p/yubikey-server ... e/checkout

    We complied the source code using "ant" and placed it into the "webapps" directory of Tomcat and restarted the "tomcatd" demon.

    2) We created the Yubico database using the database schema available at the following link:

    yubico-val-server/db.htm

    The database schema is incomplete and we had to create an extra column called "sessionUse" using the following SQL command:
    Code:
    mysql> alter table yubikeys add column sessionUse varchar(60);

    3) We programmed a YubiKey using the YubiKey ID and AES Key mentioned in the above forum post. The programmed YubiKey is now emitting the following OTP:

    fefhhlecdkgtrkbhcckiucjdccfturhfrhrgfgnghhve
    fefhhlecdkgtcegkcfflhjthefrijrhkiltcjulrruvu

    4) We populated the database using the following insert command:
    Code:
    insert into  yubikeys (client_id, tokenId, secret, created, accessed) VALUES ('1', 'Q0ZqMCld','QyJpOFR7aj9abS87NnBkcg==',now(),now());

    Please note that we need to convert the hex encoded YubiKey ID and AES key into Base64 encoded format before inserting into the Yubico database.

    The database schema already populated the clients table as follows:
    Code:
    mysql> select * from clients;
    +----+---------+--------+---------------------+-----------------+------------------------------+
    | id | perm_id | active | created             | email           | secret                       |
    +----+---------+--------+---------------------+-----------------+------------------------------+
    |  1 |       1 |      1 | 1970-01-01 00:00:00 | root@my_org.com | TWIWuqIJKVWhXPbVuxEiHv5GSA0= |
    +----+---------+--------+---------------------+-----------------+------------------------------+

    5) We then restarted the "tomcatd" demon and tested the OTP validation using the following URL:
    Code:
    http://<Tomcat server IP address>:8080/wsapi/verify?id=1&otp=fefhhlecdkgtildhhnuhugittrrdrinrjlkvegbeulji

    and received the following result:
    Code:
    h=OaWfWk3ZtmpxAxxV23D2ecmbrNw=
    t=2009-03-04T15:30:37Z0064
    status=OK

We hope that after following the steps given above you will be able to successfully validate the OTP. If you are facing any further issues, please post those issues along with your Yubico database dump and the "catalina.out" log file.

Statistics: Posted by network-marvels — Thu Jun 04, 2009 12:05 pm

]]> 2009-06-04T07:46:30+01:00 2009-06-04T07:46:30+01:00 https://forum.yubico.com/viewtopic.php?t=331&p=1485#p1485 <![CDATA[Inserting yubikeys into MySQL db used by yubikey-server-j]]>
I'm trying to install own yubikey-server-j. Tomcat is up and running and I can try validation at:

http://localhost:8080/wsapi/verify?id=1&otp=[OTP HERE]

The problem is that every time it only responds something like:

Code:
t=2009-06-04T09:20:22Z0022
status=BAD_OTP
h=Da7CDoffvd1g1Q0sHPYKohh5C8c=


For testing I have reprogrammed one yubikey using Yubico Configuration Utility.

The reprogrammed yubikey which I'm using for testing has the following details:

Yubikey ID: 43466a30295d
Yubico AES key: 43226938547b6a3f5a6d2f3b36706472

I have used the following MySQL query to insert that yubikeys' details into database (yubikeys table):

INSERT INTO yubikeys (client_id, tokenId, secret, created, accessed)
VALUES('1', 'NDM0NjZhMzAyOTVk','NDMyMjY5Mzg1NDdiNmEzZjVhNmQyZjNiMzY3MDY0NzI=','now()','now()');

I'm not sure if those values are correct or not?

I also need to know what to insert into clients table.

I think that the "BAD_OTP" is caused by some bad values in the yubikeys insert, possible wrong encoded values or some other things. So I need detailed explanation what to insert in those "yubikeys" and "clients" tables to get validation working.

Thank you in advance!

Statistics: Posted by masa — Thu Jun 04, 2009 7:46 am

]]>