Universal TOTP login error external location

Question

We are trying to start using MFA for our Universal environment and configured a user with login verification "Password and TOTP token”.

When we are on our LAN, the login into the Universal GUI is working as expected and after login on the main login-screen the user is automatically forwarded to https://{base_url}/indicium/account/ui/totp/login

When at an external location the Universal GUI is working without TOTP, but when trying to login with a user with TOTP configured we get an "An unknown error occured” when he should be forwarded to the totp-redirect location.

In the indicium log there is no error mentioned.

So what can be the issue in here ? Maybe on our firewall/WAF ? IIS ? Or something else ?

Nathan · Answer

​Hi@C. Lousberg,The internal success of your TOTP configuration versus the external "unknown error" strongly indicates a perimeter network issue, rather than a problem within Indicium itself, which is supported by the clean server logs. Most commonly, this is caused by a restrictive rule on your firewall or Web Application Firewall (WAF) that is intercepting or blocking the required traffic (specifically the redirect or one of the subsequent API calls) necessary for the TOTP challenge to complete successfully from an outside connection.To diagnose this maybe try usingyour browser's developer toolsto watch the network tab during an external login attempt; identifying the precise request that fails with a non-200 status code will usually reveal exactly what the WAF or external security layer is preventing from passing through.Let me know if this reveals any additional information to narrow down the issue

Sign up

Login to the Thinkwise Software Community

Scanning file for viruses.

This file cannot be downloaded