Fido Register API Failing with timeout

sanudatta11 commented 2 years ago

Error in Register Rest API for Fido2 Server Pre Register Works fine and returns a challenge. When we use the IOS Sample app and use the challenge to generate the register object, its throwing a timeout error in register API.

Payload

{
    "payload": {
        "publicKeyCredential": {
            "id": "eytsH726WbmJkc2Wz74ti88Mrbs",
            "type": "public-key",
            "rawId": "eytsH726WbmJkc2Wz74ti88Mrbs",
            "response": {
                "clientDataJSON": "<DATA>",
                "attestationObject": "<DATA>"
            }
        },
        "strongkeyMetadata": {
            "username": "dsfsd",
            "create_location": "Sunnyvale, CA",
            "origin": "https:demo4.strongkey.com",
            "version": "1.0"
        }
    },
    "svcinfo": {
        "svcpassword": "Abcd1234!",
        "did": 1,
        "authtype": "PASSWORD",
        "svcusername": "svcfidouser",
        "protocol": "FIDO2_0"
    }
}

{
    "Response": "FIDO-ERR-2001: FIDO 2 Error Message : {0}Request timed out, please try again"
}

sanudatta11 commented 2 years ago

I have tried using your own OpenAPI(demo4 strongkey( also and the same error is reflected there too.

pattycakelol commented 2 years ago

Hi @sanudatta11,

Could you show the GlassFish log's output for when you performed your preregister and register? The GlassFish server log is located at /usr/local/strongkey/payara5/glassfish/domains/domain1/logs/server.log

sanudatta11 commented 2 years ago


Millis: 1655078403139] [levelValue: 800] [[
  w20Chq__w5phZO2MRKRf7uOylSI9D1vs0hduCZbwyM3rByH2SQ-7mnxf-KKlLAbNlynqwZDAV3-t5d0NSsEXWd7hTsgu9GTx8_lLa1vAegWT1VqA6B21Vw_C7wZkiD5tDNGxLnSmzq5dbxAa-4kGjd86zoPKym3uhNeVsKM0IFJ6zxTyeaKihdTk6kDiAeZIZpItihh2SpWBRYhmo19mI51RrzIQ3wzF-kSLNJ63qmVu182bm6F9EvsT7G-eSlcmX9Zz9EKGMWxCOcTUG4Xin7CS1clLieqO09vHZtlcCcjoZt8yiK1St05Dv961oLIZ_P5SLseO1MA-3ZqJhHplqQ]]

[2022-06-13T00:00:03.150+0000] [Payara 5.2020.7] [INFO] [] [] [tid: _ThreadID=234 _ThreadName=__ejb-thread-pool14] [timeMillis: 1655078403150] [levelValue: 800] [[
  Certificate valid]]

[2022-06-13T00:00:03.162+0000] [Payara 5.2020.7] [INFO] [] [] [tid: _ThreadID=234 _ThreadName=__ejb-thread-pool14] [timeMillis: 1655078403162] [levelValue: 800] [[
  Signature Verified!!]]

[2022-06-13T02:46:43.106+0000] [Payara 5.2020.7] [INFO] [APPL-MSG-1000] [APPL] [tid: _ThreadID=73 _ThreadName=http-thread-pool::http-listener-2(10)] [timeMillis: 1655088403106] [levelValue: 800] [[
  APPL-MSG-1000: Informational Message: request user: cn=FidoRegistrationService-AuthorizedServiceCredentials,did=1,ou=groups,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com (cn=svcfidouser,did=1,ou=users,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com)]]

[2022-06-13T02:46:43.112+0000] [Payara 5.2020.7] [INFO] [FIDO-MSG-0001] [SKFS] [tid: _ThreadID=73 _ThreadName=http-thread-pool::http-listener-2(10)] [timeMillis: 1655088403112] [levelValue: 800] [[
  FIDO-MSG-0001: Received preregister request; Input: [TXID=73-1655088403112]
 did=1
 svcusername=svcfidouser
 protocol=FIDO2_0
 username=soumyajit
 displayname=soumyajit_dn
 options={"attestation":"direct"}
 extensions={}]]

