search

StrongKey / fido2

Open-source FIDO server, featuring the FIDO2 standard. https://demo4.strongkey.com/getstarted/#/openapi/fido
202 stars 59 forks source link

Error during new user registration at Fidopolicy page #198

Closed Canopus-B closed 2 years ago

Canopus-B commented 2 years ago

Hello all,

I was install SKFS server 4.5.0 and Fidopolicy (at CentOS 7 on the same virtual machine) according to manual FIDO Server (SKFS) Administration Guide Version 4.4.1. and [this instruction] (https://docs.strongkey.com/index.php/skfs-home/skfs-usage/policy-module-demo/skfs-installation-with-fido2-same) Then I was try to register new user by using Ybikey 5 NFC token on separate computer, entering on fidopolicy webpage https://fido.lab.elvis.ru/fidopolicy/ via internet (Firefox browser latest version). In PWD mode with default password I got the next error "NotAllowedError: The request is not allowed by the user agent or the platform in the current context, possibly because the user denied permission", see screenshot (with debug) below fidopolicy fail while register in PWD mode configuration file is: poc-configuration.properties-PWD.txt, Payara log is (for look appropriate part, please find "user777"): server fidopolicy 2.log

In HMAC mode with default Keys I got the next error "An unexpected error occurred", see screenshot below fidopolicy fail while register in HMAC mode configuration file is: poc-configuration.properties-HMAC.txt, Payara log is (for look appropriate part, please find "user555"): server fidopolicy 2.log

I was also check SKFS work by skfsclient java applet, in PASSWORD mode registration is OK: skfsclient with PWD OK.txt but in HMAC mode registration fails: skfsclient with HMAC FAIL.txt. In Payara log the appropriate parts can be found as "user1234" for PWD and "user5678" for HMAC mode.

Do you have any suggestions with this issues?

Canopus-B commented 2 years ago

Hi, all

To make analysis more easy, I was repeat registration after reset Payara server. SKFS server version 4.5.0, address I deployed fidopolicy is https://fido.lab.elvis.ru/fidopolicy. Fidopolicy works in PASSWORD mode, configuration file is poc-configuration.properties-PWD.txt. Error produced by application is "SecurityError: The operation is insecure". Screenshot with debug is below: fidopolicy fail while register in PWD mode 2 (The operation is unsecure) Payara log: server fidopolicy 3.log

I will be glad if you tell me any suggestions on how to fix the problem. Thanks

push2085 commented 2 years ago

I the last error block you posted, it looks like the fido server returned a pre register response but the browser denied it. Can you tell us what OS (this is where the browser is running) and browser you are running these tests on? Can you also update them to latest if they are not and also clean cache and restart the browser before you try this one more time.

Thank you

Canopus-B commented 2 years ago

I the last error block you posted, it looks like the fido server returned a pre register response but the browser denied it. Can you tell us what OS (this is where the browser is running) and browser you are running these tests on? Can you also update them to latest if they are not and also clean cache and restart the browser before you try this one more time.

Thank you

I was resolve the issue by try these test on Google Chrome browser (previous was on Firefox latest version). Below screenshot fidopolicy fail while register in PWD mode 3 (problem with rpId) and I was find the same problem, yet resolved https://github.com/StrongKey/fido2/issues/102 So, this issue can be closed.

Thank you