Issue Report - FreeOTP Unknown Issuer in Issuer Field

[Gaitonde007]

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

• [Yes] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• [Yes] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Describe the bug

I have encountered an issue with FreeOTP on OPNsense where the issuer field displays as "unknown." This occurs when attempting to use FreeOTP for two-factor authentication within the OPNsense environment.

To Reproduce

Steps to reproduce the behaviour:

1. Install FreeOTP on a device.
2. Set up two-factor authentication in OPNsense using FreeOTP.
3. Generate a token and observe the issuer field.

Expected behaviour

I expected the issuer field in FreeOTP on OPNsense to display the correct and expected issuer information. Unfortunately i don't see an option to set the issuer field.

Screenshots

Additional context
I do not get this error on Google Authenticator, it displays the hostname given to the OPNsense correctly.
Kindly provide steps to resolve this issue.

Environment

Software version used and hardware type if relevant, e.g.:

OPNsense 24.1 (amd64).

[AdSchellevis]

probably better ask them what they need to display an issuer... you can find their GitHub repo's at https://github.com/freeotp

[Gaitonde007]

probably better ask them what they need to display an issuer... you can find their GitHub repo's at https://github.com/freeotp

Hi, sure will do.
FYI: with pfSense it displays as FreeRadius Server since external authentication is built into that package.

Thanks.

[AdSchellevis]

if they add OPNsense, I don't mind adding an issuer on our end:

https://github.com/pfsense/FreeBSD-ports/blob/9fdee68a7df90cab70451ac684e2a8b21d824b08/net/pfSense-pkg-freeradius3/files/usr/local/pkg/freeradius.xml#L330

core/src/www/system_usermanager.php

Line 936 in 407be7c

$otp_url .= $pconfig['usernamefld']."@".htmlspecialchars($config['system']['hostname'])."?secret=";

[joggee-fr]

Hi @AdSchellevis,
I get here following freeotp/freeotp-android#387 and analyze URI returned by OPNsense in this comment freeotp/freeotp-android#387 (comment).
Just to know, did you except $config['system']['hostname'] to be viewed as the issuer here?

[AdSchellevis]

@joggee-fr yes, usually it shows user@domain in these type of apps.

[joggee-fr]

@AdSchellevis
As I understand the docs on OTP URI format, in the case otpauth://totp/User1@Mail_VPN?secret=, User1@Mail_VPN is the account name. FreeOTP seems to choose to display the issuer but none is precised here.
OPNsense:User1@Mail_VPN would certainly display OPNsense as issuer for example. Or it seems it can also be added as URI parameters OPNsense:User1@Mail_VPN?secret=&issuer=OPNsense.

[AdSchellevis]

I don't mind adding an issuer, but I don't expect them to have a logo on their end....

[joggee-fr]

If I am right, FreeOTP will display a custom logo if:

1. A logo for the issuer has been defined in the app (hard-coded stuff). If you had the issuer, someone may propose a PR to add an associated image in FreeOTP ;
2. Or you had image to the URI parameters e.g. discussed here.

[AdSchellevis]

@joggee-fr can you try 12001a3 ? install via:

opnsense-patch 12001a3

[joggee-fr]

@Gaitonde007, as you are the initial reporter could you give this patch a test?

[Gaitonde007]

@Gaitonde007, as you are the initial reporter could you give this patch a test?

Hi @joggee-fr , I have tested on Android and it works as expected. Issue on IOS still persists.

Thanks

[joggee-fr]

@Gaitonde007, I am not aware of the iOS version of the FreeOTP application. However, did you open an issue there?

[Gaitonde007]

@Gaitonde007, I am not aware of the iOS version of the FreeOTP application. However, did you open an issue there?

Sorry for my ignorance, I will report it there. I believe they have to do something similar which was done with Android?