Jump to content

Yubikey Authentication not working


Recommended Posts

I just upgraded tonight and was very excited to see the Yubikey integration. FINALLY!! I said! :)


I entered in my existing API key as I have it set up for the backend of my main site and it works quite awesomely. It returned with an error, so I fetched a new key thinking maybe it was tied to the address associated with the software. In this case, (billing@example.com), whereas the other key is tied to (admin@example.com).


In any event, neither API integration works and returns an error with a red X saying "There was a problem".


Also, not seeing the option for my clients to add two-factor authentication in their portal. (I have an account I use for testing).

Link to comment
Share on other sites

hmm I just upgraded tonight and added the API key and set it up under my admin account and its working just fine. So it could be a issue of connection to the yubikey database or a lag in them getting into the db... it does say it takes up to 5 minutes for it to be activated.

Link to comment
Share on other sites

Chris, running 5.2.2.


I submitted a ticket for you (Ticket #JUQ-610332) to login, but you never did with the credentials I supplied to you. I figured things were fixed when I saw the update so I installed that which got the admin side working. I went ahead and closed the ticket myself thinking in the near future a new release would resolve the client side:


The Client side will accept the Yubikey and make it look like it will ask for user to authenticate, but it doesn't when logging in. It just lets them in. So, in a sense, nothing there for two-factor authentication.

Link to comment
Share on other sites

  • 6 months later...

Currently in the middle of a few hours of work on a saturday to fix a critical WHMCS security issue that I feel was caused by a blatantly basic coding issue, sacrificing family time, does not make me too happy. At least I thought upgrading would now let us use 2FA security and Yubikey we've been promoting for years, just to realize now that it seems to be a paid addon ?

Can someone clarify, as the only link I have from http://www.whmcs.com/two-factor/ takes me to a referal page to buy keys we already have. Do I get things wrong ? Could be as this AES injection issue really made my day...not.


Edit: Ok, the admin section seems to show I can register 1 yubikey, no charge obviously, so it seems I got that wrong.

Now on to ask how we can register our own key each as several people manage our sites...

Edited by pierre
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated