Can you make it work with Fortitoken

[schwit61]

https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/fortitoken.pdf
Fortinet says it is OATH-TOTP (RFC6238) compliant

[dlenski]

Can you make it work with Fortitoken

I'm not a mind reader. What are you asking for here?

Are you asking if the python-vipaccess source can be modified to support a whole different web-based service for provisioning TOTP tokens?

If so, yes, this code would probably be a good starting point.

I have no need for this myself though, nor the time/interest to do it for fun.

If you can figure out how the Fortitoken provisioning service works, and want to integrate it in here, then PRs are welcome 😄

[schwit61]

Fortitioken is TOTP based. Some of the legwork may have been done here
https://jonstoler.me/blog/extracting-fortitoken-mobile-totp-secret

[dlenski]

Fortitioken is TOTP based. Some of the legwork may have been done here
https://jonstoler.me/blog/extracting-fortitoken-mobile-totp-secret

This is a nicely-explained bit of reverse engineering work, but it's not directly applicable to python-vipaccess.

• python-vipaccess works by replicating the web-based provisioning process to generate a new TOTP token, so that the closed-source VIP Access apps are never involved at all
• This blog post involves running the closed-source Fortitoken app to provision a token, then figuring out how to deobfuscate/extract the token secret from its on-device storage.

If you want to make python-vipaccess work with Fortitoken, you'd need to figure out the web-based provisioning process for Fortitoken.