Open masterdot opened 4 months ago
2021.8.5 is more than 2 years old. I recommend you upgrade.
@rissson Nah, that's just the version that authentik's owner added as an example for bug issues. Seems he/she didn't changed it.
uhh, sorry!
i was on the wrong device for details :)
In every instance I've seen this, the issue is with the time sync on either the device generating the token, or on the server itself. If youve confirmed your NTP settings on the server, the next step would be to validate the device you're using - if its already set to sync via cell tower, manually set it (entering it to the second) on the device (or vice versa).
Alternatively, you could increase the systems "accepted skew range" (e.g. allow for further out of sync devices), but this makes it a bit less secure as there are then more acceptable tokens at any given point in time.
I do use several methods and none did work at first try. Maybe i missed a config option for syncing? Telling the docker maybe something? Its total and the web author also. I think it must be something within authentik...
If this was working previously and is not now (or if it works intermittently), it's unlikely to be a config issue with the container - instead you'll want to look at the hypervisor and device which is generating the TOTP tokens to ensure both are showing accurate (and regularly synced to avoid skew) time.
It did never work with this system... But the TOTP devices work everywhere else without problems.
This is probably another case of #5972, see the solution https://github.com/goauthentik/authentik/issues/5972#issuecomment-1960047300
(the default authentication flow has a bug)
Yes, that did fix it. I did remove the second validation and now it works. aweful bug, if its ok to say that. did take a LOT of time to spot and fix...
Describe your question/ my install does some weired things with 2fa. It looks to me like the token generation is out of sync. I enten the totp code, nothing happens. Enter same a second to error, wait for new generated token and then its working. Same with webauthn as 2fa.
Relevant info Screenshots
https://github.com/goauthentik/authentik/assets/493105/087d8d23-c602-4b98-b46d-50ece299a86f
If applicable, add screenshots to help explain your problem.
Logs Output of docker-compose logs or kubectl logs respectively
Version and Deployment (please complete the following information):
Additional context this is the output of timedatectl
System clock synchronized: yes NTP service: active RTC in local TZ: no
So everything seems to be setup up correctly...