Webtop ver 5.4.1 - Setup of Google 2FA fails


(Mark Albrecht) #1

Is anyone else been having issues with setup of Google OTP security? I have tested with a few user accounts with the same result. I receive at stage 3 of 4 in the OTP setup “Error in ManageOTP”

Notes -
Webtop ver 5.4.1
Email OTP is working fine.
I have checked the system time is correct.

Thank you in advance for any help…

webtop.log of the error:

2018-11-08 05:11:57 [ERROR] com.sonicle.webtop.core.Service - Error in ManageOTP
com.sonicle.webtop.core.sdk.WTException: Invalid code
at com.sonicle.webtop.core.Service.processManageOTP(Service.java:1137)
at sun.reflect.GeneratedMethodAccessor286.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.sonicle.webtop.core.app.servlet.BaseRequest.invokeMethod(BaseRequest.java:109)
at com.sonicle.webtop.core.app.servlet.PrivateRequest.processRequest(PrivateRequest.java:85)
at com.sonicle.webtop.core.app.servlet.PrivateRequest.doPost(PrivateRequest.java:116)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
at com.sonicle.webtop.core.app.shiro.filter.GZip.doFilterInternal(GZip.java:60)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:683)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1770)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1729)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)


(Michael Träumner) #2

@webtop_team @support_team Can somebody help here?


(Markus Neuberger) #3

I tried to reproduce but it’s working. I used Google Authenticator on an Android mobile device.

I saw the code changes after webmin user/password login so maybe you were too fast with entering and entered a wrong one?

My webtop config to compare, maybe the error is about DefaultTimezone? EDIT: no, it’s not, I changed the timezone and it still works.

[root@server2 ~]# config show webtop
webtop=configuration
    ActiveSync=disabled
    ActiveSyncLog=LOGLEVEL_ERROR
    DavServerLog=ERROR
    DavServerUrl=
    Debug=false
    DefaultLocale=en_US
    DefaultTimezone=Etc/UTC
    DefaultToolbarIconsSize=medium
    MaxMemory=1024
    MinMemory=512
    PbxProvider=
    PbxProviderNethvoiceWebrestUrl=
    PublicUrl=
    RemoteCalendarAutosync=enabled
    RemoteCalendarAutosyncOnlywhenonline=disabled
    RemoteCategoryAutosync=enabled
    RemoteCategoryAutosyncOnlywhenonline=disabled
    SmtpAuth=disabled
    SmtpStarttls=disabled

(Luca Gasparini) #4

Also I’ve just tried to replicate the problem but 2-factor authentication is working with Google Auth :thinking:


(Uwe) #5

Here also. No problems via email and google auth.

Regards

Uwe


(Giacomo Sanchietti) #6

Please make sure your server has correct date and time, since 2FA uses also time synchronization to validate the token.


(Mark Albrecht) #7

I suspected I might have a local issue.

RE “I saw the code changes after webmin user/password login so maybe you were too fast with entering and entered a wrong one?” I suspected the same as well, so before I posted I had tried grabbing the very first code and then then secondary codes…

My Config is the same as yours and I have been testing with Android here as well with a few different software packages.

I think my next step I would like to try is to default Webtop, I have been looking for documentation to do this but I have been unable to find any so far, do you know if there is any documentation on how to backup Webtop, default Webtop and do a Webtop restore?

Thanks Markus


(Mark Albrecht) #8

Thank you for confirming.

I think my next step I would like to try is to default Webtop, I have been looking for documentation to do this but I have been unable to find any so far, do you know if there is any documentation on how to backup Webtop, default Webtop and do a Webtop restore?

Thank you Luca


(Mark Albrecht) #9

Thank you for confirming.

I think my next step I would like to try is to default Webtop, I have been looking for documentation to do this but I have been unable to find any so far, do you know if there is any documentation on how to backup Webtop, default Webtop and do a Webtop restore?

Thank you Uwe


(Mark Albrecht) #10

I have checked the Server time and is correct with our time zone.

I think my next step I would like to try is to default Webtop, I have been looking for documentation to do this but I have been unable to find any so far, do you know if there is any documentation on how to backup Webtop, default Webtop and do a Webtop restore?

Thank you Giacome


(Giacomo Sanchietti) #11

There is no specific documentation about webtop backup and restore, you need to do a full backup/restore.
Otherwise you should take a look at the code. I can’t tell myself what are all the needed steps without digging a bit, but the procedure should be something like:

  • execute pre-backup-data action for webtop
  • stop the tomcat instance, destroy the database
  • restore the database
  • restart the tomcat instance

(gabriele_bulfon) #12

backup and restore of the database is ok, you may also want to backup all folders under the webtop home (where mailcards and cloud files are stored, can’t remember now where it is in NS7, it’s specified in settings).


(Luca Gasparini) #13

The path where all other data on Nethserver is saved is this:

/var/lib/nethserver/webtop/domains/NethServer/

(Mark Albrecht) #14

Hi all,

An update,

I ran up a new Neth server - Setup new VM > completed new clean install of Neth > updated Neth > Installed Webtop (and some other packages) > Setup Active Directory > Setup User Account > Setup OTP > Google Authenticator

Time on Neth is correct. We are in Sydney Time Zone which has Daylight savings at the moment. Maybe an issue?

Received the same error.

2018-11-15 13:38:36 [ERROR] com.sonicle.webtop.core.Service - Error in ManageOTP
com.sonicle.webtop.core.sdk.WTException: Invalid code
at com.sonicle.webtop.core.Service.processManageOTP(Service.java:1137)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.sonicle.webtop.core.app.servlet.BaseRequest.invokeMethod(BaseRequest.java:109)
at com.sonicle.webtop.core.app.servlet.PrivateRequest.processRequest(PrivateRequest.java:85)
at com.sonicle.webtop.core.app.servlet.PrivateRequest.doPost(PrivateRequest.java:116)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
at com.sonicle.webtop.core.app.shiro.filter.GZip.doFilterInternal(GZip.java:60)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:683)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1770)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1729)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)