GitLab server issue: Two-Factor Authentication gives error in time synchronisation (?!) [FIXED]

Discussion in 'Developers' Forum' started by Gwyneth Llewelyn, May 2, 2023.

  1. Gwyneth Llewelyn

    Gwyneth Llewelyn Member

    Today I logged in to the GitLab server for ISPConfig, and, to my surprise, it didn't accept my TFA TOTP code. It was a bit weird, and the error — after looking it up — pointed to a time synchronisation issue.
    I immediately suspected that my TOTP application (Duo Mobile) was the culprit, so I first logged in with one of the "emergency keys" I had (it worked flawlessly). Then I removed the entry for this GitLab server on the app and tried to add it again via QR code.
    It certainly created the new entry, but, alas, I couldn't confirm the code — the error was the same.
    Ok, so I deleted everything again :) and this time tried it out with Google Authenticator. To my complete surprise, it didn't work either! Same error: time sync issues.
    Now I'm pretty sure that it's not a problem with my iPhone and/or my Mac — both are definitely being updated via NTP — so I wonder if it's somehow related to the maintenance made a while ago? I think I didn't log in since then.
    I actually just wanted to add a YubiKey as an alternative TFA, but it seems that you must have TOTP TFA set up first, and then you can pair with your key — but it doesn't work the other way round (why, I don't know; possibly because if both your TOTP app and the YubiKey are broken/missing, you'd still be able to log in with one of the emergency keys — which requires setting up TOTP TFA first...).
    I wonder if there is something I can do to fix this? Or perhaps just try later? :)
    Has anyone else had any issues with TFA to the GitLab server recently, or is it just me?
    For now, of course, I've turned TFA off, but I certainly would prefer to have it on...
     
    Last edited: May 2, 2023
    Gwyneth Llewelyn, May 2, 2023
    #1
    ahrasis likes this.
  2. Gwyneth Llewelyn

    Gwyneth Llewelyn Member

    ... I should have mentioned that I have 140+ TOTP entries on that app and all of them are working. Well, at least most of them, I didn't try them all, one by one! :) But I certainly have tried out many (including the GitLab public server).
     
    Gwyneth Llewelyn, May 2, 2023
    #2
    ahrasis likes this.
  3. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    I have messaged Marius, who maintains the GitLab server, asking him to check this. Keep you posted.
     
    Th0m, May 2, 2023
    #3
    Gwyneth Llewelyn and ahrasis like this.
  4. Gwyneth Llewelyn

    Gwyneth Llewelyn Member

    Gwyneth Llewelyn, May 3, 2023
    #4
  5. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Time was out of sync. Fixed. Thanks for reporting!
     
    Th0m, May 6, 2023
    #5
    Gwyneth Llewelyn and ahrasis like this.
  6. Gwyneth Llewelyn

    Gwyneth Llewelyn Member

    Awesome! That fixed it for me, and I could add the YubiKey as well :)

    Thanks so much!
     
    Gwyneth Llewelyn, May 7, 2023
    #6

Share This Page