Windows Client with Linux Server error

Hello,

I configure multiotp on linux with apache to access web-gui and webservice.
User are created on linux and local authentication is working
./multiotp.php toto 193604
LOG 2015-08-10 23:05:29 notice (user toto) User OK: User toto successfully logged in
0 OK: Token accepted

then I deploy multiotp on windows Server 2008, and configure it as client :
multiotp.exe -config server-secret=MySharedSecret
multiotp.exe -config server-cache-level=1
multiotp.exe -config server-timeout=3
multiotp.exe -config server_url=http://172.16.3.87/ (apache on linux)

Also add following configuration on linux :
./multiotp.php -config server-secret=MySharedSecret
./multiotp.php -config server-cache-level=1
./multiotp.php -config server-cache-lifetime=15552000

When I tried authentication on windows :
.\multiotp.exe -display-log -log -debug toto 752569

I got a error :
Notice: XML Parsing Error at 2:1. Error 4: Not well-formed (invalid token) in D:\Data\projects\multiotp\phc-cli\multiotp
.windows.php on line 19263

Notice: XML Parsing Error at 2:1. Error 4: Not well-formed (invalid token) in D:\Data\projects\multiotp\phc-cli\multiotp
.windows.php on line 19263

LOG 2015-08-10 23:37:01 critical Client-Server Error: Host answers with the following error code: 99 ()

LOG 2015-08-10 23:37:01 warning System Error: database file C:\Program Files\multiotp\users\toto.db for user toto does n
ot exist

Notice: XML Parsing Error at 2:1. Error 4: Not well-formed (invalid token) in D:\Data\projects\multiotp\phc-cli\multiotp
.windows.php on line 19263

LOG 2015-08-10 23:37:01 critical Client-Server Error: Host answers with the following error code: 99 ()
21 ERROR: User doesn't exist

I also notice in multiotp log on linux :
Your script is running from /opt/linux/
2015-08-10 23:37:04     debug           Server-Client   Info: *ReadUserData server request.

Network trace from tcpdump :

Client request :
POST / HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Content-Length: 369
User-Agent: multiOTP
Host: 172.16.3.87
data=%3C%3Fxml+version%3D%221.0%22+encoding%3D%22UTF-8%22%3F%3E%0A%3CmultiOTP+version%3D%224.0%22+xmlns%3D%22http%3A%2F%2Fwww.sysco.ch%2Fnamespaces%2Fmultiotp%22%3E%0A%3CServerChallenge%3EU1NyVjc0EW8FOWonaXFOHVIjcnQvEAgyOns4fE99NjV2ZTUu%

Server response :
HTTP/1.1 200 OK
Date: Mon, 10 Aug 2015 21:41:25 GMT
Server: Apache/2.2.22 (Debian)
X-Powered-By: PHP/5.4.39-0+deb7u2
Expires: Mon, 10 Aug 2015 21:41:25 GMT
Last-Modified: Mon, 10 Aug 2015 21:41:25 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 402
Connection: close
Content-Type: text/html
LOG 2015-08-10 23:41:25 debug Server-Client Info: *CheckUserExists server request.
<?xml version="1.0" encoding="UTF-8"?>
<multiOTP version="4.0" xmlns="http://www.sysco.ch/namespaces/multiotp">
<DebugCode>CheckUserExists</DebugCode>
<ServerPassword>32f8a1bb4062e4d4e9a22ea7d1004bb8</ServerPassword>
<ErrorCode>22</ErrorCode>
<ErrorDescription>ERROR: User already exists</ErrorDescription>
</multiOTP>

POST / HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Content-Length: 363
User-Agent: multiOTP
Host: 172.16.3.87
data=%3C%3Fxml+version%3D%221.0%22+encoding%3D%22UTF-8%22%3F%3E%0A%3CmultiOTP+version%3D%224.0%22+xmlns%3D%22http%3A%2F%2Fwww.sysco.ch%2Fnamespaces%2Fmultiotp%22%3E%0A%3CServerChallenge%3EU1NyVjA2RzQEPj5yaipMEwctL3UmEA5lPHgyL0l9YmkkZTMk%
3C%2FServerChallenge%3E%0A%3CReadUserData%3E%0A++++%3CUserId%3Etoto%3C%2FUserId%3E%0A%3C%2FReadUserData%3E%0A%3C%2FmultiOTP%3E
3C%2FServerChallenge%3E%0A%3CCheckUserExists%3E%0A++++%3CUserId%3Etoto%3C%2FUserId%3E%0A%3C%2FCheckUserExists%3E%0A%3C%2FmultiOTP%3E

Client request :
POST / HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Content-Length: 363
User-Agent: multiOTP
Host: 172.16.3.87
data=%3C%3Fxml+version%3D%221.0%22+encoding%3D%22UTF-8%22%3F%3E%0A%3CmultiOTP+version%3D%224.0%22+xmlns%3D%22http%3A%2F%2Fwww.sysco.ch%2Fnamespaces%2Fmultiotp%22%3E%0A%3CServerChallenge%3EU1NyVjA2RzQEPj5yaipMEwctL3UmEA5lPHgyL0l9YmkkZTMk%
3C%2FServerChallenge%3E%0A%3CReadUserData%3E%0A++++%3CUserId%3Etoto%3C%2FUserId%3E%0A%3C%2FReadUserData%3E%0A%3C%2FmultiOTP%3E

Server response :
HTTP/1.1 200 OK
Date: Mon, 10 Aug 2015 21:41:25 GMT
Server: Apache/2.2.22 (Debian)
X-Powered-By: PHP/5.4.39-0+deb7u2
Expires: Mon, 10 Aug 2015 21:41:25 GMT
Last-Modified: Mon, 10 Aug 2015 21:41:25 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 1253
Connection: close
Content-Type: text/html
LOG 2015-08-10 23:41:25 debug Server-Client Info: *ReadUserData server request.
<?xml version="1.0" encoding="UTF-8"?>
<multiOTP version="4.0" xmlns="http://www.sysco.ch/namespaces/multiotp">
<DebugCode>ReadUserData</DebugCode>
<ServerPassword>c1d9eae32f86b1281f64fa74d7d24845</ServerPassword>
<ErrorCode>19</ErrorCode>
<ErrorDescription>INFO: Requested operation successfully done</ErrorDescription>
            <User UserId="toto">
                <UserData>
...
</UserData>
            </User></multiOTP>

Any idea what this bug is?

Comments

  • More information requested by email directly, the ticket will be enhanced after a response will be received.
  • email send

  • Any ideas ?
  • Tests in progress in ordrer to reproduce the problem...
  • edited April 2016
    I have a similar problem. Both client and server are windows server 2012r2. First one is AD DC, multiotp configured to sync users, everything is ok. Authorizing on server via console is ok - 

    C:\motp>multiotp rager 785807
    LOG 2016-04-18 09:23:22 notice (user rager) User OK: User rager successfully logged in


    trying to log in through client 

    PS C:\motp> ./multiotp.exe -display-log -log -debug rager 141761

    LOG 2016-04-18 09:25:26 warning System Error: database file C:\motp\users\rager.db for user rager does not exist

    LOG 2016-04-18 09:25:27 warning System Error: database file C:\motp\users\rager.db for user rager does not exist

    Notice: XML Parsing Error at 2:1. Error 4: Not well-formed (invalid token) in D:\Data\projects\multiotp\phc-cli\multiotp
    .windows.php on line 19202
    99 ERROR: Authentication failed (and other possible unknown errors)

  • edited April 2016

    However, here is server response, captured with wireshark - 

    ] E@
    o>1KPX-Powered-By: PHP/5.4.15
    Expires: Mon, 18 Apr 2016 07:25:28 GMT
    Last-Modified: Mon, 18 Apr 2016 07:25:28 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Cache-Control: post-check=0, pre-check=0
    Pragma: no-cache
    Content-type: text/html


    LOG 2016-04-18 09:25:28 notice (user rager) User OK: User rager successfully logged in
    <?xml version="1.0" encoding="UTF-8"?>
    <multiOTP version="4.0" xmlns="http://www.sysco.ch/namespaces/multiotp">
    <DebugCode>CheckUserToken</DebugCode>
    <ServerPassword>a9e044004a029d3d8bebbacef09379c3</ServerPassword>
    <ErrorCode>0</ErrorCode>
    <ErrorDescription>OK: Token accepted</ErrorDescription>
            <Cache>
                        <User UserId="rager">
                  ....... (can't post whole response due to message size limitations)

  • Hello,

    Could you please tell me the exact version of multiotp that you are using ?
    (>multiotp -version)

    The XML is well formed, it's probably a bug in the XML parser we use (based on the parser made by Adam A. Flynn).

    Best regards,

    Andre
  • I've tried 4.3.2.6 and 4.3.2.5, same problem

    Now it's:
    PS C:\motp> ./multiotp.exe -version
    multiOTP 4.3.2.6 (2015-07-18)

  • Hello,

    Could you please download this beta version of multiotp.exe and give us the detailed error message ?

    http://download.multiotp.net/beta/4.3.2.2-beta-2/multiotp.exe

    Best regards
  • yep, sure

    PS C:\motp> ./multiotp.exe -display-log -log -debug rager 519738

    LOG 2016-04-18 14:18:16 warning System Error: database file C:\motp\users\rager.db for user rager does not exist

    LOG 2016-04-18 14:18:17 warning System Error: database file C:\motp\users\rager.db for user rager does not exist

    Notice: XML Parsing Error at 2:1 (byte index: 1). Error 4: Not well-formed (invalid token) check sample which starts at
    position 0: html encoded:
    LOG 2016-04-18 14:18:18 notice (user rager) User OK: User rager successfully lo (hex: 0a4c4f4720323031362d30342d31382031
    343a31383a3138206e6f74696365202875736572207261676572292055736572204f4b3a2055736572207261676572207375636365737366756c6c79
    206c6f, raw:
    LOG 2016-04-18 14:18:18 notice (user rager) User OK: User rager successfully lo) in D:\Data\projects\multiotp\phc-cli\multiotp.windows.php on line 19655
    99 ERROR: Authentication failed (and other possible unknown errors)
  • Ok, I think I have it :-) !

    The display_log flag is probably still actived in the configuration of your server !

    Please put display_log=0 in your multiotp.ini on the server side and try it again !

    Best regards,

    Andre
  • Yeah, you are right, display_log was set to 1, switching to 0 worked perfectly!
    I'm really appreciated for your fast help resolving my issue. Great work!
  • Thanks, you should even be able to find a link somewhere to our donation button if you want :-)

    In the next release, the "server" component will ignore the display_log parameter.

    Best regards, and thanks again for your valuable feedback in order to improve our library.

    Andre
This discussion has been closed.