Yubico Forum :: View topic - Inserting yubikeys into MySQL db used by yubikey-server-j

t=2009-06-04T09:20:22Z0022
status=BAD_OTP
h=Da7CDoffvd1g1Q0sHPYKohh5C8c=

mysql> alter table yubikeys add column sessionUse varchar(60);

insert into yubikeys (client_id, tokenId, secret, created, accessed) VALUES ('1', 'Q0ZqMCld','QyJpOFR7aj9abS87NnBkcg==',now(),now());

mysql> select * from clients;
+----+---------+--------+---------------------+-----------------+------------------------------+
| id | perm_id | active | created | email | secret |
+----+---------+--------+---------------------+-----------------+------------------------------+
| 1 | 1 | 1 | 1970-01-01 00:00:00 | root@my_org.com | TWIWuqIJKVWhXPbVuxEiHv5GSA0= |
+----+---------+--------+---------------------+-----------------+------------------------------+

http://<Tomcat server IP address>:8080/wsapi/verify?id=1&otp=fefhhlecdkgtildhhnuhugittrrdrinrjlkvegbeulji

h=OaWfWk3ZtmpxAxxV23D2ecmbrNw=
t=2009-03-04T15:30:37Z0064
status=OK

mysql> select * from yubikeys;
+----+-----------+--------+---------------------+---------------------+----------+--------+--------------------------+---------+-------+------+----------------+----------+------------+
| id | client_id | active | created | accessed | tokenId | userId | secret | counter | low | high | notes | serial | sessionUse |
+----+-----------+--------+---------------------+---------------------+----------+--------+--------------------------+---------+-------+------+----------------+----------+------------+
| 1 | 1 | 1 | 2009-06-04 12:49:02 | 2009-06-04 23:19:29 | Q0ZqMCld | 1 | QyJpOFR7aj9abS87NnBkcg== | 9 | 27302 | 152 | Root admin key | 00001001 | 27 |
| 4 | 4 | 1 | 2007-10-03 16:11:50 | 2009-06-04 22:58:58 | KkQ5Rydv | joo | KkQ5RydvWkxVOXhwJHM0Jg== | 6 | 12527 | 243 | ghost | 00001002 | 6 |
+----+-----------+--------+---------------------+---------------------+----------+--------+--------------------------+---------+-------+------+----------------+----------+------------+
2 rows in set (0.00 sec)

Author:	masa [ Thu Jun 04, 2009 7:46 am ]
Post subject:	Inserting yubikeys into MySQL db used by yubikey-server-j
Hello, I'm trying to install own yubikey-server-j. Tomcat is up and running and I can try validation at: http://localhost:8080/wsapi/verify?id=1&otp=[OTP HERE] The problem is that every time it only responds something like: Code: t=2009-06-04T09:20:22Z0022 status=BAD_OTP h=Da7CDoffvd1g1Q0sHPYKohh5C8c= For testing I have reprogrammed one yubikey using Yubico Configuration Utility. The reprogrammed yubikey which I'm using for testing has the following details: Yubikey ID: 43466a30295d Yubico AES key: 43226938547b6a3f5a6d2f3b36706472 I have used the following MySQL query to insert that yubikeys' details into database (yubikeys table): INSERT INTO yubikeys (client_id, tokenId, secret, created, accessed) VALUES('1', 'NDM0NjZhMzAyOTVk','NDMyMjY5Mzg1NDdiNmEzZjVhNmQyZjNiMzY3MDY0NzI=','now()','now()'); I'm not sure if those values are correct or not? I also need to know what to insert into clients table. I think that the "BAD_OTP" is caused by some bad values in the yubikeys insert, possible wrong encoded values or some other things. So I need detailed explanation what to insert in those "yubikeys" and "clients" tables to get validation working. Thank you in advance!

Author:	network-marvels [ Thu Jun 04, 2009 12:05 pm ]
Post subject:	Re: Inserting yubikeys into MySQL db used by yubikey-server-j
We downloaded and installed the latest Java validation server in our test environment. We have performed the following steps: 1) We downloaded the latest Yubico Java validation server source code from the following link: http://code.google.com/p/yubikey-server ... e/checkout We complied the source code using "ant" and placed it into the "webapps" directory of Tomcat and restarted the "tomcatd" demon. 2) We created the Yubico database using the database schema available at the following link: yubico-val-server/db.htm The database schema is incomplete and we had to create an extra column called "sessionUse" using the following SQL command: Code: mysql> alter table yubikeys add column sessionUse varchar(60); 3) We programmed a YubiKey using the YubiKey ID and AES Key mentioned in the above forum post. The programmed YubiKey is now emitting the following OTP: fefhhlecdkgtrkbhcckiucjdccfturhfrhrgfgnghhve fefhhlecdkgtcegkcfflhjthefrijrhkiltcjulrruvu 4) We populated the database using the following insert command: Code: insert into yubikeys (client_id, tokenId, secret, created, accessed) VALUES ('1', 'Q0ZqMCld','QyJpOFR7aj9abS87NnBkcg==',now(),now()); Please note that we need to convert the hex encoded YubiKey ID and AES key into Base64 encoded format before inserting into the Yubico database. The database schema already populated the clients table as follows: Code: mysql> select * from clients; +----+---------+--------+---------------------+-----------------+------------------------------+ \| id \| perm_id \| active \| created \| email \| secret \| +----+---------+--------+---------------------+-----------------+------------------------------+ \| 1 \| 1 \| 1 \| 1970-01-01 00:00:00 \| root@my_org.com \| TWIWuqIJKVWhXPbVuxEiHv5GSA0= \| +----+---------+--------+---------------------+-----------------+------------------------------+ 5) We then restarted the "tomcatd" demon and tested the OTP validation using the following URL: Code: http://<Tomcat server IP address>:8080/wsapi/verify?id=1&otp=fefhhlecdkgtildhhnuhugittrrdrinrjlkvegbeulji and received the following result: Code: h=OaWfWk3ZtmpxAxxV23D2ecmbrNw= t=2009-03-04T15:30:37Z0064 status=OK We hope that after following the steps given above you will be able to successfully validate the OTP. If you are facing any further issues, please post those issues along with your Yubico database dump and the "catalina.out" log file.

Author:	masa [ Fri Jun 05, 2009 6:43 am ]
Post subject:	Re: Inserting yubikeys into MySQL db used by yubikey-server-j
Thank you for the detailed answer! Basically Tomcat is now working, but there are still some problems. The biggest one is that the Tomcat seems to accept valid OTP input with any (existing) id with it. I mean that if I first try: http://localhost:8080/wsapi/verify?id=1 ... jicuketgnt And the answer is "status=OK". After that I try: http://localhost:8080/wsapi/verify?id=4 ... jicuketgnt And will get answer "status=RELAYED_OTP". Notice that id change 1 -> 4. If I get new otp from yubikey and try to use it with id 4 I will get "status=OK"! Below is output from my yubikeys table: Code: mysql> select * from yubikeys; +----+-----------+--------+---------------------+---------------------+----------+--------+--------------------------+---------+-------+------+----------------+----------+------------+ \| id \| client_id \| active \| created \| accessed \| tokenId \| userId \| secret \| counter \| low \| high \| notes \| serial \| sessionUse \| +----+-----------+--------+---------------------+---------------------+----------+--------+--------------------------+---------+-------+------+----------------+----------+------------+ \| 1 \| 1 \| 1 \| 2009-06-04 12:49:02 \| 2009-06-04 23:19:29 \| Q0ZqMCld \| 1 \| QyJpOFR7aj9abS87NnBkcg== \| 9 \| 27302 \| 152 \| Root admin key \| 00001001 \| 27 \| \| 4 \| 4 \| 1 \| 2007-10-03 16:11:50 \| 2009-06-04 22:58:58 \| KkQ5Rydv \| joo \| KkQ5RydvWkxVOXhwJHM0Jg== \| 6 \| 12527 \| 243 \| ghost \| 00001002 \| 6 \| +----+-----------+--------+---------------------+---------------------+----------+--------+--------------------------+---------+-------+------+----------------+----------+------------+ 2 rows in set (0.00 sec)

Yubico Forum https://forum.yubico.com/

Inserting yubikeys into MySQL db used by yubikey-server-j https://forum.yubico.com/viewtopic.php?f=5&t=331	Page 1 of 1

Page 1 of 1	All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/