Skip to content

When TOTPAdminService is used application-authentication.xml configurations are ignored. #26343

New issue
New issue
Open
Open
When TOTPAdminService is used application-authentication.xml configurations are ignored.#26343
Labels
Type/Bug
@UpekshaGalappaththi

Description

@UpekshaGalappaththi
UpekshaGalappaththi
opened on Nov 25, 2025

Description

In the Identity Server, when the TOTPAdminService is used, the connector will retrieve the configurations from the default values defined in the connector[1]. Ideally it should directly retrieve the value configured in the application-authentication.xml file. In the UI based flows where TOTP is used as an authenticator the connector properly retrieves the value from the context[2].

[1] https://github.com/wso2-extensions/identity-outbound-auth-totp/blob/v2.0.14/component/authenticator/src/main/java/org/wso2/carbon/identity/application/authenticator/totp/util/TOTPAuthenticatorConfig.java#L28
[2] https://github.com/wso2-extensions/identity-outbound-auth-totp/blob/v2.0.14/component/authenticator/src/main/java/org/wso2/carbon/identity/application/authenticator/totp/TOTPAuthenticator.java#L438

Steps to Reproduce

Enable TOTP and enroll a user with a secret key.
Execute the below curl command.

curl -k --location --request POST
'https://localhost:9443/services/TOTPAdminService.TOTPAdminServiceHttpsSoap11Endpoint/'
--header 'Content-Type: text/xml; charset=utf-8'
--header 'SOAPAction: urn:validateTOTP'
--header 'Authorization: Basic YWRtaW46YWRtaW4='
--data-raw '
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ser="http://services.totp.authenticator.application.identity.carbon.wso2.org">
soapenv:Header/
soapenv:Body
ser:validateTOTP
ser:usernametest1</ser:username>
ser:verificationCode198515</ser:verificationCode>
</ser:validateTOTP>
</soapenv:Body>
</soapenv:Envelope>'

TimeStepSize and other config values will not be taken from the application-authentication.xml and will be used from[1].

Please select the area issue is related to

Other

Version

IS 5.7 and above

Environment Details (with versions)

No response

Developer Checklist

  • [Behavioural Change] Does this change introduce a behavioral change to the product?
  •  ↳ Approved by team lead
  •  ↳ Label impact/behavioral-change added
  • [Migration Impact] Does this change have a migration impact?
  •  ↳ Migration label added (e.g., 7.2.0-migration)
  •  ↳ Migration issues created and linked
  • [New Configuration] Does this change introduce a new configuration?
  •  ↳ Label config added
  •  ↳ Configuration is properly documented

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type/Bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions