wso2 identity server Multifactor Authentication error

1
votes

I am unable to implement Multifactor Authentication .

The error i am getting is

TID: [0] [WSO2 Identity Server] [2012-10-30 10:31:38,620] ERROR     {org.wso2.carbon.identity.provider.xmpp.MPAuthenticationProvider} -  login failed. Trying     again.. {org.wso2.carbon.identity.provider.xmpp.MPAuthenticationProvider}
SASL authentication failed: 
    at org.jivesoftware.smack.SASLAuthentication.authenticate    (SASLAuthentication.java:209)
    at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:341)
    at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:301)

This is for wso2 Identity Server 3.2.3 . Straight out of the box. No additional configuration performed to run this instance of Identity Server.

It appears that signing in as admin , the ldap authentication is completed and then authentication with gtalk is attempted when the error occurs.

Should I be setting my own configuration in the identity.xml where gtalk is being set?

<MultifactorAuthentication>

    <XMPPSettings>

        <XMPPConfig>

            <XMPPProvider>gtalk</XMPPProvider>

            <XMPPServer>talk.google.com</XMPPServer>

            <XMPPPort>5222</XMPPPort>

            <XMPPExt>gmail.com</XMPPExt>

            <XMPPUserName>[email protected]</XMPPUserName>

            <XMPPPassword>wso2carbon</XMPPPassword>

        </XMPPConfig>

    </XMPPSettings>

</MultifactorAuthentication>
1
wso2wso2carbonwso2is

1 Answers

1
votes

I found out that I do need to set up a Google talk account.

  1. I added the new settings to the MultifactorAuthentication configuration.

  2. I restarted the server.

  3. I edited the user account with another new Google talk account.

  4. I logged out.

  5. Logged back in via relyingparty URL with openid,

  6. received communication over gtalk requesting pin.

  7. I entered the pin and got logged in.

It would have been nice if wso2 had I their documentation the need to setup the settings for this configuration to get multifactor authentication to work out of the box.