[2022-06-13T02:46:43.121+0000] [Payara 5.2020.7] [INFO] [FIDO-MSG-0002] [SKFS] [tid: _ThreadID=73 _ThreadName=http-thread-pool::http-listener-2(10)] [timeMillis: 1655088403121] [levelValue: 800] [[
  FIDO-MSG-0002: Done with preregister request; Output: [TXID=73-1655088403112, START=1655088403112, FINISH=1655088403121, TTC=9]
FIDO2Registration Challenge parameters = {"Response":{"rp":{"name":"FIDOServer","id":"strongkey.com"},"user":{"name":"soumyajit","id":"4oTKi4qqUTTuTygFWO3zOdSevL5rj7Y6eG6B24M7XAs","displayName":"soumyajit_dn"},"challenge":"cL8DHFfDjUwU_ppFs3Pl6w","pubKeyCredParams":[{"type":"public-key","alg":-7},{"type":"public-key","alg":-35},{"type":"public-key","alg":-36},{"type":"public-key","alg":-8},{"type":"public-key","alg":-47},{"type":"public-key","alg":-257},{"type":"public-key","alg":-258},{"type":"public-key","alg":-259},{"type":"public-key","alg":-37},{"type":"public-key","alg":-38},{"type":"public-key","alg":-38}],"excludeCredentials":[],"attestation":"direct"}}]]

[2022-06-13T02:46:48.104+0000] [Payara 5.2020.7] [INFO] [APPL-MSG-1000] [APPL] [tid: _ThreadID=65 _ThreadName=http-thread-pool::http-listener-2(2)] [timeMillis: 1655088408104] [levelValue: 800] [[
  APPL-MSG-1000: Informational Message: request user: cn=FidoRegistrationService-AuthorizedServiceCredentials,did=1,ou=groups,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com (cn=svcfidouser,did=1,ou=users,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com)]]

[2022-06-13T02:46:48.105+0000] [Payara 5.2020.7] [INFO] [FIDO-MSG-0003] [SKFS] [tid: _ThreadID=65 _ThreadName=http-thread-pool::http-listener-2(2)] [timeMillis: 1655088408105] [levelValue: 800] [[
  FIDO-MSG-0003: Received register request; Input: [TXID=65-1655088408105]
 did=1
 svcusername=svcfidouser
 protocol=FIDO2_0
 response={"id":"79U433x2hykUyf-h02qXwEkpyLN15N61MhYDTlM6AuWi-rmrO7kA0LdP3nSJNYedw6AqAh6RZiWjIyh5b1npW4oMJRS1sYMJVkRbNVlwBpSy_0OW2pRKLvVSRjxzT7LXsGV_i4r7KRE83ItVOS_cDKbYn3axDcYiUNaRXAR1DfHC5UP3hpystaKsOKvfCop2oA0rfrymTsUmF7RGKP-MNCiMP_Z5EnO8hHntAs41kTg","rawId":"79U433x2hykUyf-h02qXwEkpyLN15N61MhYDTlM6AuWi-rmrO7kA0LdP3nSJNYedw6AqAh6RZiWjIyh5b1npW4oMJRS1sYMJVkRbNVlwBpSy_0OW2pRKLvVSRjxzT7LXsGV_i4r7KRE83ItVOS_cDKbYn3axDcYiUNaRXAR1DfHC5UP3hpystaKsOKvfCop2oA0rfrymTsUmF7RGKP-MNCiMP_Z5EnO8hHntAs41kTg","response":{"attestationObject":"o2NmbXRmcGFja2VkZ2F0dFN0bXSjY2FsZyZjc2lnWEcwRQIhAKh568CoVnRo3MIwVyLbYTiXuO7FTbsKfuqin4vhpu9YAiAEWQuISPN74PyBD_tpWmjKix9gg_sQjf7xj0hO096XDGN4NWOBWQHkMIIB4DCCAYOgAwIBAgIEbCtY8jAMBggqhkjOPQQDAgUAMGQxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5TdHJvbmdBdXRoIEluYzEiMCAGA1UECxMZQXV0aGVudGljYXRvciBBdHRlc3RhdGlvbjEYMBYGA1UEAwwPQXR0ZXN0YXRpb25fS2V5MB4XDTE5MDcxODE3MTEyN1oXDTI5MDcxNTE3MTEyN1owZDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlN0cm9uZ0F1dGggSW5jMSIwIAYDVQQLExlBdXRoZW50aWNhdG9yIEF0dGVzdGF0aW9uMRgwFgYDVQQDDA9BdHRlc3RhdGlvbl9LZXkwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQx9IY-uvfEvZ9HaJX3yaYmOqSIYQxS3Oi3Ed7iw4zXGR5C4RaKyOQeIu1hK2QCgoq210KjwNFU3TpsqAMZLZmFoyEwHzAdBgNVHQ4EFgQUNELQ4HBDjTWzj9E0Z719E4EeLxgwDAYIKoZIzj0EAwIFAANJADBGAiEA7RbR2NCtyMQwiyGGOADy8rDHjNFPlZG8Ip9kr9iAKisCIQCi3cNAFjTL03-sk7C1lij7JQ6mO7rhfdDMfDXSjegwuWhhdXRoRGF0YVkBNPgUPcPowj_96fevjVCLWyuOXtHPc57ItRHBr0kyY4M-QQAAAAAAAAAAAAAAAAAAAAAAAAAAALDv1TjffHaHKRTJ_6HTapfASSnIs3Xk3rUyFgNOUzoC5aL6uas7uQDQt0_edIk1h53DoCoCHpFmJaMjKHlvWelbigwlFLWxgwlWRFs1WXAGlLL_Q5balEou9VJGPHNPstewZX-LivspETzci1U5L9wMptifdrENxiJQ1pFcBHUN8cLlQ_eGnKy1oqw4q98KinagDSt-vKZOxSYXtEYo_4w0KIw_9nkSc7yEee0CzjWROKUBAgMmIAEhWCDyaCL1FRBjx_tJLFlnzwTSys214ccamb3iM8ioevGOEiJYIG_S-DmdODz6_GN6nOT4nlcmu55QbWFZXu7anb-KQgdI","clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiTENkbXlPQ2ZEUzltZDVJZkFYTzhtZyIsIm9yaWdpbiI6Imh0dHBzOi8vcWEtaW5mb3N5cy1maWRvLTIuc3Ryb25na2V5LmNvbTo4MTgxIn0"},"type":"public-key"}
 metadata={"version":"1.0","create_location":"Sunnyvale, CA","username":"johndoe","origin":"https://demo4.strongkey.com"}]]

[2022-06-13T02:46:48.107+0000] [Payara 5.2020.7] [SEVERE] [FIDO-ERR-0006] [SKFS] [tid: _ThreadID=65 _ThreadName=http-thread-pool::http-listener-2(2)] [timeMillis: 1655088408107] [levelValue: 1000] [[
  FIDO-ERR-0006: User session in-active: ]]

[2022-06-13T02:46:48.108+0000] [Payara 5.2020.7] [SEVERE] [] [] [tid: _ThreadID=65 _ThreadName=http-thread-pool::http-listener-2(2)] [timeMillis: 1655088408108] [levelValue: 1000] [[
  com.strongkey.skfs.utilities.SKIllegalArgumentException: Request timed out, please try again
        at com.strongkey.skfs.txbeans.FIDO2RegistrationBean.retrieveUsernameFromSessionMap(FIDO2RegistrationBean.java:308)
        at com.strongkey.skfs.txbeans.FIDO2RegistrationBean.execute(FIDO2RegistrationBean.java:91)
        at sun.reflect.GeneratedMethodAccessor400.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.glassfish.ejb.security.application.EJBSecurityManager.runMethod(EJBSecurityManager.java:588)
        at org.glassfish.ejb.security.application.EJBSecurityManager.invoke(EJBSecurityManager.java:408)
        at com.sun.ejb.containers.BaseContainer.invokeBeanMethod(BaseContainer.java:4826)
        at com.sun.ejb.EjbInvocation.invokeBeanMethod(EjbInvocation.java:665)
        at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:834)
        at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:615)
        at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.doCall(SystemInterceptorProxy.java:163)
        at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.aroundInvoke(SystemInterceptorProxy.java:140)
        at sun.reflect.GeneratedMethodAccessor103.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:888)
        at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:833)
        at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:615)
        at org.jboss.weld.module.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:72)
        at org.jboss.weld.module.ejb.SessionBeanInterceptor.aroundInvoke(SessionBeanInterceptor.java:52)
        at sun.reflect.GeneratedMethodAccessor102.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:888)
        at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:833)
        at com.sun.ejb.containers.interceptors.InterceptorManager.intercept(InterceptorManager.java:375)
        at com.sun.ejb.containers.BaseContainer.__intercept(BaseContainer.java:4798)
        at com.sun.ejb.containers.BaseContainer.intercept(BaseContainer.java:4786)
        at com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:212)
        at com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:90)
        at com.sun.proxy.$Proxy403.execute(Unknown Source)
        at com.strongkey.skfs.txbeans.u2fServletHelperBean.register(u2fServletHelperBean.java:423)
        at sun.reflect.GeneratedMethodAccessor399.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.glassfish.ejb.security.application.EJBSecurityManager.runMethod(EJBSecurityManager.java:588)
        at org.glassfish.ejb.security.application.EJBSecurityManager.invoke(EJBSecurityManager.java:408)
        at com.sun.ejb.containers.BaseContainer.invokeBeanMethod(BaseContainer.java:4826)
        at com.sun.ejb.EjbInvocation.invokeBeanMethod(EjbInvocation.java:665)
        at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:834)
        at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:615)
        at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.doCall(SystemInterceptorProxy.java:163)
        at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.aroundInvoke(SystemInterceptorProxy.java:140)
        at sun.reflect.GeneratedMethodAccessor103.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:888)
        at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:833)
        at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:615)
        at org.jboss.weld.module.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:81)
        at org.jboss.weld.module.ejb.SessionBeanInterceptor.aroundInvoke(SessionBeanInterceptor.java:52)
        at sun.reflect.GeneratedMethodAccessor102.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:888)
        at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:833)
        at com.sun.ejb.containers.interceptors.InterceptorManager.intercept(InterceptorManager.java:375)
        at com.sun.ejb.containers.BaseContainer.__intercept(BaseContainer.java:4798)
        at com.sun.ejb.containers.BaseContainer.intercept(BaseContainer.java:4786)
        at com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:212)
        at com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:90)
        at com.sun.proxy.$Proxy389.register(Unknown Source)
        at com.strongkey.skfs.rest.SKFSServlet.register(SKFSServlet.java:240)
        at sun.reflect.GeneratedMethodAccessor373.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:52)
        at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:124)
        at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:167)
        at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:176)
        at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:79)
        at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:469)
        at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:391)
        at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:80)
        at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:253)
        at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248)
        at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244)
        at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
        at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
        at org.glassfish.jersey.internal.Errors.process(Errors.java:244)
        at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265)
        at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:232)
        at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:680)
        at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:394)
        at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:346)
        at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:366)
        at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:319)
        at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:205)
        at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1636)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:259)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
        at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:757)
        at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:577)
        at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:99)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:158)
        at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:371)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:238)
        at com.sun.enterprise.v3.services.impl.ContainerMapper$HttpHandlerCallable.call(ContainerMapper.java:520)
        at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:217)
        at org.glassfish.grizzly.http.server.HttpHandler.runService(HttpHandler.java:182)
        at org.glassfish.grizzly.http.server.HttpHandler.doHandle(HttpHandler.java:156)
        at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:218)
        at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:95)
        at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:260)
        at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:177)
        at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:109)
        at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:88)
        at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:53)
        at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:524)
        at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:89)
        at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:94)
        at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:33)
        at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:114)
        at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:569)
        at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:549)
        at java.lang.Thread.run(Thread.java:748)
]]

[2022-06-13T02:46:48.109+0000] [Payara 5.2020.7] [SEVERE] [] [SKFS] [tid: _ThreadID=65 _ThreadName=http-thread-pool::http-listener-2(2)] [timeMillis: 1655088408109] [levelValue: 1000] [[
  FIDO-ERR-2001: FIDO 2 Error Message : Request timed out, please try again]]

This is the log output

arshadnoor commented 2 years ago

Soumyajit,

The expectation is to see far more detail than what you've sent. You can either choose to send the entire server.log file that includes the full preregister and register webservice requests, or you can choose to copy-paste just the log messages that cover the preregister and register requests.

To do the latter, you can follow these steps:

1) In a Shell terminal, change directory to the folder where Payara logs are maintained: /usr/local/strongkey/payara5/glassfish/domains/domain1/logs/

2) Run the "tail -f server.log" command in that directory;

3) Press the Enter key a few times to insert some blank lines at the end of the log output;

4) Perform a registration operation on the client device (which will cover preregister and register). This will generate a fair number of log messages, including the failure you're seeing;

5) Copy-paste all the messages from where you inserted the blank lines in your Shell window, till the end of the log output after the completion of the register request.

That is the detail that we need to see.

On 6/12/22 7:45 PM, Soumyajit Dutta wrote:

`[2022-06-13T00:00:03.139+0000] [Payara 5.2020.7] [INFO] [] [] [tid: _ThreadID=234 _ThreadName=ejb-thread-pool14] [timeMillis: 1655078403139] [levelValue: 800] [[ w20Chqw5phZO2MRKRf7uOylSI9D1vs0hduCZbwyM3rByH2SQ-7mnxf-KKlLAbNlynqwZDAV3-t5d0NSsEXWd7hTsgu9GTx8_lLa1vAegWT1VqA6B21Vw_C7wZkiD5tDNGxLnSmzq5dbxAa-4kGjd86zoPKym3uhNeVsKM0IFJ6zxTyeaKihdTk6kDiAeZIZpItihh2SpWBRYhmo19mI51RrzIQ3wzF-kSLNJ63qmVu182bm6F9EvsT7G-eSlcmX9Zz9EKGMWxCOcTUG4Xin7CS1clLieqO09vHZtlcCcjoZt8yiK1St05Dv961oLIZ_P5SLseO1MA-3ZqJhHplqQ]]

[2022-06-13T00:00:03.150+0000] [Payara 5.2020.7] [INFO] [] [] [tid: _ThreadID=234 _ThreadName=__ejb-thread-pool14] [timeMillis: 1655078403150] [levelValue: 800] [[ Certificate valid]]

[2022-06-13T00:00:03.162+0000] [Payara 5.2020.7] [INFO] [] [] [tid: _ThreadID=234 _ThreadName=__ejb-thread-pool14] [timeMillis: 1655078403162] [levelValue: 800] [[ Signature Verified!!]]`

PFA

— Reply to this email directly, view it on GitHub https://github.com/StrongKey/fido2/issues/197#issuecomment-1153402754, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABWSVTSGCD5CZERM4ZKJCWLVO2OERANCNFSM5YN6U7KQ. You are receiving this because you are subscribed to this thread.Message ID: @.***>

sanudatta11 commented 2 years ago

server.log

PFA

sanudatta11 commented 2 years ago

Logs for trying from IOS sample app


[2022-06-13T13:21:08.663+0000] [Payara 5.2020.7] [INFO] [APPL-MSG-1000] [APPL] [tid: _ThreadID=68 _ThreadName=http-thread-pool::http-listener-2(5)] [timeMillis: 1655126468663] [levelValue: 800] [[
  APPL-MSG-1000: Informational Message: request user: cn=FidoRegistrationService-AuthorizedServiceCredentials,did=1,ou=groups,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com (cn=svcfidouser,did=1,ou=users,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com)]]

[2022-06-13T13:21:08.668+0000] [Payara 5.2020.7] [INFO] [FIDO-MSG-0001] [SKFS] [tid: _ThreadID=68 _ThreadName=http-thread-pool::http-listener-2(5)] [timeMillis: 1655126468668] [levelValue: 800] [[
  FIDO-MSG-0001: Received preregister request; Input: [TXID=68-1655126468668]
 did=1
 svcusername=svcfidouser
 protocol=FIDO2_0
 username=testgithub
 displayname=Initial KeyappleDebugPlatformKeyFlag
 options={"attestation":"direct"}
 extensions={}]]

[2022-06-13T13:21:08.686+0000] [Payara 5.2020.7] [INFO] [FIDO-MSG-0002] [SKFS] [tid: _ThreadID=68 _ThreadName=http-thread-pool::http-listener-2(5)] [timeMillis: 1655126468686] [levelValue: 800] [[
  FIDO-MSG-0002: Done with preregister request; Output: [TXID=68-1655126468668, START=1655126468668, FINISH=1655126468686, TTC=18]
FIDO2Registration Challenge parameters = {"Response":{"rp":{"name":"FIDOServer","id":"strongkey.com"},"user":{"name":"testgithub","id":"DhAh3l3LKNxVt3JbHqALPvArWO1dVfC3STu2pAlogrU","displayName":"Initial KeyappleDebugPlatformKeyFlag"},"challenge":"iQ0wmnQLX0ENQRF1i0S-VA","pubKeyCredParams":[{"type":"public-key","alg":-7},{"type":"public-key","alg":-35},{"type":"public-key","alg":-36},{"type":"public-key","alg":-8},{"type":"public-key","alg":-47},{"type":"public-key","alg":-257},{"type":"public-key","alg":-258},{"type":"public-key","alg":-259},{"type":"public-key","alg":-37},{"type":"public-key","alg":-38},{"type":"public-key","alg":-38}],"excludeCredentials":[],"attestation":"direct"}}]]

[2022-06-13T13:22:48.912+0000] [Payara 5.2020.7] [INFO] [APPL-MSG-1000] [APPL] [tid: _ThreadID=69 _ThreadName=http-thread-pool::http-listener-2(6)] [timeMillis: 1655126568912] [levelValue: 800] [[
  APPL-MSG-1000: Informational Message: request user: cn=FidoRegistrationService-AuthorizedServiceCredentials,did=1,ou=groups,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com (cn=svcfidouser,did=1,ou=users,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com)]]

[2022-06-13T13:22:48.913+0000] [Payara 5.2020.7] [INFO] [FIDO-MSG-0001] [SKFS] [tid: _ThreadID=69 _ThreadName=http-thread-pool::http-listener-2(6)] [timeMillis: 1655126568913] [levelValue: 800] [[
  FIDO-MSG-0001: Received preregister request; Input: [TXID=69-1655126568913]
 did=1
 svcusername=svcfidouser
 protocol=FIDO2_0
 username=test123
 displayname=Initial KeyappleDebugPlatformKeyFlag
 options={"attestation":"direct"}
 extensions={}]]

[2022-06-13T13:22:48.920+0000] [Payara 5.2020.7] [INFO] [FIDO-MSG-0002] [SKFS] [tid: _ThreadID=69 _ThreadName=http-thread-pool::http-listener-2(6)] [timeMillis: 1655126568920] [levelValue: 800] [[
  FIDO-MSG-0002: Done with preregister request; Output: [TXID=69-1655126568913, START=1655126568913, FINISH=1655126568920, TTC=7]
FIDO2Registration Challenge parameters = {"Response":{"rp":{"name":"FIDOServer","id":"strongkey.com"},"user":{"name":"test123","id":"nwJuNiaEBsjjka3bETrKS6k6NoSSgUJ7RhE8_f8_kgw","displayName":"Initial KeyappleDebugPlatformKeyFlag"},"challenge":"3g4j3g7Zoj8VnCrtECDl7Q","pubKeyCredParams":[{"type":"public-key","alg":-7},{"type":"public-key","alg":-35},{"type":"public-key","alg":-36},{"type":"public-key","alg":-8},{"type":"public-key","alg":-47},{"type":"public-key","alg":-257},{"type":"public-key","alg":-258},{"type":"public-key","alg":-259},{"type":"public-key","alg":-37},{"type":"public-key","alg":-38},{"type":"public-key","alg":-38}],"excludeCredentials":[],"attestation":"direct"}}]]

[2022-06-13T13:22:58.621+0000] [Payara 5.2020.7] [INFO] [APPL-MSG-1000] [APPL] [tid: _ThreadID=67 _ThreadName=http-thread-pool::http-listener-2(4)] [timeMillis: 1655126578621] [levelValue: 800] [[
  APPL-MSG-1000: Informational Message: request user: cn=FidoRegistrationService-AuthorizedServiceCredentials,did=1,ou=groups,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com (cn=svcfidouser,did=1,ou=users,ou=v2,ou=SKCE,ou=StrongAuth,ou=Applications,dc=strongauth,dc=com)]]

[2022-06-13T13:22:58.621+0000] [Payara 5.2020.7] [INFO] [FIDO-MSG-0003] [SKFS] [tid: _ThreadID=67 _ThreadName=http-thread-pool::http-listener-2(4)] [timeMillis: 1655126578621] [levelValue: 800] [[
  FIDO-MSG-0003: Received register request; Input: [TXID=67-1655126578621]
 did=1
 svcusername=svcfidouser
 protocol=FIDO2_0
 response={"id":"0kokmpryALEN0lHA0-tH8FXmBJ8","type":"public-key","rawId":"0kokmpryALEN0lHA0-tH8FXmBJ8","response":{"clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiM2c0ajNnN1pvajhWbkNydEVDRGw3USIsIm9yaWdpbiI6Imh0dHBzOi8va2V5dmFsdWUuc3lzdGVtcyJ9","attestationObject":"o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YViY2pvfDjvYYCbhvrcnqeBVI3zHnqq1dWxrJ4AyiRA743lFAAAAAAAAAAAAAAAAAAAAAAAAAAAAFNJKJJqa8gCxDdJRwNPrR_BV5gSfpQECAyYgASFYIPbh0LULe1ikb2GZMPzj0-yktzchikXliwdiUMPJ_hvPIlggHrgdcRuH20Vb9InKT-zEw2Mqt-EKjg6SPdU468Xx_5k"}}
 metadata={"version":"1.0","create_location":"Sunnyvale, CA","origin":"https://demo4.strongkey.com","username":"test123"}]]

[2022-06-13T13:22:58.625+0000] [Payara 5.2020.7] [SEVERE] [] [] [tid: _ThreadID=67 _ThreadName=http-thread-pool::http-listener-2(4)] [timeMillis: 1655126578625] [levelValue: 1000] [[
  com.strongkey.skfs.utilities.SKIllegalArgumentException: Invalid Origin: https://keyvalue.systems != https://demo4.strongkey.com
    at com.strongkey.skfs.txbeans.FIDO2RegistrationBean.verifyOrigin(FIDO2RegistrationBean.java:328)
    at com.strongkey.skfs.txbeans.FIDO2RegistrationBean.execute(FIDO2RegistrationBean.java:99)
    at sun.reflect.GeneratedMethodAccessor400.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.glassfish.ejb.security.application.EJBSecurityManager.runMethod(EJBSecurityManager.java:588)
    at org.glassfish.ejb.security.application.EJBSecurityManager.invoke(EJBSecurityManager.java:408)
    at com.sun.ejb.containers.BaseContainer.invokeBeanMethod(BaseContainer.java:4826)
    at com.sun.ejb.EjbInvocation.invokeBeanMethod(EjbInvocation.java:665)
    at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:834)
    at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:615)
    at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.doCall(SystemInterceptorProxy.java:163)
    at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.aroundInvoke(SystemInterceptorProxy.java:140)
    at sun.reflect.GeneratedMethodAccessor103.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:888)
    at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:833)
    at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:615)
    at org.jboss.weld.module.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:72)
    at org.jboss.weld.module.ejb.SessionBeanInterceptor.aroundInvoke(SessionBeanInterceptor.java:52)
    at sun.reflect.GeneratedMethodAccessor102.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:888)
    at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:833)
    at com.sun.ejb.containers.interceptors.InterceptorManager.intercept(InterceptorManager.java:375)
    at com.sun.ejb.containers.BaseContainer.__intercept(BaseContainer.java:4798)
    at com.sun.ejb.containers.BaseContainer.intercept(BaseContainer.java:4786)
    at com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:212)
    at com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:90)
    at com.sun.proxy.$Proxy403.execute(Unknown Source)
    at com.strongkey.skfs.txbeans.u2fServletHelperBean.register(u2fServletHelperBean.java:423)
    at sun.reflect.GeneratedMethodAccessor399.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.glassfish.ejb.security.application.EJBSecurityManager.runMethod(EJBSecurityManager.java:588)
    at org.glassfish.ejb.security.application.EJBSecurityManager.invoke(EJBSecurityManager.java:408)
    at com.sun.ejb.containers.BaseContainer.invokeBeanMethod(BaseContainer.java:4826)
    at com.sun.ejb.EjbInvocation.invokeBeanMethod(EjbInvocation.java:665)
    at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:834)
    at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:615)
    at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.doCall(SystemInterceptorProxy.java:163)
    at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.aroundInvoke(SystemInterceptorProxy.java:140)
    at sun.reflect.GeneratedMethodAccessor103.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:888)
    at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:833)
    at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:615)
    at org.jboss.weld.module.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:81)
    at org.jboss.weld.module.ejb.SessionBeanInterceptor.aroundInvoke(SessionBeanInterceptor.java:52)
    at sun.reflect.GeneratedMethodAccessor102.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:888)
    at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:833)
    at com.sun.ejb.containers.interceptors.InterceptorManager.intercept(InterceptorManager.java:375)
    at com.sun.ejb.containers.BaseContainer.__intercept(BaseContainer.java:4798)
    at com.sun.ejb.containers.BaseContainer.intercept(BaseContainer.java:4786)
    at com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:212)
    at com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:90)
    at com.sun.proxy.$Proxy389.register(Unknown Source)
    at com.strongkey.skfs.rest.SKFSServlet.register(SKFSServlet.java:240)
    at sun.reflect.GeneratedMethodAccessor373.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:52)
    at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:124)
    at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:167)
    at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:176)
    at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:79)
    at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:469)
    at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:391)
    at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:80)
    at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:253)
    at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248)
    at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244)
    at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
    at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
    at org.glassfish.jersey.internal.Errors.process(Errors.java:244)
    at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265)
    at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:232)
    at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:680)
    at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:394)
    at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:346)
    at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:366)
    at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:319)
    at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:205)
    at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1636)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:259)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
    at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:757)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:577)
    at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:99)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:158)
    at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:371)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:238)
    at com.sun.enterprise.v3.services.impl.ContainerMapper$HttpHandlerCallable.call(ContainerMapper.java:520)
    at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:217)
    at org.glassfish.grizzly.http.server.HttpHandler$1.run(HttpHandler.java:200)
    at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:569)
    at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:549)
    at java.lang.Thread.run(Thread.java:748)
]]

[2022-06-13T13:22:58.625+0000] [Payara 5.2020.7] [SEVERE] [] [SKFS] [tid: _ThreadID=67 _ThreadName=http-thread-pool::http-listener-2(4)] [timeMillis: 1655126578625] [levelValue: 1000] [[
  FIDO-ERR-2001: FIDO 2 Error Message : Invalid Origin: https://keyvalue.systems != https://demo4.strongkey.com]]

pattycakelol commented 2 years ago

Hi @sanudatta11,

It seems that in your server logs the username found in your register requests is different than the user you used in your preregister request. May I ask what you are using to send these requests?
The demo4 openapi is only used as an example for how a request should be structured. You will not be able to complete a registration because there is no FIDO simulator used in this process.
For your IOS app, are you using the app as is or are you rebuilding it?

