Import token from web #28
Comments
|
what is the content of the response? |
|
I've never actually used CTKIP (my former employer just emailed us the raw XML seed files 😱) but it is documented in RFC 4758. Your greatest challenge is probably getting RSA Authentication Manager set up locally to test the entire flow end-to-end. If you're friendly with the I.T. guys that would definitely help. |
|
Duplicates #27 |
|
Is anyone aware of any implementations of a CT-KIP client on any platform? |
|
I am actually working on one write now. What i need is a working server that i can use. or at least someone who is willing to test |
|
I'd be willing to test. What do you need from me? |
|
well, a working ct-kip url would be nice, i do not have access to an ct-kip server/rsa authentication manager you may send it by email |
|
i am trying to reverse engineer it by creating a self hosted soap service that simulates the ct-kip server part and hitting it with the official RSA securid token app |
|
@cernekee can you send me the xml files you have received? |
|
I have not received any xml files. Just a CT-KIP url and an activation code. |
|
@darkprokoba Are you allowed to send it? |
|
I have the same issue. I have a web import link (CT-KIP) and an activation key. I am getting below error while trying to import. error: --token string is garbled: General failure |
|
yes, the problem is that nobody of us has access to the rsa authentication manager. i tried to request a demo version, but have no answer from the rsa guys yet. |
|
Any news on this front? Are we still blocked by getting the authentication manager? |
|
yes. without it, it is hard to reverse-engineer (tm) it |
|
for those with the error: .sdtid file extension is actually an .xml file. So changing the .sdtid file extension to .xml and importing the file as usual just works. |
|
@esskar if I can work with you in realtime, I can help you with this - i can generate a new ct-kip URL at any time. it does invalidate my current token to do so, so after any reverse-engineering session, I will need to re-generate a token for my use. |
|
@benklop what is your current time zone? I am GMT+11, but GMT-6 at december. December will probably better for me. |
|
I've implemented a client that will show the unencrypted version of all the keying material exchanged with the server, at dlenski/rsa_ct_kip:client.py We still need to work out exactly how the final key of the token relates to the material exchanged, because the RFC is unclear/inconsistent/obfuscated on this subject: If anyone is willing to be a guinea pig and test it with a new authentication token or two, that'd help a lot. |
|
@dlenski I'd be willing to waste my IT's time to generate a bunch of auth tokens. If you can give me some clues on how to use this. |
|
I was able to use the client tool provided with modifications ( see dlenski/rsa_ct_kip#1 ) but I'm not quite sure what I do with the values I get. |
|
@dedominic-veeder, see #27 for some (hopefully informed) speculation on how to use this client to try to figure out the algorithm for generating the final secrets for the tokens. |
|
@dedominic-veeder, if you can still generate activation codes… the tool has been considerably cleaned up and should Just Work™. Would be great to have another confirmation. |
|
The functionality you are looking for is now provided by this project: https://github.com/dlenski/rsa_ct_kip. |
|
rsa_ct_kip deserves to be mentioned in the Readme. Having to download the token from a server is a common approach. |
Currently it's not possible to import token from web with activation code.
On mobile phone it can be done eg using link like:
com.rsa.securid://ctkip?scheme=https&url=securid1.access.organization.com:7005/ctkip/services/CtkipService&activationCode=xxxxxxxxxxxx
Is it possible to add this functionality to stoken?
The text was updated successfully, but these errors were encountered: