Open b90g opened 2 years ago
Hello @b90g, could you show a video of how it works on the browser and on the Electron to we understand better whats happening?
https://peertube.netzbegruenung.de/videos/watch/45935f4b-f447-4550-a7ea-d1dcd26f6eab
inexperienced users might dont know what to do. i suggest to have the same pop out for interaction request with security token.
(this time i used the Snap Package on Fedora 36 btw)
I have similar problems. Rocket.Chat 5.3.2, Electron client 3.8.13, using Keycloak via Custom OAuth. On Linux, it works fine with the Yubikey, but on OSX the workflow looks "weird". I have both a Yubikey and the MacBook fingerprint reader registered as WebAuthN devices in Keycloak, but the fingerprint reader doesn't work. It never shows the fingerprint popup or seems to try to access the reader. The Yubikey works, but "blind" like the issue creator describes, ie. with no popup.
Both work fine on a browser.
Fascinating, I can't get it to work at all in the desktop client on Linux. (v3.9.6) With or without PIN, my security keys don't work, neither as 2FA nor for passwordless login.
Which is to say, yes, the NitroKey at least starts blinking, but it fails to ask for a PIN for passwordless and in either case it immediately fails when I touch the security key.
Ah, but I've realized we're using OIDC, not SAML... Gonna test that.
Describe the bug When having 2FA WebAuthn activated on SSO/SAML the electron client isnt very transparent about what user interaction is expected from them.
What operating system and which version? Linux Debian Bullseye Which version of Rocket.Chat (Server)? 4.8 Which version of Rocket.Chat.Electron (Electron/Desktop)? latest as of writing the issue Is there any setting relevant changed? not really
To Reproduce
Expected behavior Getting prompted to connect & touch security token
Actual behavior