2 Factor Authentication Issue

Hello Team,

I am using DHIS2 version: 2.39.3.1 and Once I try to activate or turn on two factor authentication the QR Code not showed up, and I do inspect I found the below URL for QR image but it could not be open: same happened once try use demo site on version 2.38.6: DHIS 2 Demo - Sierra Leone

QR Image source link


Could you please advise on this?

Note that my user now is blocked, and I can not access it due to turn it on at my account and at the same time I do not have take QR code to link it with google authenticator, and I have tried to to make my colleague to disable it from users app but unfortunately with no luck…

Thanks and regards,
Ayman

Hi @ayman.tuffaha

Thanks for the clearly written post. I am also facing the same issue; however, if you go to the dev instance (latest version) you will find that the whole process and UI has been upgraded and changed. You can read more about these changes here: [DHIS2-14555] - Jira

I will ask if this is going to be back ported or if people will need to upgrade to use this and then get back to you.

Thanks!

Thanks @Gassim,

It seems partially solved at dev env. as below:

  1. Using Google Authenticator is not working and shows an invalid 2FA Code message.
  2. Using Microsoft Authenticator is working perfectly as expected.

In both cases above I have successfully disabled the 2FA feature from the newly created user “Ayman”.

I understand it will be working fine with 2.42 and above right?

While I am stuck with my case any workaround to solve it at my existing version 2.39.3.1 will be much appreciated…

Kind regards,
Ayman

1 Like

Hi @ayman.tuffaha

Thank you for your post. Yes, this is a bug issue and it has been reported on Jira: [DHIS2-17428] - Jira

Hey @ayman.tuffaha,

I noticed you were dealing with a 2FA issue while working on something related and wanted to share a temporary workaround until the team resolves it.

When you generate a QR code for setting up 2FA, the URL contains the secret key needed for the Time-based One-Time Password (TOTP) algorithm. That URL is the one you were able to inspect in your browser.

Here’s an example URL:

src=“https://chart.googleapis.com/chart?chs=200x200&chld=M%|0&cht=qr&chl=otpauth%3A%2F%2Ftotp%2FDHIS%25202%2520DHIS%25202%2520Demo%2520-%2520Sierra%2520Leone%3Aandroid-marcos%3Fsecret%3DDA5W3YQQA7K7QMK7%26issuer%3DDHIS%25202%2520DHIS%25202%2520Demo%2520-%2520Sierra%2520Leone”

In this URL, the key “DA5W3YQQA7K7QMK7” is the secret used to generate one-time passwords. Typically, a user would scan the QR code with an authenticator app to set up 2FA. However, you can manually enter the secret key and your preferred account name into the Google Authenticator app instead of scanning the QR code to set up 2FA.

I hope this helps you in the meantime.

Best,
Marcos

P.S. The %3D in the URL is an encoded = sign. Be careful not to include the final “D” when copying the secret key.

1 Like

@marcos.campos Thank you for your post and valuable information.

I would appreciate it if there is a workaround for version 2.39.3.1 since I have a user who has turned on 2 - 2-Factor verification without knowing the code and it looks like the user can not log in due to not getting the code…

If there is a way to disable or turn it off that’s will be great.

Best regard,
Ayman

Hi again, @ayman.tuffaha !

To disable 2FA for a specific user, an admin user with the appropriate authorities can do this. You can go to the users app, click on the user list, search for the user, and use the three-dot actions menu to disable 2FA for that user, as shown in the image.

image

I hope this helps.

Best regards,
Marcos

Thanks @marcos.campos ,

Yes Sure I have tried this before, but unfortunately with no luck.
Under the screenshot shown with the inspect tool with error 400, note that “M5zQapPyTZI” represents user UID.

Best regards,
Ayman

Hi @ayman.tuffaha ,

Thank you for sharing the details of the issue you’re facing. I think the best course of action is to report this problem by creating an issue in the JIRA system so that the development team can investigate and address it.

Please use the following link to create a new issue: Create JIRA Issue

Provide all the relevant details and screenshots you have shared, including the error messages and the version of DHIS2 you are using.

If you need further assistance, please let us know. :slight_smile:

Best regards,
Marcos

2 Likes