Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 3:02 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Thu Jun 04, 2009 7:46 am 
Offline

Joined: Thu Jun 04, 2009 7:22 am
Posts: 2
Hello,

I'm trying to install own yubikey-server-j. Tomcat is up and running and I can try validation at:

http://localhost:8080/wsapi/verify?id=1&otp=[OTP HERE]

The problem is that every time it only responds something like:

Code:
t=2009-06-04T09:20:22Z0022
status=BAD_OTP
h=Da7CDoffvd1g1Q0sHPYKohh5C8c=


For testing I have reprogrammed one yubikey using Yubico Configuration Utility.

The reprogrammed yubikey which I'm using for testing has the following details:

Yubikey ID: 43466a30295d
Yubico AES key: 43226938547b6a3f5a6d2f3b36706472

I have used the following MySQL query to insert that yubikeys' details into database (yubikeys table):

INSERT INTO yubikeys (client_id, tokenId, secret, created, accessed)
VALUES('1', 'NDM0NjZhMzAyOTVk','NDMyMjY5Mzg1NDdiNmEzZjVhNmQyZjNiMzY3MDY0NzI=','now()','now()');

I'm not sure if those values are correct or not?

I also need to know what to insert into clients table.

I think that the "BAD_OTP" is caused by some bad values in the yubikeys insert, possible wrong encoded values or some other things. So I need detailed explanation what to insert in those "yubikeys" and "clients" tables to get validation working.

Thank you in advance!


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Thu Jun 04, 2009 12:05 pm 
Offline
Yubico Team
Yubico Team

Joined: Wed Oct 01, 2008 8:11 am
Posts: 210
We downloaded and installed the latest Java validation server in our test environment.
We have performed the following steps:

    1) We downloaded the latest Yubico Java validation server source code from the following link:

    http://code.google.com/p/yubikey-server ... e/checkout

    We complied the source code using "ant" and placed it into the "webapps" directory of Tomcat and restarted the "tomcatd" demon.

    2) We created the Yubico database using the database schema available at the following link:

    yubico-val-server/db.htm

    The database schema is incomplete and we had to create an extra column called "sessionUse" using the following SQL command:
    Code:
    mysql> alter table yubikeys add column sessionUse varchar(60);

    3) We programmed a YubiKey using the YubiKey ID and AES Key mentioned in the above forum post. The programmed YubiKey is now emitting the following OTP:

    fefhhlecdkgtrkbhcckiucjdccfturhfrhrgfgnghhve
    fefhhlecdkgtcegkcfflhjthefrijrhkiltcjulrruvu

    4) We populated the database using the following insert command:
    Code:
    insert into  yubikeys (client_id, tokenId, secret, created, accessed) VALUES ('1', 'Q0ZqMCld','QyJpOFR7aj9abS87NnBkcg==',now(),now());

    Please note that we need to convert the hex encoded YubiKey ID and AES key into Base64 encoded format before inserting into the Yubico database.

    The database schema already populated the clients table as follows:
    Code:
    mysql> select * from clients;
    +----+---------+--------+---------------------+-----------------+------------------------------+
    | id | perm_id | active | created             | email           | secret                       |
    +----+---------+--------+---------------------+-----------------+------------------------------+
    |  1 |       1 |      1 | 1970-01-01 00:00:00 | root@my_org.com | TWIWuqIJKVWhXPbVuxEiHv5GSA0= |
    +----+---------+--------+---------------------+-----------------+------------------------------+

    5) We then restarted the "tomcatd" demon and tested the OTP validation using the following URL:
    Code:
    http://<Tomcat server IP address>:8080/wsapi/verify?id=1&otp=fefhhlecdkgtildhhnuhugittrrdrinrjlkvegbeulji

    and received the following result:
    Code:
    h=OaWfWk3ZtmpxAxxV23D2ecmbrNw=
    t=2009-03-04T15:30:37Z0064
    status=OK

We hope that after following the steps given above you will be able to successfully validate the OTP. If you are facing any further issues, please post those issues along with your Yubico database dump and the "catalina.out" log file.


Top
 Profile  
Reply with quote  
PostPosted: Fri Jun 05, 2009 6:43 am 
Offline

Joined: Thu Jun 04, 2009 7:22 am
Posts: 2
Thank you for the detailed answer!

Basically Tomcat is now working, but there are still some problems. The biggest one is that the Tomcat seems to accept valid OTP input with any (existing) id with it.

I mean that if I first try:

http://localhost:8080/wsapi/verify?id=1 ... jicuketgnt

And the answer is "status=OK". After that I try:

http://localhost:8080/wsapi/verify?id=4 ... jicuketgnt

And will get answer "status=RELAYED_OTP". Notice that id change 1 -> 4. If I get new otp from yubikey and try to use it with id 4 I will get "status=OK"!

Below is output from my yubikeys table:

Code:
mysql> select * from yubikeys;
+----+-----------+--------+---------------------+---------------------+----------+--------+--------------------------+---------+-------+------+----------------+----------+------------+
| id | client_id | active | created             | accessed            | tokenId  | userId | secret                   | counter | low   | high | notes          | serial   | sessionUse |
+----+-----------+--------+---------------------+---------------------+----------+--------+--------------------------+---------+-------+------+----------------+----------+------------+
|  1 |         1 |      1 | 2009-06-04 12:49:02 | 2009-06-04 23:19:29 | Q0ZqMCld | 1      | QyJpOFR7aj9abS87NnBkcg== |       9 | 27302 |  152 | Root admin key | 00001001 |         27 |
|  4 |         4 |      1 | 2007-10-03 16:11:50 | 2009-06-04 22:58:58 | KkQ5Rydv | joo    | KkQ5RydvWkxVOXhwJHM0Jg== |       6 | 12527 |  243 | ghost          | 00001002 |          6 |
+----+-----------+--------+---------------------+---------------------+----------+--------+--------------------------+---------+-------+------+----------------+----------+------------+
2 rows in set (0.00 sec)


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group