Replies: 2 comments 1 reply
-
|
Hi, @kkimmo Hello, First please upgrade to the latest version 3.1.2410.0 because microsoft packages are invalid in version 2409.0. then please retest. (Thank you Microsoft! I have been practicing for 40 years, and speaking hundreds of times for them...) Basically, there will be a version 4.0 next spring. but I do not know in what form it will be distributed... in the current version it is not a finished product on which you can demand support, it is primarily dedicated to developers. we respond when the problem raised helps us move forward. Please know, however, that there has been no code change since May 2024 (except in September for an import filter problem). Thanks |
Beta Was this translation helpful? Give feedback.
-
|
Hello, sorry, there was my comment "Looked like issue 354, updated to 3.1.2410.0 .Net 4.8.1, got different error" between errors but it is hard to see from all that log. So already updated to the latest version, event viewer error changed a little bit, same error in MFA MMC. |
Beta Was this translation helpful? Give feedback.
-
|
This problem was resolved. Reinstalled MFA but then got error that server was not operational. |
Beta Was this translation helpful? Give feedback.
-
Hello,
migrated from old single Windows server 2019 ADFS to new windows server 2022 ADFS farm. Exported config with Export-MFASystemConfiguration and then imported it to new ADFS.
Using TOTP code + ADDS and after migration, users are able to use TOTP codes just fine. If user is removed from MFA MMC, new wizard registration works until Finish is pressed. So, new user is able to read QR code and verify it but selecting Finish after "Your account is validated!", user gets error "input string was not in a correct format".
Had version 3.1.2409.0 and got error in event viewer
Error Initializing WebAuthN Metdata Repository : IDX12729: Unable to decode the header '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]' as Base64Url encoded string. /// at System.IdentityModel.Tokens.Jwt.JwtSecurityToken.Decode(String[] tokenParts, String rawData)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ReadJwtToken(String token)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateJWS(String token, TokenValidationParameters validationParameters, BaseConfiguration currentConfiguration, SecurityToken& signatureValidatedToken, ExceptionDispatchInfo& exceptionThrown)
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, JwtSecurityToken outerToken, TokenValidationParameters validationParameters, SecurityToken& signatureValidatedToken)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
at Neos.IdentityServer.MultiFactor.WebAuthN.Metadata.MDSMetadataRepository.DeserializeAndValidateBlob(BLOBPayloadInformations infos)
at Neos.IdentityServer.MultiFactor.WebAuthN.Metadata.MDSMetadataRepository.GetBLOB()
at Neos.IdentityServer.MultiFactor.WebAuthN.MFAMetadataService.InitializeRepository(IMetadataRepository repository)
Looked like issue 354, updated to 3.1.2410.0 .Net 4.8.1, got different error
Error Initializing WebAuthN Metdata Repository : The RegEx engine has timed out while trying to match a pattern to an input string. This can occur for many reasons, including very large inputs or excessive backtracking caused by nested quantifiers, back-references and other factors. /// at System.Text.RegularExpressions.RegexRunner.DoCheckTimeout()
at Go2(RegexRunner )
at System.Text.RegularExpressions.RegexRunner.Scan(Regex regex, String text, Int32 textbeg, Int32 textend, Int32 textstart, Int32 prevlen, Boolean quick, TimeSpan timeout)
at System.Text.RegularExpressions.Regex.Run(Boolean quick, Int32 prevlen, String input, Int32 beginning, Int32 length, Int32 startat)
at System.Text.RegularExpressions.Regex.IsMatch(String input, Int32 startat)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ReadJwtToken(String token)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateJWS(String token, TokenValidationParameters validationParameters, BaseConfiguration currentConfiguration, SecurityToken& signatureValidatedToken, ExceptionDispatchInfo& exceptionThrown)
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, JwtSecurityToken outerToken, TokenValidationParameters validationParameters, SecurityToken& signatureValidatedToken)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
at Neos.IdentityServer.MultiFactor.WebAuthN.Metadata.MDSMetadataRepository.DeserializeAndValidateBlob(BLOBPayloadInformations infos)
at Neos.IdentityServer.MultiFactor.WebAuthN.Metadata.MDSMetadataRepository.GetBLOB()
at Neos.IdentityServer.MultiFactor.WebAuthN.MFAMetadataService.InitializeRepository(IMetadataRepository repository)
New user registration is shown in MFA MMC as disabled and method is "Choose". If user is activated from MFA MMC, user can use the code and it seems to work. Editing new user from MFA MMC and changing method causes the same error "input string was not in a correct format". Editing old users, that existed before migration, works.
Setting method with Set-MFAUsers works with old users, same error to new users than in MFA MMC.
Any ideas how to fix?
Beta Was this translation helpful? Give feedback.
All reactions