I have a TOTP journey configured (and working) for users to register, get recovery codes, etc. and everything works with Forgerock authenticator, open otp, and browser extension authenticator. But, 2 things are happenng / having issues.
Microsoft authenticator (scanning QR code / adds account) cannot verify the token that is displayed in the app. Though, do see the device registered for the user so know is being registered, just can’t verify the code.
Google authenticator will not allow me to scan the QR code / add to Google.
Once I had done the
Enter a new value in the Minimum Secret Key Length field that avoids padding; choosing a value of 40 should typically work.
I was successful and why this KB was written
Thanks for the information. I can now at least scan / register in the google authenticator app, but post the recovery code screen on verification it is still failing to validate the token. This is for both google and microsoft authenticator at this point. Anything else you had to do to get this working?
To recap, there were a couple of issues, one around QR scanning and the other where Microsoft Authenticator could not verify the token displayed on the app.
Both issues have been identified and resolved by introducing a lower HASH Algorithm and the KB article Knowledge - ForgeRock BackStage by setting the Minimum Secret Key Length = 40