sanudatta11 commented 2 years ago

We tried with many possible combinations but the tail log for the ios app is an actual username password api call.
Ok. How to verify and use register request then
We are using the app by changing the api endpoint from demo to our api server .

sanudatta11 commented 2 years ago

Attaching the log after we changed the origin in the IOS App server_2.log

sanudatta11 commented 2 years ago

I have a question. Right now with the IOS we are facing a RPID mismatch error. How do we change the RPID. We have tried changing it in the upgrade script and running it but it didn't update it

  FIDO-ERR-2001: FIDO 2 Error Message :  RPID Hash invalid]]

sanudatta11 commented 2 years ago

I changed the RPID in install-skfs script and ran it on a new server, but it gave out LDAP error below

Importing default users...
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Importing default users...
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Importing default users...
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Importing default users...
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Importing default users...
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Importing default users...
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Importing default users...
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Deploying StrongKey FidoServer ... Application deployed with name fidoserver.
Command deploy executed successfully.

The above issue resulted in svcfido user not getting created and thus the pre register call fails with error

FIDO-ERR-0003: Error during calling web service: SKCEWS-ERR-3055: Invalid user: svcfidouser]]

arshadnoor commented 2 years ago

Soumyajit,

Which version of the SKFS are you using?

On 6/14/22 7:24 AM, Soumyajit Dutta wrote:

I changed the RPID in install-skfs script and ran it on a new server, but it gave out LDAP error below

|Importing default users... ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) Importing default users... ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) Importing default users... ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) Importing default users... ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) Importing default users... ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) Importing default users... ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) Importing default users... ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) Deploying StrongKey FidoServer ... Application deployed with name fidoserver. Command deploy executed successfully. |

The above issue resulted in svcfido user not getting created and thus the pre register call fails with error

||

— Reply to this email directly, view it on GitHub https://github.com/StrongKey/fido2/issues/197#issuecomment-1155263993, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABWSVTVD2NIZEIDNCDFKW2LVPCIY3ANCNFSM5YN6U7KQ. You are receiving this because you commented.Message ID: @.***>

sanudatta11 commented 2 years ago

@arshadnoor The latest. We were able to resolve the LDAP issue. We also were able to change the RPID and attach it to our domain. Right now in IOS we are getting the following error -

[2022-06-15T16:52:36.137+0000] [Payara 5.2020.7] [SEVERE] [] [SKFS] [tid: _ThreadID=67 _ThreadName=http-thread-pool::http-listener-2(3)] [timeMillis: 1655311956137] [levelValue: 1000] [[
  FIDO-ERR-5011: Json could not be parsed : Policy requires counter]]

Attached latest server logs

server.log

push2085 commented 2 years ago

Hi @sanudatta11 ,

Can you give us more detail on what application you are using to test on IOS? Are you testing the web application on safari on IOS? or are you testing a native app running on IOS using passkey?

If it is the native app, is this what is provided by StrongKey in the sample apps? or have you built your own?

If this is the Strongkey sample app, then have you rebuilt the app locally with changes?

From the error logs it looks like the application is using domain id 1 which is the minimal policy that enforces counters (https://docs.strongkey.com/index.php/skfs-home/skfs-administration/skfs-security/skfs-policy/minimal-any-hardware-authenticator) and will reject anything that will not have a counter or if the counter does not increment.

Our FIDO server during installation adds 8 domains to the database with 8 different policies and if you can change the application to use domain 7 (did=7) then it uses a policy that is defined for apple devices that provide either apple or none attestation and this policy makes the counter optional (https://docs.strongkey.com/index.php/skfs-home/skfs-administration/skfs-security/skfs-policy/skfs-policy-restricted-apple-passkey).

So based on your answers above, I can may be point you to the right location to configure the correct domain id.

You can also put logs in FINE mode on the server so that we may be able to get more detailed logs for debugging in the future. One the FIDO server run the following to do so: shell> asadmin set-log-levels SKFS=FINE

Thank you

push2085 commented 1 year ago

Closing this issue as there has not been any update for a long time. Please feel free to reopen this if this is still a problem, The link below also has more information about counters and how to fix the error above, https://docs.strongkey.com/index.php/skfs-home/skfs-troubleshooting/skfs-solutions-for-known-issues/policy-requires-counter

StrongKey / fido2

Fido Register API Failing with timeout #197