Idea ID: 2871844

Improved reporting on Tokens

Anymouse Anymouse
Status : New Idea

There is no way to export a report on OATH Tokens and who they are assigned to.  Our company needs this for asset management. 

Tags:

  • Here is a solution which we provided some of our customers which would like to have an export of every method which is enrolled with the additional information of the serial number of TOTP/HOTP tokens. If there is no "serial number" shown than the user is using App OTP.

    Hopefully that will help you.

    1. Login with SSH trough AAF
    2. Run the following command to export every Method which is associated to the userToken:

      docker exec aaf_audb_1 psql -U root -d aucore_prod -P pager=off -c "select t1.name, t2.method_id, t2.id, t3.serial, t3.type from \"user\" t1 inner join auth_template t2 on t1.id = t2.owner_id left join otp_token t3 on t2.id = t3.auth_template_id where t2.id in (select auth_template_id from user__auth_template) order by t2.method_id;" > /root/token.txt

    The file looks like the following:

    name | method_id | id | serial | type
    ---------+-----------------+------------------------------------+----------+------
    User1 | TOTP:1 | \x710796a46435d4545435deg9ac6fa11a | 10002 | totp
    User1 | HOTP:1 | \xdd52a66ea0eb135ae089293978dd834f | 9344342 | hotp
    User2 | FIDO2:1 | \xb03c40754142d8eca995f17502910fc7 | |
    User2 | TOTP:1 | \x0229059fd62fe2913c6587cd23dc946d | | totp
    User3 | HOTP:1 | \x7e03c7f45599ea647b2f327cf2e487e6 | 15203296 | hotp
    User4 | TOTP:1 | \x710796a4d3b140f517885179ac6fa11a | 10005 | totp
    User4 | HOTP:1 | \xdd52a66ea0eb135ae089293978dd834f | 4362342 | hotp
    User5 | TOTP:1 | \x142d8eca40bde2913c6587cd23de10ab | | totp
    User6 | TOTP:1 | \x049fd62fe2913c652a5387cd23dc946d | | totp
    (9 rows)